Lucene search
+L

68 matches found

OSV
OSV
added 2026/07/07 11:45 a.m.5 views

PYSEC-2026-1292 dbt allows Binding to an Unrestricted IP Address via socketsocket

Summary Binding to INADDRANY 0.0.0.0 or IN6ADDRANY :: exposes an application on all network interfaces, increasing the risk of unauthorized access. While doing some static analysis and code inspection, I found the following code binding a socket to INADDRANY by passing "" as the address. This...

5.3CVSS5.8AI score0.0071EPSS
Exploits0References15
OSV
OSV
added 2026/06/30 6:18 p.m.5 views

GHSA-WMGG-3P4H-48X7 Fission Environment CRD PodSpec Injection Leading to Node Escape and Cluster Takeover

Summary A stronger framing of the same root cause as GHSA-gx55-f84r-v3r7: the Environment.spec.runtime.podSpec / spec.builder.podSpec passthrough lacked validation, and MergePodSpec propagated dangerous fields into the generated pods. Details Three independent flaws compounded: 1. Validate gap...

9.9CVSS5.8AI score0.003EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.19 views

PT-2026-50740

Name of the Vulnerable Software and Affected Versions Zitadel versions 4.0.0 through 4.15.1 Zitadel versions 3.0.0 through 3.4.11 Description A Server-Side Request Forgery SSRF issue exists in components that handle outgoing HTTP requests, specifically HTTP Notification Channels, OIDC BackChannel...

2.3CVSS6AI score0.00252EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.15 views

PT-2026-48465

Summary Server-Side Request Forgery SSRF vulnerability in Erlang/OTP ftp ftp internal module allows FTP bounce attacks and SSRF via an unvalidated PASV response IP address. The ftp internal:handle ctrl result/2 PASV handler mode=passive, ipfamily=inet, ftp extension=false extracts the IP address...

6.3CVSS5.6AI score0.00234EPSS
Exploits0References7
NCSC
NCSC
added 2026/06/09 5:44 p.m.19 views

Vulnerabilities in Microsoft Windows

Microsoft has fixed a large number of vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to various categories of damage, as described in the tables below. Among these vulnerabilities are about six very serious ones, which Microsoft ha...

9.8CVSS6.1AI score0.48438EPSS
Exploits5
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.20 views

PT-2026-47937

Name of the Vulnerable Software and Affected Versions Microsoft Office Excel affected versions not specified Description An out-of-bounds read allows an unauthorized attacker to disclose sensitive information over a network, which may subsequently affect the system. An out-of-bounds read occurs...

8.2CVSS5.7AI score0.00518EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.10 views

Microsoft Copilot Chat (Microsoft Edge) 输入验证错误漏洞

Microsoft Copilot Chat is an intelligent dialogue assistant feature integrated into the browser by Microsoft Corporation. Microsoft Copilot Chat has a injection vulnerability, which stems from improper neutralization of special elements in the output of downstream components. This vulnerability...

7.5CVSS5.7AI score0.00732EPSS
Exploits0References1
OSV
OSV
added 2026/06/01 7:53 a.m.4 views

CVE-2026-49267 Apache Airflow: No certificate validation on SMTP STARTTLS connections

Apache Airflow's EmailOperator and the underlying airflow.utils.email helpers established SMTP STARTTLS connections without verifying the remote certificate when the deployment used email smtpstarttls=True without email smtpssl. An attacker positioned between the worker and the configured SMTP...

5.9CVSS6.1AI score0.00185EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/05/28 2:14 p.m.11 views

CVE-2026-36539

Netis AC1200 Router NC21 V4.0.1.4296 exposes a CGI endpoint /cgi-bin/skkget.cgi that returns the entire router configuration as a JSON response with no authentication required. Any attacker on the LAN can send a single HTTP GET request and instantly retrieve administrator credentials, WiFi...

7.3CVSS5.8AI score0.00358EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 5:9 p.m.43 views

CVE-2026-45717 Budibase: `PUT /api/datasources/:datasourceId` is protected only by `TABLE/READ` permission instead of builder access, allowing any authenticated app user to overwrite datasource connection parameters including host, port, and URL.

Budibase is an open-source low-code platform. Prior to 3.38.1, Budibase exposes a REST API for datasource management. The route PUT /api/datasources/:datasourceId is registered in the authorizedRoutes group with TABLE/READ permission. This is the same authorization level as the read endpoint GET...

8.8CVSS0.00251EPSS
Exploits0References2
CVE
CVE
added 2026/05/26 8:59 p.m.28 views

CVE-2026-47672

CVE-2026-47672 affects the Java client epa4all-client for epa4all/ePA 3.0. In version 1.2.4 and earlier, a network-reachable caller can write arbitrary documents to any patient electronic health record (EHR) accessible by the institution’s SMC-B card. In misconfigured deployments (e.g., following...

6.5CVSS5.9AI score0.00162EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.15 views

PT-2026-42994

An OS Command Injection vulnerability exists in Aterm. If a malicious third person gains administrator access to the product’s web console, they may be able to execute arbitrary OS commands via adjacent network...

8.5CVSS6AI score0.00722EPSS
Exploits0References1
OSV
OSV
added 2026/05/19 3:51 p.m.18 views

GHSA-6M52-M754-PW2G Nuxt: Dev server exposes built source over LAN to malicious sites (incomplete fix for GHSA-4gf7-ff8x-hq99)

Summary This is an incomplete fix for GHSA-4gf7-ff8x-hq99. Source code may be stolen during dev when using the webpack / rspack builder if the dev server is bound to a non-loopback address e.g. nuxt dev --host and the developer opens a malicious site on the same network. Details The fix for...

5.9CVSS5.8AI score0.0028EPSS
Exploits2References5
OSV
OSV
added 2026/05/19 2:44 p.m.8 views

GHSA-Q862-GCGQ-5M6G HAXcms createSite SSRF Enables Arbitrary File Read

Summary An authenticated Server-Side Request Forgery SSRF vulnerability in HAXcms allows users to fetch arbitrary internal or local resources and write the responses to a web-accessible directory, enabling arbitrary file read and internal network access. Details The createSite endpoint in HAXcms...

7.1CVSS5.9AI score0.00238EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/15 5:59 p.m.21 views

Budibase: `PUT /api/datasources/:datasourceId` is protected only by `TABLE/READ` permission instead of builder access, allowing any authenticated app user to overwrite datasource connection parameters including host, port, and URL

Summary Budibase exposes a REST API for datasource management. The route PUT /api/datasources/:datasourceId is registered in the authorizedRoutes group with TABLE/READ permission. This is the same authorization level as the read endpoint GET /api/datasources/:datasourceId. Every authenticated...

8.8CVSS6.1AI score0.00251EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/05/11 6:31 p.m.13 views

EUVD-2026-29093

A Server-Side Request Forgery SSRF vulnerability exists in MLflow versions prior to 3.9.0. The createwebhook function in mlflow/server/handlers.py accepts a user-controlled url parameter without validation, and the sendwebhookrequest function in mlflow/webhooks/delivery.py sends HTTP POST request...

7.1CVSS6AI score0.00288EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/05/11 4:30 p.m.13 views

CVE-2026-2393

A Server-Side Request Forgery SSRF vulnerability exists in MLflow versions prior to 3.9.0. The createwebhook function in mlflow/server/handlers.py accepts a user-controlled url parameter without validation, and the sendwebhookrequest function in mlflow/webhooks/delivery.py sends HTTP POST request...

7.1CVSS7.3AI score0.00288EPSS
Exploits1References3
NVD
NVD
added 2026/04/30 10:16 p.m.5 views

CVE-2026-6543

IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow allows an attacker to execute arbitrary commands with the privileges of the process running Langflow. This allows reading sensitive environment variables API keys, DB credentials, modifying files, or launching further attacks on the internal netwo...

8.8CVSS0.0047EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/30 9:11 p.m.7 views

CVE-2026-6543 Authenticated Remote Code Execution Vulnerability in Langflow Code Validation Endpoint

IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow allows an attacker to execute arbitrary commands with the privileges of the process running Langflow. This allows reading sensitive environment variables API keys, DB credentials, modifying files, or launching further attacks on the internal netwo...

8.8CVSS6AI score0.0047EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/23 12:0 a.m.10 views

Microsoft M365 Copilot 输入验证错误漏洞

Microsoft M365 Copilot is an AI-driven productivity tool developed by Microsoft Corporation. Microsoft M365 Copilot has a vulnerability related to input validation, which stems from URL redirection to untrusted sites. This vulnerability could allow unauthorized attackers to gain elevated privileg...

9.3CVSS5.8AI score0.00398EPSS
Exploits0References2
Rows per page
Query Builder