Lucene search
K

7 matches found

EUVD
EUVD
added 5 hours ago5 views

EUVD-2026-40627

Capgo before 12.128.2 contains a NULL-auth bypass vulnerability in the public.getorguseraccessrbac function that allows unauthenticated attackers to retrieve RBAC role bindings and member email addresses. Attackers can exploit improper NULL comparison in the authorization gate to disclose...

8.7CVSS5.7AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/03/18 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-27977

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Next.js is a React framework for building full-stack web applications. Starting in version 16.0.1 and prior to version 16.1.7, in next dev, cross-site protectio...

5.4CVSS5.7AI score0.00171EPSS
Exploits1References2
OSV
OSV
added 2026/03/17 11:56 p.m.6 views

CVE-2026-27977 Next.js: null origin can bypass dev HMR websocket CSRF checks

Next.js is a React framework for building full-stack web applications. Starting in version 16.0.1 and prior to version 16.1.7, in next dev, cross-site protection for internal websocket endpoints could treat Origin: null as a bypass case even if allowedDevOrigins is configured, allowing...

2.3CVSS5.8AI score0.00171EPSS
Exploits1References5
OSV
OSV
added 2026/03/17 3:29 p.m.6 views

GHSA-JCC7-9WPM-MJ36 Next.js: null origin can bypass dev HMR websocket CSRF checks

Summary In next dev, cross-site protections for internal development endpoints could treat Origin: null as a bypass case even when allowedDevOrigins is configured. This could allow privacy-sensitive or opaque browser contexts, such as sandboxed documents, to access privileged internal dev-server...

2.3CVSS5.8AI score0.00171EPSS
Exploits1References5
OSV
OSV
added 2025/09/04 7:44 a.m.11 views

USN-7648-3 php7.0, php7.2, php7.4 regression

USN-7648-2 fixed vulnerabilities in PHP. The patch for CVE-2025-1735 caused a regression in php7.0, php7.2 and php7.4. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that PHP incorrectly handled certain hostnames containing null...

7.5CVSS7.3AI score0.00953EPSS
Exploits0References3
Ubuntu
Ubuntu
added 2025/08/21 7:18 p.m.10 views

USN-7648-2: PHP vulnerabilities

USN-7648-1 fixed several vulnerabilities in PHP. This update provides the corresponding updates for Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Original advisory details: It was discovered that PHP incorrectly handled certain hostnames containing null characters. A remote attacker...

7.5CVSS6.8AI score0.00953EPSS
Exploits2
OSV
OSV
added 2025/07/17 3:25 p.m.15 views

USN-7648-1 php8.1, php8.3, php8.4 vulnerabilities

It was discovered that PHP incorrectly handled certain hostnames containing null characters. A remote attacker could possibly use this issue to bypass certain hostname validation checks. CVE-2025-1220 It was discovered that PHP incorrectly handled the pgsql and pdopgsql escaping functions. A remo...

7.5CVSS6.9AI score0.00953EPSS
Exploits2References4
Rows per page
Query Builder