Lucene search
K

3513 matches found

Nuclei
Nuclei
added 9 hours ago73 views

Vite Dev Server - Information Exposure

Vite is a frontend tooling framework for JavaScript. Before versions 6.3.4, 6.2.7, 6.1.6, 5.4.19, and 4.5.14, the contents of files in the project root that are denied by a file matching pattern can be returned to the browser. Only apps explicitly exposing the Vite dev server to the network using...

6CVSS6.1AI score0.01077EPSS
Exploits1References2
NVD
NVD
added yesterday8 views

CVE-2026-41878

R-SOFT DMS is vulnerable to Insecure Direct Object Reference IDOR attack in multiple file download endpoints. The application fetches files from the database by ID and serves them to whoever requests them, relying only on session authentication, meaning any valid user can access any file. This...

7.1CVSS0.0047EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2 days ago3 views

CVE-2026-55590

CakePHP Authentication is an authentication plugin for CakePHP that can also be used in PSR-7 based applications. Prior to 2.11.1, 3.3.6, and 4.1.1, the getLoginRedirect method contains a weakness to backslash bypasses that allows redirect targets with attacker-controlled hostnames through the...

5.1CVSS5.9AI score0.00578EPSS
Exploits0References11Affected Software1
Tenable Nessus
Tenable Nessus
added 2 days ago3 views

GitLab 9.1 < 18.11.7 / 19.0 < 19.0.4 / 19.1 < 19.1.2 (CVE-2026-7492)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.1 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an...

5.3CVSS6.2AI score0.00254EPSS
Exploits0References5
CVE
CVE
added 3 days ago9 views

CVE-2026-58254

NATS Server (affected components: leafnode message trace destination checks) could allow a leafnode operator to send trace events to subjects that should be disallowed and use trace-only behavior to interfere with delivery/storage. Root cause: checks were applied to ordinary client connections bu...

5.3CVSS5.9AI score0.00428EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 4 days ago4 views

CVE-2026-55076

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, Coder's OIDC callback checked emailverified with a direct Go bool type assertion. When an IdP returned the claim as a non-boolean for example the string...

7.4CVSS6AI score0.00479EPSS
Exploits0References8Affected Software1
NVD
NVD
added 4 days ago7 views

CVE-2026-45796

Coder allows organizations to provision remote development environments via Terraform. Versions prior tp 2.24.5, 2.29.13, 2.30.8, 2.31.12, 2.32.2, and 2.33.3 are vulnerable to unauthenticated semi-blind Server-Side Request Forgery SSRF via the Azure instance identity endpoint POST...

6.5CVSS0.00335EPSS
Exploits0References9
Cvelist
Cvelist
added 4 days ago37 views

CVE-2026-55434 Coder vulnerable to denial of service via unbounded request body in AI Bridge provider endpoints

Coder allows organizations to provision remote development environments via Terraform. Starting in version 2.33.0 and prior to versions 2.33.8 and 2.34.2, AI Bridge provider handlers read request bodies with io.ReadAll without a maximum size so an authenticated user with AI Bridge access could se...

6.5CVSS0.00552EPSS
Exploits0References4
OSV
OSV
added 4 days ago19 views

ROOT-APP-MAVEN-CVE-2022-42003 CVE-2022-42003 in io.root.com.fasterxml.jackson.core:jackson-databind - Patched by Root

Root has patched CVE-2022-42003 in the io.root.com.fasterxml.jackson.core:jackson-databind package for Root:Maven. Multiple fixed versions available...

7.5CVSS6.8AI score0.02824EPSS
Exploits2
OSV
OSV
added 4 days ago6 views

ROOT-APP-NPM-CVE-2025-48997 CVE-2025-48997 in @rootio/multer - Patched by Root

Root has patched CVE-2025-48997 in the @rootio/multer package for Root:npm. Multiple fixed versions available...

8.7CVSS5.4AI score0.00368EPSS
Exploits0
OSV
OSV
added 4 days ago11 views

ROOT-APP-PYPI-CVE-2025-69230 CVE-2025-69230 in rootio-aiohttp - Patched by Root

Root has patched CVE-2025-69230 in the rootio-aiohttp package for Root:PyPI. Multiple fixed versions available...

5.3CVSS7.1AI score0.00332EPSS
Exploits0
OSV
OSV
added 4 days ago5 views

ROOT-APP-MAVEN-CVE-2026-41726 CVE-2026-41726 in io.root.org.springframework.kafka:spring-kafka - Patched by Root

Root has patched CVE-2026-41726 in the io.root.org.springframework.kafka:spring-kafka package for Root:Maven. Multiple fixed versions available...

6.5CVSS5.8AI score0.00289EPSS
Exploits0
OSV
OSV
added 4 days ago9 views

ROOT-APP-NPM-CVE-2026-48779 CVE-2026-48779 in @rootio/ws - Patched by Root

Root has patched CVE-2026-48779 in the @rootio/ws package for Root:npm. Multiple fixed versions available...

7.5CVSS5.2AI score0.00782EPSS
Exploits1
OSV
OSV
added 4 days ago8 views

ROOT-APP-PYPI-CVE-2026-49853 CVE-2026-49853 in rootio-tornado - Patched by Root

Root has patched CVE-2026-49853 in the rootio-tornado package for Root:PyPI. Multiple fixed versions available...

5.3AI score0.00034EPSS
Exploits0
OSV
OSV
added 4 days ago6 views

ROOT-APP-PYPI-CVE-2025-47287 CVE-2025-47287 in rootio-tornado - Patched by Root

Root has patched CVE-2025-47287 in the rootio-tornado package for Root:PyPI. Multiple fixed versions available...

7.5CVSS7AI score0.00667EPSS
Exploits0
OSV
OSV
added 4 days ago13 views

ROOT-APP-PYPI-CVE-2026-42308 CVE-2026-42308 in rootio-pillow - Patched by Root

Root has patched CVE-2026-42308 in the rootio-pillow package for Root:PyPI. Multiple fixed versions available...

5.5CVSS7.1AI score0.00114EPSS
Exploits0
OSV
OSV
added 4 days ago4 views

ROOT-APP-PYPI-CVE-2024-28219 CVE-2024-28219 in rootio-pillow - Patched by Root

Root has patched CVE-2024-28219 in the rootio-pillow package for Root:PyPI. Multiple fixed versions available...

6.7CVSS6.5AI score0.00989EPSS
Exploits0
NVD
NVD
added 5 days ago6 views

CVE-2026-54763

Traefik is an HTTP reverse proxy and load balancer. Prior to v2.11.51, v3.6.22, and v3.7.6, Traefik's BasicAuth, DigestAuth, and ForwardAuth middlewares strip canonical-cased spoofed identity headers before writing Traefik's own value, but do not account for underscore-variant header names, which...

10CVSS0.00256EPSS
Exploits0References3
OSV
OSV
added 5 days ago4 views

GHSA-75VM-6W67-GWVP Coder's OIDC email_verified type coercion bypass enables account takeover via unverified email linking

Summary Coder's OIDC callback checked emailverified with a direct Go bool type assertion. When an IdP returned the claim as a non-boolean for example the string "false" or omitted it, the assertion failed open and the email was treated as verified. Combined with an unconditional email-based accou...

7.4CVSS5.9AI score0.00479EPSS
Exploits0References2
OSV
OSV
added 5 days ago4 views

ROOT-OS-DEBIAN-12-CVE-2026-32739 CVE-2026-32739 in rootio-libheif - Patched by Root

Root has patched CVE-2026-32739 in the rootio-libheif package for Root:Debian:12. Multiple fixed versions available...

6.5CVSS4.6AI score0.0032EPSS
Exploits1
Rows per page
Query Builder