Lucene search
K

1408 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:39 p.m.9 views

CVE-2026-7439

AgentFlow's local web API accepts non-JSON content types on POST /api/runs and POST /api/runs/validate endpoints without enforcing application/json validation, allowing attackers to bypass trust-boundary enforcement on sensitive operations. Attackers can exploit this content-type validation...

4.8CVSS5.5AI score0.00089EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:32 p.m.12 views

CVE-2026-6932

The Woo Commerce Minimum Weight plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 3.0.1. This is due to missing nonce verification on the settings update handler in edit-weight.php. This makes it possible for unauthenticated attackers to modify t...

4.3CVSS5.4AI score0.00132EPSS
Exploits0References1
CISA KEV Catalog
CISA KEV Catalog
added 2026/06/05 12:0 a.m.14 views

SolarWinds Serv-U Uncontrolled Resource Consumption Vulnerability

SolarWinds Serv-U contains an uncontrolled resource consumption vulnerability that allows specially crafted POST requests using the Content-Encoding: deflate header to crash the Serv-U service without authentication...

7.5CVSS5.5AI score0.10659EPSS
In wildExploits2
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.12 views

Open XDMoD 访问控制错误漏洞

Open XDMoD is an open-source tool developed by the Center for Computational Research for managing high-performance computing resources. Versions of Open XDMoD prior to 11.0.3 contained a access control vulnerability. This vulnerability stemmed from a flaw in the access control logic, allowing...

5.3CVSS5.4AI score0.00236EPSS
Exploits0References4
NVD
NVD
added 2026/06/04 3:16 p.m.15 views

CVE-2026-28318

SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without authentication using Content-Encoding: deflate. Mitigation steps are provided to secure customer environments in the SolarWinds Trust Center if you are unable to deploy the update...

7.5CVSS0.10659EPSS
Exploits2References3
EUVD
EUVD
added 2026/06/04 2:5 p.m.16 views

EUVD-2026-34268

SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without authentication using Content-Encoding: deflate. Mitigation steps are provided to secure customer environments in the SolarWinds Trust Center if you are unable to deploy the update...

7.5CVSS5.8AI score0.10659EPSS
Exploits2References2
CVE
CVE
added 2026/06/04 2:5 p.m.160 views

CVE-2026-28318

SolarWinds Serv-U is affected by an unauthenticated Denial of Service vulnerability triggered by specially crafted POST requests with Content-Encoding: deflate. The issue can crash the Serv-U service, with exploitation observed in reports and advisories. SolarWinds has released a hotfix and mitig...

7.5CVSS5.8AI score0.10659EPSS
In wildExploits2References3Affected Software1
EUVD
EUVD
added 2026/06/04 1:22 p.m.11 views

EUVD-2019-20167

Zuz Music 2.1 contains a persistent cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious JavaScript by submitting crafted contact form data. Attackers can inject script code through the name, subject, and message parameters in POST requests to...

7.2CVSS5.7AI score0.00211EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.6 views

SolarWinds Serv-U 资源管理错误漏洞

SolarWinds Serv-U is an FTP File Transfer Protocol server software developed by the American company SolarWinds. SolarWinds Serv-U has a resource management vulnerability that stems from unvalidated POST requests using the Content-Encoding: deflate header, which can lead to service crashes...

7.5CVSS5.8AI score0.10659EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2026/06/03 12:0 a.m.8 views

CVE-2026-36613

Mercusys AC12G EU V1 with firmware AC12GEUV1200909 returns 128 bytes of uninitialized internal buffer contents when receiving HTTP POST requests to undefined paths, exposing server state to unauthenticated adjacent network attackers...

5.9AI score0.00159EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.18 views

PT-2026-46239

Name of the Vulnerable Software and Affected Versions SolarWinds Serv-U versions prior to 15.5.4 Hotfix 1 Description SolarWinds Serv-U is susceptible to uncontrolled resource consumption when processing compressed HTTP request bodies. An unauthenticated remote attacker can trigger a...

7.8CVSS6.1AI score0.10659EPSS
Exploits2References78
ATTACKERKB
ATTACKERKB
added 2026/06/03 12:0 a.m.6 views

CVE-2026-36613

Mercusys AC12G EU V1 with firmware AC12GEUV1200909 returns 128 bytes of uninitialized internal buffer contents when receiving HTTP POST requests to undefined paths, exposing server state to unauthenticated adjacent network attackers...

4.3CVSS5.9AI score0.00159EPSS
Exploits0References2
CVE
CVE
added 2026/06/03 12:0 a.m.16 views

CVE-2026-36611

CVE-2026-36611 affects Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909. When the device processes UPnP POST requests on port 1900 without a SOAPAction header, it returns 128 bytes of uninitialized memory, exposing internal data to unauthenticated adjacent-network attackers. The NVD/NVD-d...

7.3CVSS5.9AI score0.00231EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/03 12:0 a.m.9 views

docker-wkhtmltopdf-aas 安全漏洞

Docker-WKHTMLTOPDF-AAS is an open-source tool developed by Openlabs that converts HTML into PDF via a web-based service. Previous versions of Docker-WKHTMLTOPDF-AAS, including version 9f50579, had security vulnerabilities. These vulnerabilities stemmed from the app.py component, which allowed for...

9.8CVSS5.9AI score0.01491EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/02 11:53 p.m.18 views

CVE-2026-44579

A flaw was found in Next.js. Applications utilizing Partial Prerendering via the Cache Components feature are susceptible to connection exhaustion. A remote attacker can send crafted POST requests to a server action, triggering a request-body handling deadlock. This leaves connections open,...

7.5CVSS5.7AI score0.00509EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/06/02 12:0 a.m.10 views

CVE-2026-35716

A stack-based buffer overflow in the motionprivacy.cgi binary in VIVOTEK FD8136 firmware FD8136-VVTK-0300a allows authenticated remote attackers to execute arbitrary code as root via an oversized n1 parameter in a POST request to the /cgi-bin/admin/setpm.cgi, /cgi-bin/admin/setmd.cgi, or...

6.5AI score0.00322EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.4 views

authentik 授权问题漏洞

Authentik is an open-source identity provisioning application. Versions of Authentik before 2025.12.6, 2026.2.4, and 2026.5.1 have vulnerabilities related to authorization. These vulnerabilities stem from the possibility of sending empty POST requests, which may bypass the authentication phase...

9.8CVSS5.5AI score0.0036EPSS
Exploits1References1
Snyk
Snyk
added 2026/05/29 10:9 p.m.11 views

Sequence of Processor Instructions Leads to Unexpected Behavior

Overview admidio/admidio is a free open source user management system for websites of organizations and groups. Affected versions of this package are vulnerable to Sequence of Processor Instructions Leads to Unexpected Behavior through the fielddelete process. An attacker can permanently remove...

7.1CVSS5.8AI score0.00029EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/29 1:13 p.m.13 views

EUVD-2026-33309

WWBN AVideo is an open source video platform. In 29.0 and earlier, there is a cross-site request forgery vulnerability on the 2FA toggle. plugin/LoginControl/set.json.php accepts POST type=set2FA value=false, calls LoginControl::setUser2FAUser::getId, false on the session-authenticated user, and...

5.7CVSS5.7AI score0.0011EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.19 views

PT-2026-44797

A flaw was found in the Quay config-tool's GitLab OAuth validator. This vulnerability causes sensitive credentials, specifically client id and client secret, to be transmitted as plaintext in URL query parameters during POST requests to the GitLab endpoint. This insecure transmission can lead to...

2.7CVSS5.7AI score0.00196EPSS
Exploits0References3
Rows per page
Query Builder