Lucene search
K

6 matches found

CVE
CVE
added yesterday5 views

CVE-2026-56675

9router prior to version 0.5.2 validates loopback requests as trusted, allowing unauthenticated access to /v1/* endpoints when a reverse proxy on localhost (127.0.0.1) forwards traffic. A remote attacker could reach /v1 APIs (e.g., /v1/models) without an API key, potentially abusing configured up...

8.3CVSS6.1AI score
Exploits0References3
NVD
NVD
added 2026/05/13 7:17 p.m.12 views

CVE-2026-42582

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final, when decoding header blocks, the non-Huffman branch of io.netty.handler.codec.http3.QpackDecoderdecodeHuffmanEncodedLiteral may execute new bytelength for a string literal before verifying that length byt...

7.5CVSS0.00437EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/02/25 12:0 a.m.7 views

PT-2026-21866

Name of the Vulnerable Software and Affected Versions changedetection.io versions prior to 0.54.1 Description The application reflects the UUID path parameter directly in the HTTP response body without HTML escaping in the RSS single-watch endpoint. Because Flask defaults to returning text/html f...

6.1CVSS5.7AI score0.00445EPSS
Exploits1References12
NVD
NVD
added 2025/08/18 6:15 p.m.22 views

CVE-2025-55300

Komari is a lightweight, self-hosted server monitoring tool designed to provide a simple and efficient solution for monitoring server performance. Prior to 1.0.4-fix1, WebSocket upgrader has disabled origin checking, enabling Cross-Site WebSocket Hijacking CSWSH attacks against authenticated user...

8.6CVSS0.00515EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 2:33 a.m.9 views

CVE-2023-1841

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Honeywell MPA2 Access Panel Web server modules allows XSS Using Invalid Characters.This issue affects MPA2 Access Panel all version prior to R1.00.08.05. Honeywell released firmware update package...

8.1CVSS6.1AI score0.00372EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/02/11 12:0 a.m.9 views

PT-2025-6126 · Sap · Sap Netweaver Abap Server

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver Server ABAP versions prior to the fixed version Description: The issue allows an unauthenticated attacker to exploit a vulnerability that causes the server to respond differently based on the existence of a specified user,...

5.3CVSS6.9AI score0.00337EPSS
Exploits0References8
Rows per page
Query Builder