Lucene search
K

1184 matches found

Github Security Blog
Github Security Blog
added 2026/04/22 6:30 a.m.6 views

Spring Security Vulnerable to User Attribute Enumeration when Using DaoAuthenticationProvider

Vulnerability in Spring Spring Security. If an application is using the UserDetailsisEnabled, isAccountNonExpired, or isAccountNonLocked user attributes, to enable, expire, or lock users, then DaoAuthenticationProvider's timing attack defense can be bypassed for users who are disabled, expired, o...

3.7CVSS5.1AI score0.00215EPSS
Exploits0References3Affected Software1
Microsoft CVE
Microsoft CVE
added 2026/04/14 2:0 p.m.5 views

Windows Shell Security Feature Bypass Vulnerability

Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network...

8.8CVSS5.8AI score0.00908EPSS
Exploits0
CVE
CVE
added 2026/04/12 12:28 p.m.9 views

CVE-2018-25258

CVE-2018-25258 affects RGui 3.5.0. The issue is a local buffer overflow in the GUI preferences dialog, enabling DEP bypass via structured exception handling and a stack-based overflow triggered by input in the Language for menus and messages field. This can be exploited to construct a ROP chain f...

8.6CVSS6.5AI score0.00188EPSS
Exploits0References4
OSV
OSV
added 2026/04/10 8:18 p.m.6 views

GHSA-6V7Q-WJVX-W8WG basic-ftp: Incomplete CRLF Injection Protection Allows Arbitrary FTP Command Execution via Credentials and MKD Commands

Summary basic-ftp's CRLF injection protection added in commit 2ecc8e2 for GHSA-chqc-8p9q-pq6q is incomplete. Two code paths bypass the protectWhitespace control character check: 1 the login method directly concatenates user-supplied credentials into USER/PASS FTP commands without any validation,...

8.2CVSS6.2AI score
Exploits0References4
CVE
CVE
added 2026/04/09 9:26 p.m.13 views

CVE-2026-35618

OpenClaw OpenClaw package (Plivo V2 verification) vulnerability CVE-2026-35618 affects OpenClaw before 2026.3.23. The replay protection uses a replay key derived from the full verification URL, including query strings, instead of the base canonical URL. This allows an attacker to mint new verifie...

8.3CVSS6AI score0.00283EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/04/08 10:16 p.m.5 views

CVE-2026-39901

monetr is a budgeting application focused on planning for recurring expenses. Prior to 1.12.3, a transaction integrity flaw allows an authenticated tenant user to soft-delete synced non-manual transactions through the transaction update endpoint, despite the application explicitly blocking deleti...

5.7CVSS0.00292EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/08 2:34 p.m.5 views

CVE-2026-39406

@hono/node-server allows running the Hono application on Node.js. Prior to 1.19.13, a path handling inconsistency in serveStatic allows protected static files to be accessed by using repeated slashes // in the request path. When route-based middleware e.g., /admin/ is used for authorization, the...

5.3CVSS5.9AI score0.00376EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.6 views

PT-2026-31460

Name of the Vulnerable Software and Affected Versions monetr versions prior to 1.12.3 Description A transaction integrity flaw allows an authenticated tenant user to soft-delete synced non-manual transactions through the transaction update endpoint, despite the application explicitly blocking...

5.7CVSS5.8AI score0.00292EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.8 views

monetr 授权问题漏洞

Monetr is an open-source personal budget management application developed by Monetr. Versions of Monetr prior to 1.12.3 had an authorization issue vulnerability. This vulnerability stemmed from a transaction integrity flaw, which could lead to bypassing deletion protection...

5.7CVSS5.8AI score0.00292EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/06 3:9 p.m.31 views

CVE-2026-34208 SandboxJS: Sandbox integrity escape

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.36, SandboxJS blocks direct assignment to global objects for example Math.random = ..., but this protection can be bypassed through an exposed callable constructor path: this.constructor.calltarget, attackerObject. Because this.constructo...

10CVSS0.00561EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/06 12:0 a.m.8 views

SandboxJS 安全漏洞

SandboxJS is a security assessment tool developed by nyariv. Versions of SandboxJS prior to 0.8.36 contained security vulnerabilities; these vulnerabilities stemmed from the ability to bypass global object protection through constructor paths, potentially allowing modification of host global obje...

10CVSS5.8AI score0.00561EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.23 views

Keycloak 安全漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak. There is a security vulnerability in Keycloak. This vulnerability arises from verified users with the UMA protection role being able to bypass UMA policy verification. This could allow attackers to include...

8.1CVSS5.8AI score0.00346EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.3 views

PT-2026-29893

🚨CVE CVE-2026-35000 https://t.co/x6IcOzWR1x versions prior to 0.54.7 contain a protection bypass vulnerability in the SafeXPath3Parser implementation that allows attackers to read arbitrary l… https://t.co/qyCAYVmz24 ----- Traducción: CVE-2026-3500… https://t.co/utmtNgl3sv...

7.1CVSS6AI score0.00282EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/01 5:5 p.m.2 views

CVE-2026-34376 PdfDing: Password-protected share bypass via direct serve endpoint

PdfDing is a selfhosted PDF manager, viewer and editor offering a seamless user experience on multiple devices. Prior to version 1.7.0, an access-control vulnerability allows unauthenticated users to retrieve password-protected shared PDFs by directly calling the file-serving endpoint without...

7.5CVSS5.7AI score0.0037EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.7 views

PT-2026-29588

ChangeDetection.io versions prior to 0.54.7 contain a protection bypass vulnerability in the SafeXPath3Parser implementation that allows attackers to read arbitrary local files by using unblocked XPath 3.0/3.1 functions such as json-doc and similar file-access primitives. Attackers can exploit th...

7.1CVSS6AI score0.00282EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/01 12:0 a.m.6 views

changedetection.io 安全漏洞

Changedetection.io is a website-based application developed by dgtlmoon, designed for change detection, monitoring, and notification. Version 0.54.7 of ChangeDetection.io contained a security vulnerability, which stemmed from a protection bypass in the SafeXPath3Parser implementation. This...

7.1CVSS5.9AI score0.00282EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/28 11:58 a.m.7 views

CVE-2017-20225 TiEmu 2.08 Stack-Based Buffer Overflow Vulnerability

TiEmu 2.08 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting inadequate boundary checks on user-supplied input. Attackers can trigger the overflow through command-line arguments passed to the application, leveraging ROP...

9.8CVSS6.6AI score0.00796EPSS
Exploits1References3
OSV
OSV
added 2026/03/27 7:21 p.m.7 views

CVE-2026-31943 LibreChat has SSRF protection bypass via IPv4-mapped IPv6 normalization in isPrivateIP

LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.3, isPrivateIP in packages/api/src/auth/domain.ts fails to detect IPv4-mapped IPv6 addresses in their hex-normalized form, allowing any authenticated user to bypass SSRF protection and make the server issue HTTP requests ...

8.5CVSS5.9AI score0.00213EPSS
Exploits1References3
CNVD
CNVD
added 2026/03/26 12:0 a.m.4 views

OpenClaw has an unspecified vulnerability (CNVD-2026-16389)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw has a security vulnerability that can be exploited by attackers to bypass SSRF protection...

7.6CVSS5.8AI score0.00221EPSS
Exploits0
CNNVD
CNNVD
added 2026/03/19 12:0 a.m.9 views

OpenClaw 代码问题漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.2.22 had code-related vulnerabilities. These vulnerabilities stemmed from inconsistent validation of redirection chains, which could allow attackers to bypass SSRF protection...

6.5CVSS5.8AI score0.00172EPSS
Exploits0References4
Rows per page
Query Builder