Lucene search
+L

1191 matches found

vulncheck_kev
vulncheck_kev
added 2026/02/10 12:0 a.m.29 views

VulnCheck KEV: CVE-2026-21513

Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network...

8.8CVSS5.8AI score0.15384EPSS
In wildExploits0References13
ptsecurity
ptsecurity
added 2026/02/10 12:0 a.m.14 views

PT-2026-7448

Name of the Vulnerable Software and Affected Versions AMD Secure Encrypted Virtualization SEV firmware affected versions not specified Description An access control issue in AMD Secure Encrypted Virtualization SEV firmware may allow a malicious hypervisor to circumvent RMP protections. This could...

5.9CVSS5.4AI score0.00144EPSS
Exploits0References3
nessus
nessus
added 2026/02/10 12:0 a.m.6 views

KB5075897: Windows Server version 23H2 Security Update (February 2026)

The remote Windows host is missing security update 5075897. It is, therefore, affected by multiple vulnerabilities - A heap-based buffer overflow issue was discovered in libjpeg-turbo in h2v2mergedupsampleinternal function of jdmrgext.c file. The vulnerability can only be exploited with 12-bit da...

8.8CVSS6.9AI score0.25835EPSS
Exploits13References30
github
github
added 2026/02/06 7:2 p.m.10 views

Claude Code Vulnerable to Command Injection via Directory Change Bypasses Write Protection

Claude Code failed to properly validate directory changes when combined with write operations to protected folders. By using the cd command to navigate into sensitive directories like .claude, it was possible to bypass write protection and create or modify files without user confirmation. Reliabl...

9.1CVSS5.5AI score0.00357EPSS
Exploits0References3Affected Software1
nvd
nvd
added 2026/02/06 6:15 p.m.30 views

CVE-2026-25722

Claude Code is an agentic coding tool. Prior to version 2.0.57, Claude Code failed to properly validate directory changes when combined with write operations to protected folders. By using the cd command to navigate into sensitive directories like .claude, it was possible to bypass write protecti...

9.1CVSS0.00357EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/02/06 5:52 p.m.5 views

CVE-2026-25722

Claude Code is an agentic coding tool. Prior to version 2.0.57, Claude Code failed to properly validate directory changes when combined with write operations to protected folders. By using the cd command to navigate into sensitive directories like .claude, it was possible to bypass write protecti...

7.7CVSS5.4AI score0.00357EPSS
Exploits0References2Affected Software1
osv
osv
added 2026/02/06 5:52 p.m.5 views

CVE-2026-25722 Claude Code Vulnerable to Command Injection via Directory Change Bypasses Write Protection

Claude Code is an agentic coding tool. Prior to version 2.0.57, Claude Code failed to properly validate directory changes when combined with write operations to protected folders. By using the cd command to navigate into sensitive directories like .claude, it was possible to bypass write protecti...

7.7CVSS5.7AI score0.00357EPSS
Exploits0References3
euvd
euvd
added 2026/01/31 12:30 a.m.7 views

EUVD-2020-30926

Crystal Shard http-protection 0.2.0 contains an IP spoofing vulnerability that allows attackers to bypass protection middleware by manipulating request headers. Attackers can hardcode consistent IP values across X-Forwarded-For, X-Client-IP, and X-Real-IP headers to circumvent security checks and...

9.8CVSS5.9AI score0.00537EPSS
Exploits0References4
nvd
nvd
added 2026/01/30 11:16 p.m.7 views

CVE-2020-37056

Crystal Shard http-protection 0.2.0 contains an IP spoofing vulnerability that allows attackers to bypass protection middleware by manipulating request headers. Attackers can hardcode consistent IP values across X-Forwarded-For, X-Client-IP, and X-Real-IP headers to circumvent security checks and...

9.8CVSS0.00537EPSS
Exploits0References3
cvelist
cvelist
added 2026/01/30 10:7 p.m.24 views

CVE-2020-37056 Crystal Shard http-protection 0.2.0 - IP Spoofing Bypass

Crystal Shard http-protection 0.2.0 contains an IP spoofing vulnerability that allows attackers to bypass protection middleware by manipulating request headers. Attackers can hardcode consistent IP values across X-Forwarded-For, X-Client-IP, and X-Real-IP headers to circumvent security checks and...

9.8CVSS0.00537EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/01/30 12:0 a.m.11 views

PT-2026-5492

Name of the Vulnerable Software and Affected Versions Crystal Shard http-protection version 0.2.0 Description The software contains an IP spoofing issue that allows attackers to bypass protection middleware. This is achieved by manipulating request headers to hardcode consistent IP values across...

9.8CVSS5.3AI score0.00537EPSS
Exploits0References5
nvd
nvd
added 2026/01/29 9:16 a.m.8 views

CVE-2026-23568

An out-of-bounds read vulnerability in the TeamViewer DEX Client former 1E Client - Content Distribution Service NomadBranch.exe prior version 26.1 for Windows allows an attacker on the adjacent network to cause information disclosure or denial-of-service via a special crafted packet. The leaked...

8.1CVSS0.00196EPSS
Exploits0References1
cvelist
cvelist
added 2026/01/28 7:12 p.m.33 views

CVE-2025-68662 FinalDestination hostname matching allows SSRF protection bypass

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, a hostname validation issue in FinalDestination could allow bypassing SSRF protections under certain conditions. This issue is patched in versions 3.5.4, 2025.11.2, 2025.12.1, and...

7.6CVSS0.003EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/01/28 12:0 a.m.7 views

Discourse code vulnerabilities

Discourse is an open-source community discussion platform developed by Discourse. This platform includes features such as communities, email communication, and chat rooms. There were code vulnerabilities in versions of Discourse prior to 3.5.4, as well as versions prior to 2025.11.2, 2025.12.1, a...

9.9CVSS5.9AI score0.003EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/01/22 12:0 a.m.8 views

Bosch Infotainment ECU security vulnerabilities

The Bosch Infotainment ECU is an in-car entertainment system developed by the German company Bosch. There is a security vulnerability in the Bosch Infotainment ECU. This vulnerability arises from the anti-theft protection mechanism, which can be bypassed due to a weak response generation algorith...

4CVSS5.8AI score0.00318EPSS
Exploits0References3
cve
cve
added 2026/01/19 3:24 p.m.18 views

CVE-2026-22031

CVE-2026-22031 affects the Fastify middleware plugin @fastify/middie (prior to 9.1.0). A vulnerability allows bypassing a middleware registered with a path prefix by using URL-encoded paths (e.g., /%61dmin). The middie engine uses path-to-regexp for matching; the regex is applied to the undecoded...

8.8CVSS5.5AI score0.00457EPSS
Exploits1References4Affected Software1
vulnrichment
vulnrichment
added 2026/01/16 2:0 p.m.4 views

CVE-2025-15104 Nu Html Checker (validator.nu) - Restriction bypass vulnerability allowing local SSRF

Nu Html Checker validator.nu contains a restriction bypass that allows remote attackers to make the server perform arbitrary HTTP/HTTPS requests to internal resources, including localhost services. While the validator implements hostname-based protections to block direct access to localhost and...

6.9CVSS6.8AI score0.00425EPSS
Exploits1References2
vulnrichment
vulnrichment
added 2026/01/14 3:7 p.m.6 views

CVE-2025-71127 wifi: mac80211: Discard Beacon frames to non-broadcast address

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Discard Beacon frames to non-broadcast address Beacon frames are required to be sent to the broadcast address, see IEEE Std 802.11-2020, 11.1.3.1 "The Address 1 field of the Beacon .. frame shall be set to the...

5.7AI score0.0013EPSS
Exploits0References7
nessus
nessus
added 2026/01/14 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2025-71127

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Discard Beacon frames to non-broadcast address Beacon frames are required to...

5.5CVSS6.1AI score0.0013EPSS
Exploits0References3
redhatcve
redhatcve
added 2026/01/09 12:39 p.m.6 views

CVE-2023-29818

An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and before allows a local attacker to bypass protections via the default allowlist feature being stored as non-admin...

5.5CVSS6.4AI score0.00171EPSS
Exploits0References1
Rows per page
Query Builder