1191 matches found
VulnCheck KEV: CVE-2026-21513
Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network...
PT-2026-7448
Name of the Vulnerable Software and Affected Versions AMD Secure Encrypted Virtualization SEV firmware affected versions not specified Description An access control issue in AMD Secure Encrypted Virtualization SEV firmware may allow a malicious hypervisor to circumvent RMP protections. This could...
KB5075897: Windows Server version 23H2 Security Update (February 2026)
The remote Windows host is missing security update 5075897. It is, therefore, affected by multiple vulnerabilities - A heap-based buffer overflow issue was discovered in libjpeg-turbo in h2v2mergedupsampleinternal function of jdmrgext.c file. The vulnerability can only be exploited with 12-bit da...
Claude Code Vulnerable to Command Injection via Directory Change Bypasses Write Protection
Claude Code failed to properly validate directory changes when combined with write operations to protected folders. By using the cd command to navigate into sensitive directories like .claude, it was possible to bypass write protection and create or modify files without user confirmation. Reliabl...
CVE-2026-25722
Claude Code is an agentic coding tool. Prior to version 2.0.57, Claude Code failed to properly validate directory changes when combined with write operations to protected folders. By using the cd command to navigate into sensitive directories like .claude, it was possible to bypass write protecti...
CVE-2026-25722
Claude Code is an agentic coding tool. Prior to version 2.0.57, Claude Code failed to properly validate directory changes when combined with write operations to protected folders. By using the cd command to navigate into sensitive directories like .claude, it was possible to bypass write protecti...
CVE-2026-25722 Claude Code Vulnerable to Command Injection via Directory Change Bypasses Write Protection
Claude Code is an agentic coding tool. Prior to version 2.0.57, Claude Code failed to properly validate directory changes when combined with write operations to protected folders. By using the cd command to navigate into sensitive directories like .claude, it was possible to bypass write protecti...
EUVD-2020-30926
Crystal Shard http-protection 0.2.0 contains an IP spoofing vulnerability that allows attackers to bypass protection middleware by manipulating request headers. Attackers can hardcode consistent IP values across X-Forwarded-For, X-Client-IP, and X-Real-IP headers to circumvent security checks and...
CVE-2020-37056
Crystal Shard http-protection 0.2.0 contains an IP spoofing vulnerability that allows attackers to bypass protection middleware by manipulating request headers. Attackers can hardcode consistent IP values across X-Forwarded-For, X-Client-IP, and X-Real-IP headers to circumvent security checks and...
CVE-2020-37056 Crystal Shard http-protection 0.2.0 - IP Spoofing Bypass
Crystal Shard http-protection 0.2.0 contains an IP spoofing vulnerability that allows attackers to bypass protection middleware by manipulating request headers. Attackers can hardcode consistent IP values across X-Forwarded-For, X-Client-IP, and X-Real-IP headers to circumvent security checks and...
PT-2026-5492
Name of the Vulnerable Software and Affected Versions Crystal Shard http-protection version 0.2.0 Description The software contains an IP spoofing issue that allows attackers to bypass protection middleware. This is achieved by manipulating request headers to hardcode consistent IP values across...
CVE-2026-23568
An out-of-bounds read vulnerability in the TeamViewer DEX Client former 1E Client - Content Distribution Service NomadBranch.exe prior version 26.1 for Windows allows an attacker on the adjacent network to cause information disclosure or denial-of-service via a special crafted packet. The leaked...
CVE-2025-68662 FinalDestination hostname matching allows SSRF protection bypass
Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, a hostname validation issue in FinalDestination could allow bypassing SSRF protections under certain conditions. This issue is patched in versions 3.5.4, 2025.11.2, 2025.12.1, and...
Discourse code vulnerabilities
Discourse is an open-source community discussion platform developed by Discourse. This platform includes features such as communities, email communication, and chat rooms. There were code vulnerabilities in versions of Discourse prior to 3.5.4, as well as versions prior to 2025.11.2, 2025.12.1, a...
Bosch Infotainment ECU security vulnerabilities
The Bosch Infotainment ECU is an in-car entertainment system developed by the German company Bosch. There is a security vulnerability in the Bosch Infotainment ECU. This vulnerability arises from the anti-theft protection mechanism, which can be bypassed due to a weak response generation algorith...
CVE-2026-22031
CVE-2026-22031 affects the Fastify middleware plugin @fastify/middie (prior to 9.1.0). A vulnerability allows bypassing a middleware registered with a path prefix by using URL-encoded paths (e.g., /%61dmin). The middie engine uses path-to-regexp for matching; the regex is applied to the undecoded...
CVE-2025-15104 Nu Html Checker (validator.nu) - Restriction bypass vulnerability allowing local SSRF
Nu Html Checker validator.nu contains a restriction bypass that allows remote attackers to make the server perform arbitrary HTTP/HTTPS requests to internal resources, including localhost services. While the validator implements hostname-based protections to block direct access to localhost and...
CVE-2025-71127 wifi: mac80211: Discard Beacon frames to non-broadcast address
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Discard Beacon frames to non-broadcast address Beacon frames are required to be sent to the broadcast address, see IEEE Std 802.11-2020, 11.1.3.1 "The Address 1 field of the Beacon .. frame shall be set to the...
Linux Distros Unpatched Vulnerability : CVE-2025-71127
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Discard Beacon frames to non-broadcast address Beacon frames are required to...
CVE-2023-29818
An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and before allows a local attacker to bypass protections via the default allowlist feature being stored as non-admin...