Lucene search
K

2147 matches found

EUVD
EUVD
added 2 days ago4 views

EUVD-2026-41638

Gitea versions before 1.26.0 do not fail closed on bufio.Scanner errors while processing pre-receive hook input, allowing oversized input to bypass branch-protection checks...

6AI score0.00174EPSS
Exploits0References3
EUVD
EUVD
added 2 days ago3 views

EUVD-2026-41630

Gitea versions before 1.25.5 do not use the migration HTTP transport for LFS push and sync mirror operations, bypassing the configured migration transport protections for those LFS requests...

5.9AI score0.00174EPSS
Exploits0References4
CVE
CVE
added 2 days ago9 views

CVE-2026-26292

Gitea versions before 1.25.5 do not use the migration HTTP transport for LFS push and sync mirror operations, bypassing the configured migration transport protections for those LFS requests. Affected software: Gitea. Root cause: LFS-related operations bypass the migration HTTP transport protectio...

5.9AI score0.00174EPSS
Exploits0References4
NVD
NVD
added 4 days ago9 views

CVE-2026-5051

HashiCorp Vault and Vault Enterprise prior to 2.0.1 audit device validation logic did not consistently apply plugin directory protections when the legacy file audit path option was used. This vulnerability CVE-2026-5051 is fixed in 2.0.1, 1.21.6, 1.20.11, and 1.19.17...

4.4CVSS0.00278EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-41098

HashiCorp Vault and Vault Enterprise prior to 2.0.1 audit device validation logic did not consistently apply plugin directory protections when the legacy file audit path option was used. This vulnerability CVE-2026-5051 is fixed in 2.0.1, 1.21.6, 1.20.11, and 1.19.17...

4.4CVSS5.8AI score0.00278EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-54782

Name of the Vulnerable Software and Affected Versions HashiCorp Vault versions prior to 2.0.1 HashiCorp Vault Enterprise versions prior to 2.0.1 Description Audit device validation logic fails to consistently apply plugin directory protections when the legacy file audit path option is utilized...

4.4CVSS5.8AI score0.00278EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 5 days ago6 views

erb: ERB: Arbitrary code execution via deserialization bypass

A flaw was found in ERB, a templating system for Ruby. An attacker who can trigger deserialization of untrusted data in a Ruby application can bypass existing protections. This vulnerability allows for arbitrary code execution by exploiting specific public methods that evaluate template source...

8.1CVSS6.4AI score0.01131EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 5 days ago7 views

PT-2026-53955

Name of the Vulnerable Software and Affected Versions IBM Langflow OSS versions 1.0.0 through 1.9.3 Description The API Request component contains a Server-Side Request Forgery SSRF protection bypass. An authenticated attacker with flow author privileges can bypass security controls by enabling t...

8.5CVSS5.9AI score0.00185EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/26 4:4 p.m.8 views

CVE-2026-56663

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.52, an authenticated user can bypass the SSRF / private-IP protections in SendWebRequestBlock and reach internal network services. isipblocked in...

8.5CVSS5.8AI score0.00224EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/25 8:16 a.m.9 views

CVE-2026-53099

A flaw was found in the Linux kernel. The issue arises from an incorrect configuration option for Control-Flow Integrity CFI, a security mechanism designed to prevent certain types of attacks. Due to a naming change, the CFI code was not properly compiled, leading to its intended protections not...

5.9AI score0.00156EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/25 4:34 a.m.29 views

CVE-2026-5952 Incorrect Authorization in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.11 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with developer-role permissions to bypass package protection rules and overwrite...

4.3CVSS0.00195EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/23 1:28 p.m.9 views

CVE-2026-53663

A flaw was found in React Router. Insufficient Cross-Site Request Forgery CSRF checks in the framework mode allow a remote attacker to bypass these protections on PUT, PATCH, and DELETE requests. This could lead to a low integrity impact, where an attacker might be able to perform unintended...

3.1CVSS5.8AI score0.00106EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.1 views

Astra Linux – Vulnerability in PostgresSQL 11

A flaw was discovered in PostgreSQL. There is an issue where insufficient efforts are made to ensure safe operation when a privileged user is managing objects of another user. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pgamcheck commands activate relevant...

8.8CVSS7.2AI score0.12403EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 5:16 p.m.12 views

CVE-2025-71323

picklescan before 0.0.33 fails to block the ctypes module, allowing attackers to achieve remote code execution by invoking direct syscalls and accessing raw memory. Attackers can craft malicious pickle files using ctypes.WinDLL to load kernel32.dll and execute arbitrary commands, bypassing sandbo...

9.8CVSS0.00757EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:19 p.m.9 views

CVE-2025-15642

Netskope is notified about a potential gap in its Netskoped Client for Windows systems where a malicious insider with admin privileges can lead to bypassing the NSClient Tamper Protections due to weak Discretionary Access Control List DACLs on the service object and related registry keys,. Produc...

6.8CVSS0.00143EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/16 1:37 p.m.6 views

erb: ERB: Arbitrary code execution via deserialization bypass

A flaw was found in ERB, a templating system for Ruby. An attacker who can trigger deserialization of untrusted data in a Ruby application can bypass existing protections. This vulnerability allows for arbitrary code execution by exploiting specific public methods that evaluate template source...

8.1CVSS6.2AI score0.01131EPSS
Exploits0References5
OSV
OSV
added 2026/06/15 8:6 p.m.3 views

GHSA-84G9-W2XQ-VCV6 React Router: Potential CSRF via PUT/PATCH/DELETE document requests

Certain CSRF checks in React Router v7 Framework Mode were insufficient and run on POST requests, but were bypassed on PUT/PATCH/DELETE requests. This is a low severity vulnerability because modern browser protections CORS preflight, SameSite cookies already block the cross-origin attack vectors...

3.1CVSS5.4AI score0.00106EPSS
Exploits0References2
NVD
NVD
added 2026/06/12 7:16 p.m.17 views

CVE-2026-28742

Naxclow devices use a uniform request-signing scheme based on a hard-coded, platform-wide salt embedded in every firmware image. Once this salt is recovered from any device, an attacker can generate valid signatures for arbitrary device or account operations due to the absence of per-device keys,...

9.8CVSS0.0033EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/12 6:3 p.m.10 views

CVE-2026-28742 Naxclow IoT Platform Use of hard-coded cryptographic key

Naxclow devices use a uniform request-signing scheme based on a hard-coded, platform-wide salt embedded in every firmware image. Once this salt is recovered from any device, an attacker can generate valid signatures for arbitrary device or account operations due to the absence of per-device keys,...

9.8CVSS5.5AI score0.0033EPSS
Exploits0References2
CVE
CVE
added 2026/06/12 6:3 p.m.22 views

CVE-2026-28742

CVE-2026-28742 relates to Naxclow IoT Platform devices using a uniform, hard-coded platform-wide salt for request signing embedded in firmware. The lack of per‑device keys, server-side nonce tracking, or replay protections allows recovered salts to enable valid signatures for arbitrary device or ...

9.8CVSS5.4AI score0.0033EPSS
Exploits0References2
Rows per page
Query Builder