Lucene search
K

8 matches found

Snyk
Snyk
added 6 days ago6 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass via the handling of the forwarded-proto header when generating public URLs. An attacker can cause the application to generate spoofed canonical URLs by injecting or manipulating the forwarded-proto header value...

7.5CVSS6AI score0.00431EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/06/13 2:17 a.m.11 views

SUSE CVE-2026-44249

Netty is a network application framework for development of protocol servers and clients. In netty-handler prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can bypass IPv6 subnet rules due to an incorrect masking operation in IpSubnetFilterRule.compareTo. Valid public IP addresses ca...

8.1CVSS5.3AI score0.00552EPSS
Exploits0References3
OSV
OSV
added 2026/06/11 10:16 p.m.6 views

UBUNTU-CVE-2026-44249

Netty is a network application framework for development of protocol servers and clients. In netty-handler prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can bypass IPv6 subnet rules due to an incorrect masking operation in IpSubnetFilterRule.compareTo. Valid public IP addresses ca...

8.1CVSS5.3AI score0.00552EPSS
Exploits0References5
CVE
CVE
added 2026/04/17 4:2 p.m.32 views

CVE-2026-40516

Technical details about CVE-2026-40516 are not publicly available in the provided Connected documents; the description exists but without explicit vendor/product/versions in this set. Monitor for updates.

8.3CVSS5.8AI score0.0018EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/08/11 4:25 p.m.6 views

CVE-2025-8866

YugabyteDB Anywhere web server does not properly enforce authentication for the /metamaster/universe API endpoint. An unauthenticated attacker could exploit this flaw to obtain server networking configuration details, including private and public IP addresses and DNS records...

5.1CVSS7.3AI score0.00272EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/10/21 12:0 a.m.5 views

PT-2024-39308 · Amazon +1 · Aws Alb Route Directive Adapter For Istio +1

Name of the Vulnerable Software and Affected Versions: AWS ALB Route Directive Adapter For Istio affected versions not specified Description: The issue concerns a lack of proper signer and issuer validation in the JWT authentication mechanism used by the AWS ALB Route Directive Adapter For Istio...

9.9CVSS6.5AI score0.97781EPSS
Exploits21References136
BDU FSTEC
BDU FSTEC
added 2023/12/15 12:0 a.m.9 views

The vulnerability of the FortiOS operating systems and the FortiProxy proxy server, related to vulnerabilities in access control, allows attackers to bypass security restrictions.

The vulnerabilities of the FortiOS operating systems and the FortiProxy proxy server for protecting against Internet attacks are related to deficiencies in access control. Exploiting these vulnerabilities allows a malicious actor to circumvent security restrictions by synchronizing publicly...

3.1CVSS5.9AI score0.00567EPSS
Exploits0References4Affected Software2
CNVD
CNVD
added 2017/07/10 12:0 a.m.5 views

HUMAX WiFi Router HG-100R DNS Hijacking Vulnerability

The HG-100R is a router. A DNS hijacking vulnerability exists in the HUMAX WiFi Router HG-100R. The vulnerability is caused by first constructing a special request to bypass the authentication of the management console. The vulnerability is due to the router failing to validate the session token...

6.8AI score
Exploits0References1
Rows per page
Query Builder