Lucene search
+L

6527 matches found

Packet Storm News
Packet Storm News
added 2026/04/17 12:0 a.m.6 views

Modeling Sparse and Bursty Vulnerability Sightings: Forecasting under Data Constraints

Understanding and anticipating vulnerability-related activity is a major challenge in cyber threat intelligence. This work investigates whether vulnerability sightings, such as proof-of-concept releases, detection templates, or online discussions, can be forecast over time. Building on our earlie...

5.8AI score
Exploits0
OSV
OSV
added 2026/04/16 11:45 p.m.3 views

BIT-OAUTH2-PROXY-2026-34454 OAuth2 Proxy: Session cookie not cleared when rendering sign-in page

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. A regression introduced in 7.11.0 prevents OAuth2 Proxy from clearing the session cookie when rendering the sign-in page. In deployments that rely on the sign-in page as part of their logout flow, a user may be...

3.5CVSS5.7AI score0.00183EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/16 9:8 p.m.8 views

EUVD-2026-23110

sanitize-html allowedTags Bypass via Entity-Decoded Text in nonTextTags Elements...

6.1CVSS5.8AI score0.00235EPSS
Exploits1References3
NVD
NVD
added 2026/04/15 9:17 p.m.6 views

CVE-2026-40186

ApostropheCMS is an open-source Node.js content management system. A regression introduced in commit 49d0bb7, included in versions 2.17.1 of the ApostropheCMS-maintained sanitize-html package bypasses allowedTags enforcement for text inside nonTextTagsArray elements textarea and option...

6.1CVSS0.00235EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/15 8:15 p.m.4 views

CVE-2026-40186

ApostropheCMS is an open-source Node.js content management system. A regression introduced in commit 49d0bb7, included in versions 2.17.1 of the ApostropheCMS-maintained sanitize-html package bypasses allowedTags enforcement for text inside nonTextTagsArray elements textarea and option...

6.1CVSS6AI score0.00235EPSS
Exploits1References3Affected Software2
Github Security Blog
Github Security Blog
added 2026/04/15 7:24 p.m.12 views

Fastify has a Body Schema Validation Bypass via Leading Space in Content-Type Header

Summary A validation bypass vulnerability exists in Fastify v5.x where request body validation schemas specified via schema.body.content can be completely circumvented by prepending a single space character \x20 to the Content-Type header. The body is still parsed correctly as JSON or any other...

7.5CVSS7AI score0.0077EPSS
Exploits1References8Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/15 12:14 a.m.9 views

CVE-2026-33806

Impact: Fastify applications using schema.body.content for per-content-type body validation can have validation bypassed entirely by prepending a space to the Content-Type header. The body is still parsed correctly but schema validation is skipped. This is a regression introduced in fastify = 5.3...

7.5CVSS7.1AI score0.00686EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/15 12:0 a.m.8 views

PT-2026-33174

Name of the Vulnerable Software and Affected Versions ApostropheCMS versions prior to 4.29.0 sanitize-html version 2.17.1 Description A regression in the sanitize-html package allows a bypass of allowedTags enforcement for text within nonTextTagsArray elements, specifically textarea and option. T...

6.1CVSS5.8AI score0.00235EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/04/14 11:34 p.m.8 views

Craft CMS has a Missing Authorization Check on User Group Removal via save-permissions Action

Summary The actionSavePermissions endpoint allows a user with only viewUsers permission to remove arbitrary users from all user groups. While saveUserGroups enforces per-group authorization for additions, it performs no equivalent authorization check for removals, so submitting an empty groups...

5.3CVSS6AI score0.00248EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/04/14 11:16 p.m.4 views

CVE-2026-34454

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. A regression introduced in 7.11.0 prevents OAuth2 Proxy from clearing the session cookie when rendering the sign-in page. In deployments that rely on the sign-in page as part of their logout flow, a user may be...

3.5CVSS0.00183EPSS
Exploits0References2
OSV
OSV
added 2026/04/14 10:10 p.m.2 views

CVE-2026-34454 OAuth2 Proxy: Session cookie not cleared when rendering sign-in page

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. A regression introduced in 7.11.0 prevents OAuth2 Proxy from clearing the session cookie when rendering the sign-in page. In deployments that rely on the sign-in page as part of their logout flow, a user may be...

3.5CVSS5.9AI score0.00183EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/14 10:10 p.m.21 views

CVE-2026-34454 OAuth2 Proxy: Session cookie not cleared when rendering sign-in page

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. A regression introduced in 7.11.0 prevents OAuth2 Proxy from clearing the session cookie when rendering the sign-in page. In deployments that rely on the sign-in page as part of their logout flow, a user may be...

3.5CVSS0.00183EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.9 views

PT-2026-32954

Name of the Vulnerable Software and Affected Versions OAuth2 Proxy versions 7.11.0 through 7.15.1 Description A regression prevents the reverse proxy from clearing the session cookie when rendering the sign-in page. In deployments relying on the sign-in page for the logout flow, the browser sessi...

3.5CVSS5.8AI score0.00183EPSS
Exploits0References9
Packet Storm News
Packet Storm News
added 2026/04/13 12:0 a.m.8 views

AnyPoC: Universal Proof-Of-Concept Test Generation for Scalable LLM-Based Bug Detection

While recent LLM-based agents can identify many candidate bugs in source code, their reports remain static hypotheses that require manual validation, limiting the practicality of automated bug detection. We frame this challenge as a test generation task: given a candidate report, synthesizing an...

6AI score
Exploits0
OSV
OSV
added 2026/04/09 5:34 p.m.6 views

GHSA-68X5-XX89-W9MM OpenClaw: resolvedAuth closure becomes stale after config reload

Impact resolvedAuth closure becomes stale after config reload. After a config reload, newly accepted gateway connections could continue using stale resolved auth state. OpenClaw is a user-controlled local assistant. This advisory is scoped to the OpenClaw trust model and does not assume a...

5.1CVSS5.8AI score0.00215EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/04/09 12:37 p.m.4 views

ruby: Properly initialize the random number generator when forking new process

Ruby before 1.8.7-p352 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900. NOTE: this issu...

5CVSS7AI score0.02582EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/04/08 12:7 a.m.16 views

skilleton has improper input handling in repository/path processing

Summary skilleton versions prior to 0.3.1 include security-related weaknesses in repository normalization and path handling logic. Version 0.3.1 contains fixes and additional test coverage for these issues. Affected Versions =0.3.1 Impact In affected versions, crafted input could trigger unsafe o...

5.9AI score
Exploits0References4Affected Software1
Oracle linux
Oracle linux
added 2026/04/08 12:0 a.m.10 views

nginx:1.24 security update

1.24.0-5.2.0.1 - Reference oracle-indexhtml within Requires Orabug: 33802044 - Remove Red Hat references Orabug: 29498217 1:1.24.0-5.2 - Resolves: RHEL-157886 CVE-2026-32647 nginx:1.24/nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files - Resolves: RHEL-159445...

8.8CVSS6.1AI score0.21621EPSS
Exploits0
Mageia
Mageia
added 2026/04/07 9:50 p.m.8 views

Updated roundcubemail packages fix security vulnerability

SVG Animate FUNCIRI Attribute Bypass — Remote Image Loading via fill/filter/stroke And some regressions from the last fix are fixed...

8.2CVSS5.9AI score0.00329EPSS
Exploits0References2
Debian
Debian
added 2026/04/06 9:19 p.m.7 views

[SECURITY] [DSA 6197-2] dovecot regression update

------------------------------------------------------------------------- Debian Security Advisory DSA-6197-2 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 06, 2026 https://www.debian.org/security/faq -...

7.5CVSS5.8AI score0.00703EPSS
Exploits1
Rows per page
Query Builder