Lucene search
K

33520 matches found

RedhatCVE
RedhatCVE
added 4 days ago7 views

CVE-2026-53433

A flaw was found in fzf, a command-line fuzzy finder. This vulnerability allows a remote attacker to cause a Denial of Service DoS by sending a crafted POST request with many small segments to the --listen mode. The inefficient HTTP body processing, which uses repeated string concatenation, leads...

7.5CVSS5.8AI score0.00215EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 4 days ago4 views

CVE-2026-35096

KTM System e-BOK is vulnerable to Cross‑Site Request Forgery CSRF in both the email-change and password-change functionalities. An attacker can craft a malicious website that, when visited by an authenticated user, automatically sends a forged POST request to the application. This allows the...

5.1CVSS5.8AI score0.00157EPSS
Exploits0References3
OSV
OSV
added 4 days ago5 views

UBUNTU-CVE-2026-53433

fzf is vulnerable to a Denial of Service DoS due to inefficient HTTP body processing in the --listen mode due to inefficient HTTP body processing using repeated string concatenation, resulting in quadratic time complexity On². A crafted POST request with many small segments can trigger excessive...

7.5CVSS5.7AI score0.00243EPSS
Exploits0References5
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-40320

Denial of service via malformed HTTP/2 requests in NetScaler ADC and NetScaler Gateway if HTTP/2 is enabled in HTTP Profile and associated with the virtual server of type LB, CS, VPN or the service configured on NetScaler...

8.7CVSS5.8AI score0.0044EPSS
Exploits0References1
NVD
NVD
added 4 days ago9 views

CVE-2026-12349

The Premium Addons for KingComposer plugin for WordPress is vulnerable to unauthorized modification and loss of data in versions up to, and including, 1.1.1. This is due to missing authorization and capability checks on the addcustomsidebar and removecustomsidebar AJAX handlers, both of which are...

5.3CVSS0.00239EPSS
Exploits0References6
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-40250

The Plugin for Google Analytics by IO technologies plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the Google Analytics settings page ga.php. This makes it possible for unauthenticated...

4.3CVSS5.6AI score0.00102EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 4 days ago6 views

undertow: Undertow MadeYouReset HTTP/2 DDoS Vulnerability

A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts...

7.5CVSS5.7AI score0.0217EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 4 days ago6 views

Amazon Linux 2023 : rclone (ALAS2023-2026-1907)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1907 advisory. Rclone is a command-line program to sync files and directories to and from different cloud storage providers. From 1.46.0 until 1.74.3, rclone rcd --rc-serve accepts unauthenticated GET and HEAD reques...

9.8CVSS5.9AI score0.00701EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-53868

Name of the Vulnerable Software and Affected Versions NetScaler ADC affected versions not specified NetScaler Gateway affected versions not specified Description A denial of service issue exists when HTTP/2 is enabled in the HTTP Profile and associated with a virtual server of type LB, CS, or VPN...

8.7CVSS5.8AI score0.0044EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 4 days ago7 views

Amazon Linux 2 : rclone, --advisory ALAS2-2026-3494 (ALAS-2026-3494)

The version of rclone installed on the remote host is prior to 1.55.1-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3494 advisory. Rclone is a command-line program to sync files and directories to and from different cloud storage providers. From 1.46.0 until...

9.8CVSS5.9AI score0.00701EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-54038

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description Capgo lacks an UPDATE row-level security policy for the build requests table. This missing policy prevents API-key and anonymous access from persisting builder status updates. An attacker can exploi...

5.3CVSS5.8AI score0.00192EPSS
Exploits0References4
NVD
NVD
added 5 days ago9 views

CVE-2026-13762

Inconsistent interpretation of HTTP/2 requests in Amazon CloudFront with AWS WAF enabled might allow remote actors to bypass AWS WAF managed rule body inspection via crafted HTTP/2 requests that fragment the request body across frames so that only a partial body is inspected. This issue was...

9.8CVSS0.00438EPSS
Exploits0References1
NVD
NVD
added 5 days ago8 views

CVE-2026-57957

Papermark through 0.22.0 contains a cross-origin resource sharing CORS misconfiguration vulnerability that allows unauthenticated remote attackers to perform credentialed cross-origin requests by exploiting the TUS-based viewer upload endpoint reflecting arbitrary request Origins with...

4.7CVSS0.0025EPSS
Exploits0References3
NVD
NVD
added 5 days ago7 views

CVE-2026-11720

A path traversal vulnerability exists in the HTTP tool URL builder of googleapis/mcp-toolbox. When constructing downstream API requests, the URL builder substitutes user-controlled pathParams into the configured tool path and parses the resulting string as a relative URL. While it checks that the...

9.3CVSS0.00374EPSS
Exploits0References1
CVE
CVE
added 5 days ago11 views

CVE-2026-57957

Summary (CVE-2026-57957): Papermark up to version 0.22.0 has a CORS misconfiguration in the TUS-based viewer upload endpoint. This flaw reflects arbitrary request Origins with Access-Control-Allow-Credentials set to true, enabling unauthenticated remote attackers to perform credentialed cross-ori...

4.7CVSS6AI score0.0025EPSS
Exploits0References3
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-40142

Papermark through 0.22.0 contains a cross-origin resource sharing CORS misconfiguration vulnerability that allows unauthenticated remote attackers to perform credentialed cross-origin requests by exploiting the TUS-based viewer upload endpoint reflecting arbitrary request Origins with...

4.7CVSS6AI score0.0025EPSS
Exploits0References3
EUVD
EUVD
added 5 days ago5 views

EUVD-2026-40164

Pinpoint through 3.1.0 contains a server-side request forgery vulnerability in the webhook registration endpoint that allows authenticated users to register internal URLs due to missing SSRF protection. Attackers can trigger alarm threshold breaches to force the server to issue POST requests to...

8.5CVSS5.8AI score0.00239EPSS
Exploits0References2
NVD
NVD
added 5 days ago9 views

CVE-2026-13751

Improper handling of untrusted remote references in Snowflake CLI versions prior to 3.19 allowed server-side request forgery. The SQL statement reader's !source/!load directives could reference remote URLs that were retrieved at runtime without sufficient restriction on the request destination. B...

9.6CVSS0.00118EPSS
Exploits0References1
OSV
OSV
added 5 days ago5 views

PYSEC-2026-418 MLflow: Improper Origin Validation in MLflow Assistant /ajax-api Endpoints Enables Browser-Mediated Local Command Execution

In MLflow version 3.9.0, the MLflow Assistant feature introduced improper origin validation in its /ajax-api endpoints. This vulnerability allows a remote attacker to exploit cross-origin requests from a malicious webpage to interact with the MLflow Assistant running on a victim's local machine. ...

9.6CVSS7.7AI score0.00371EPSS
Exploits1References6
OSV
OSV
added 5 days ago5 views

PYSEC-2026-414 misp-modules website - Missing CSRF protection in the website home blueprint

A Cross-Site Request Forgery vulnerability in the MISP Modules website allowed an attacker to cause an authenticated user to submit unintended requests to the home endpoint. The vulnerability was due to the home blueprint being exempted from CSRF protection. This could allow modification of sessi...

9.3CVSS5.8AI score0.00185EPSS
Exploits0References6
Rows per page
Query Builder