Lucene search
K

406 matches found

NVD
NVD
added 2026/06/01 10:16 p.m.16 views

CVE-2025-22426

In many functions of ComputerEngine.java, there is a possible way to access URIs across users due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS0.00084EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/31 4:0 a.m.11 views

CVE-2026-10168 OUSL-GROUP-BrinaryBrains School Student Management System Parents.php marks resource injection

A security vulnerability has been detected in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. Affected is the function marks of the file application/controllers/Parents.php. The manipulation of the argument param1 leads to improper control...

6.5CVSS6.3AI score0.00243EPSS
Exploits0References4
NVD
NVD
added 2026/05/27 5:16 p.m.18 views

CVE-2026-44353

Streamlink is a CLI utility which pipes video streams from various services into a video player. Prior to 8.4.0, Streamlink's HLS and DASH parsers do not validate the URI scheme of segment entries and other resources. A remote .m3u8 HLS playlist or .mpd DASH manifest can list file:///path/to/file...

6.5CVSS0.00345EPSS
Exploits1References1
NVD
NVD
added 2026/05/26 10:16 p.m.20 views

CVE-2026-42012

A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted certificate that contains Uniform Resource Identifier URI or Service SRV Subject Alternative Names SANs. This could cause the certificate validation process to incorrectly fall back to...

7.1CVSS0.00354EPSS
Exploits0References14
CVE
CVE
added 2026/05/26 9:29 p.m.41 views

CVE-2026-42012

CVE-2026-42012 affects the GnuTLS library. A remote attacker can craft a certificate with URI or SRV SANs that causes the validator to fall back to CN checks, bypassing proper SAN validation and enabling potential impersonation/MITM. Documented in multiple advisories and patches across distros: o...

7.1CVSS5.8AI score0.00354EPSS
Exploits0References14
Vulnrichment
Vulnrichment
added 2026/05/26 9:29 p.m.13 views

CVE-2026-42012 Gnutls: gnutls: certificate validation bypass due to improper handling of uri and srv sans

A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted certificate that contains Uniform Resource Identifier URI or Service SRV Subject Alternative Names SANs. This could cause the certificate validation process to incorrectly fall back to...

7.1CVSS5.8AI score0.00354EPSS
Exploits0References13
EUVD
EUVD
added 2026/05/26 9:29 p.m.10 views

EUVD-2026-32010

A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted certificate that contains Uniform Resource Identifier URI or Service SRV Subject Alternative Names SANs. This could cause the certificate validation process to incorrectly fall back to...

7.1CVSS5.8AI score0.00354EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/26 9:29 p.m.11 views

CVE-2026-42012

A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted certificate that contains Uniform Resource Identifier URI or Service SRV Subject Alternative Names SANs. This could cause the certificate validation process to incorrectly fall back to...

7.1CVSS5.8AI score0.00354EPSS
Exploits0References15
EUVD
EUVD
added 2026/05/26 5:24 p.m.18 views

EUVD-2026-31933

The SAP Gateway allows attackers to inject content into error messages, potentially leading to disclosure of request artefacts e.g., regex patterns and revealing underlying URI parsing logic. Leading to low impact on confidentiality. Integrity and availability are unaffected...

4.3CVSS5.8AI score0.00258EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/26 11:9 a.m.16 views

CVE-2026-48700

A flaw was found in PCManFM-Qt. This vulnerability allows an attacker to achieve arbitrary code execution or bypass network security restrictions. This occurs when a specially crafted file path, provided as a Uniform Resource Identifier URI in a D-Bus method call, causes PCManFM-Qt to open the fi...

9.3CVSS6.2AI score0.00181EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/05/26 7:4 a.m.15 views

gnutls: gnutls: Certificate validation bypass due to improper handling of URI and SRV SANs

A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted certificate that contains Uniform Resource Identifier URI or Service SRV Subject Alternative Names SANs. This could cause the certificate validation process to incorrectly fall back to...

7.1CVSS5.8AI score0.00354EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/05/26 1:52 a.m.21 views

SUSE CVE-2026-48700

An issue was discovered in all versions of PCManFM-Qt starting from 1.1.0. When a regular file's path is passed as a URI in an org.freedesktop.FileManager1.ShowFolders D-Bus method call, PCManFM-Qt delegates to a different program based on the file type without user confirmation. This could be us...

9.3CVSS6.2AI score0.00181EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/22 6:43 p.m.9 views

CVE-2026-48700

An issue was discovered in all versions of PCManFM-Qt starting from 1.1.0. When a regular file's path is passed as a URI in an org.freedesktop.FileManager1.ShowFolders D-Bus method call, PCManFM-Qt delegates to a different program based on the file type without user confirmation. This could be us...

9.3CVSS6.2AI score0.00181EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/05/21 4:30 p.m.12 views

RLSA-2025:23479 Moderate: openssh security update

OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fixes: openssh: OpenSSH: Control characters in usernames can lead to code execution via ProxyCommand...

5.3CVSS6.8AI score0.00211EPSS
Exploits2References3
RedHat Linux
RedHat Linux
added 2026/05/20 11:23 a.m.8 views

keycloak: Keycloak: Unauthorized resource access and data modification via Insecure Direct Object Reference

A flaw was found in Keycloak. An authenticated client could exploit an Insecure Direct Object Reference IDOR vulnerability in the Authorization Services Protection API endpoint. By knowing or obtaining a resource's unique identifier UUID belonging to another Resource Server within the same realm,...

6.8CVSS5.7AI score0.00303EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in HAPProxy

Before version 2.8.2, HAProxy allowed to be part of the URI component. This could allow remote attackers to obtain sensitive information or cause unspecified other issues due to misinterpretation of the pathend rule, such as routing index.html.png to a static server...

8.2CVSS6.8AI score0.01526EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in HAPProxy

A issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. This issue does not ensure that the scheme and path portions of a URI contain the expected characters. For example, the authority field as observed on a target HTTP/2 server might differ from what the...

7.5CVSS7.1AI score0.02319EPSS
Exploits0References2
OSV
OSV
added 2026/05/19 7:16 p.m.7 views

UBUNTU-CVE-2026-33637

Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Versions 2.0.0 through 2.14.1 still allow protocol-relative host override when the request target is passed as a URI object rather than a String to Faraday::Connectionbuildexclusiveurl. This...

6.5CVSS5.7AI score0.00272EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2026/05/19 7:16 p.m.9 views

CVE-2026-33637

Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Versions 2.0.0 through 2.14.1 still allow protocol-relative host override when the request target is passed as a URI object rather than a String to Faraday::Connectionbuildexclusiveurl. This...

6.5CVSS5.7AI score0.00272EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2026/05/19 5:44 p.m.10 views

CVE-2026-33637

Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Versions 2.0.0 through 2.14.1 still allow protocol-relative host override when the request target is passed as a URI object rather than a String to Faraday::Connectionbuildexclusiveurl. This...

6.5CVSS5.7AI score0.00272EPSS
Exploits1
Rows per page
Query Builder