Lucene search
+L

150 matches found

Packet Storm News
Packet Storm News
added 2026/02/02 12:0 a.m.4 views

Benchmarking Large Language Models for Zero-Shot and Few-Shot Phishing URL Detection

The Uniform Resource Locator URL, introduced in a connectivity-first era to define access and locate resources, remains historically limited, lacking future-proof mechanisms for security, trust, or resilience against fraud and abuse, despite the introduction of reactive protections like HTTPS...

5.6AI score
Exploits0
CVE
CVE
added 2026/01/19 7:42 p.m.18 views

CVE-2026-23846

CVE-2026-23846 — Tugtainer password exposure : Tugtainer (self-hosted Docker updater) before version 1.16.1 transmits passwords via URL query parameters instead of the HTTP request body. This enables passwords to be logged in server access logs and potentially exposed through browser history, Ref...

9.1CVSS5.5AI score0.00403EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2026/01/15 9:16 p.m.23 views

CVE-2026-1002

The Vert.x Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URI. The issue comes from an improper implementation of the C. rule of section 5.2.4 of RFC3986 and is fixed in Vert.x Core component used b...

6.9CVSS0.00343EPSS
Exploits1References2
OSV
OSV
added 2026/01/10 4:16 a.m.5 views

UBUNTU-CVE-2026-22610

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.18, 20.3.16, 21.0.7, and 21.1.0-rc.0, a cross-site scripting XSS vulnerability has been identified in the Angular Template Compiler. The...

8.5CVSS6.4AI score0.00444EPSS
Exploits1References6
OSV
OSV
added 2025/12/24 8:15 p.m.3 views

CVE-2019-25251

Teradek VidiU Pro 3.0.3 contains a server-side request forgery vulnerability in the management interface that allows attackers to manipulate GET parameters 'url' and 'xmlurl'. Attackers can exploit this flaw to bypass firewalls, initiate network enumeration, and potentially trigger external HTTP...

6.5CVSS5.9AI score0.00301EPSS
Exploits2References3
Veracode
Veracode
added 2025/11/03 8:21 a.m.10 views

Path Traversal

esm.sh is vulnerable to Path Traversal. The vulnerability is due to improper sanitization of user-supplied URL components allowing path-traversal and file-scheme requests by which an attacker can craft specially-formed requests that cause the server to read and return arbitrary local files or oth...

8.7CVSS8.8AI score0.01527EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2025/10/28 12:0 a.m.6 views

Clear2Pay Bank Visibility Application - Payment Execution 安全漏洞

Clear2Pay Bank Visibility Application - Payment Execution is a financial software component from Clear2Pay Belgium. A security vulnerability exists in Clear2Pay Bank Visibility Application - Payment Execution version 1.10.0.104, which originates from an unvalidated ID parameter in the URL and cou...

5.4CVSS6.1AI score0.0019EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-25175

Malicious code in bioql PyPI...

8.2CVSS6.6AI score0.00139EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-25693

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.00584EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-25229

Malicious code in bioql PyPI...

5.4CVSS6.3AI score0.0021EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2025/09/15 1:16 a.m.3 views

requests: Requests vulnerable to .netrc credentials leak via malicious URLs

A flaw was found in the Requests HTTP library. This vulnerability allows leakage of .netrc credentials to third parties via maliciously crafted URLs that exploit a URL parsing issue...

5.3CVSS6.6AI score0.00845EPSS
Exploits1References14
Microsoft CVE
Microsoft CVE
added 2025/09/03 9:40 p.m.7 views

A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the url variable in interpolateName.js.

...

7.5CVSS7AI score0.02029EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2025/09/03 5:17 a.m.4 views

CVE-2023-21481

Improper URL input validation vulnerability in Samsung Account application prior to version 14.1.0.0 allows remote attackers to get sensitive information...

5.4CVSS6.2AI score0.00274EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2020-15693

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Nim 1.2.4, the standard library httpClient is vulnerable to a CR-LF injection in the target URL. An injection is possible if the attacker controls any part o...

6.5CVSS6.6AI score0.02048EPSS
Exploits1References2
Veracode
Veracode
added 2025/08/21 7:38 a.m.4 views

Improper Input Validation

github.com/grafana/grafana-infinity-datasource is vulnerable to Improper Input Validation. The vulnerability is due to insufficient validation of allowed URL restrictions, which allows an attacker to bypass configured URL checks using a specially crafted URL...

5CVSS6.9AI score0.0029EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2025/08/20 11:42 a.m.7 views

Improper Input Validation

org.apache.zeppelin, zeppelin-jdbc is vulnerable to Improper Input Validation. The vulnerability is due to incomplete JDBC URL validation that failed to handle URL encoded input, which allows an attacker to bypass validation checks and potentially exploit database connections...

7.5CVSS7.1AI score0.00921EPSS
Exploits0References7Affected Software1
Vulnrichment
Vulnrichment
added 2025/08/20 4:23 a.m.3 views

CVE-2025-55706

URL redirection to untrusted site 'Open Redirect' issue exists in Movable Type. If this vulnerability is exploited, an invalid parameter may be inserted into the password reset page, which may lead to redirection to an arbitrary URL...

5.1CVSS7.2AI score0.0019EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/20 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2022-33980

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolatio...

9.8CVSS7.5AI score0.42646EPSS
Exploits3References2
AlpineLinux
AlpineLinux
added 2025/08/19 9:15 p.m.5 views

CVE-2025-54145

The QR scanner could allow arbitrary websites to be opened if a user was tricked into scanning a malicious link that leveraged Firefox's open-text URL scheme This vulnerability affects Firefox for iOS 141...

9.1CVSS6.7AI score0.00367EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/08/19 1:12 p.m.9 views

CVE-2025-4044 XML External Entity Injection vulnerability in various Lexmark Universal Drivers

Improper Restriction of XML External Entity Reference in various Lexmark printer drivers for Windows allows attacker to disclose sensitive information to an arbitrary URL...

8.2CVSS6.7AI score0.00139EPSS
Exploits0References1
Rows per page
Query Builder