Lucene search
K

410 matches found

CVE
CVE
added 2026/07/07 4:18 p.m.15 views

CVE-2025-12799

CVE-2025-12799 affects Jastow and is described as a Cross-Site Scripting (XSS) vulnerability that arises when a configuration allows unescaped characters in URLs with embedded Undertow and Jastow, indicating improper input handling. The CVSS 3.1 base vector shows a Network attack vector, high aut...

6.5CVSS5.9AI score0.00246EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/07 3:12 a.m.30 views

CVE-2026-34044 Coolify: Cross-team IDOR in logs component (resource lookup not team-scoped)

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.466, the Logs::mount component looks up resources by UUID without scoping the lookup to the current team, allowing an authenticated user to access logs for applications owned by...

7.7CVSS0.00244EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/07/07 12:0 a.m.11 views

RHEL 8 : Red Hat JBoss Enterprise Application Platform 8.1.7 (RHSA-2026:36342)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:36342 advisory. Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This release of Red Ha...

6.5CVSS6AI score0.00246EPSS
Exploits0References20
Vulnrichment
Vulnrichment
added 2026/07/01 3:33 a.m.9 views

CVE-2026-7840 UltraVNC repeater HTTP server global buffer overflow via long URI (pre-auth RCE)

UltraVNC repeater through 1.8.2.2 contains a global buffer overflow in its embedded HTTP administration server. The functions wisenderr and wireplyhdr in repeater/webgui/webutils.c write the caller-supplied HTTP request URI into a fixed 1000-byte global buffer hdrbuf via unchecked sprintf calls...

9.8CVSS6.6AI score0.01439EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.13 views

PT-2026-54484

Name of the Vulnerable Software and Affected Versions UltraVNC repeater versions prior to 1.8.2.3 Description An integer overflow exists in the HTTP request logging path. The win log function allocates list nodes using a calculation based on the length of the HTTP request URI. If the URI length i...

5.3CVSS6.4AI score0.01057EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/06/29 3:13 p.m.6 views

gnutls: gnutls: Certificate validation bypass due to improper handling of URI and SRV SANs

A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted certificate that contains Uniform Resource Identifier URI or Service SRV Subject Alternative Names SANs. This could cause the certificate validation process to incorrectly fall back to...

7.1CVSS5.8AI score0.00354EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/29 10:17 a.m.8 views

gnutls: gnutls: Certificate validation bypass due to improper handling of URI and SRV SANs

A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted certificate that contains Uniform Resource Identifier URI or Service SRV Subject Alternative Names SANs. This could cause the certificate validation process to incorrectly fall back to...

7.1CVSS5.8AI score0.00354EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/29 2:54 a.m.7 views

gnutls: gnutls: Certificate validation bypass due to improper handling of URI and SRV SANs

A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted certificate that contains Uniform Resource Identifier URI or Service SRV Subject Alternative Names SANs. This could cause the certificate validation process to incorrectly fall back to...

7.1CVSS5.8AI score0.00354EPSS
Exploits0References5
OSV
OSV
added 2026/06/26 3:45 p.m.4 views

CVE-2026-47214 Docling: Unsafe URI and Path Handling in HTML Backend

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. Prior to 2.94.0, the HTML backend has unsafe URI and path handling. This vulnerability is fixed in 2.94.0...

7.1CVSS5.9AI score0.00217EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/25 6:37 p.m.8 views

gnutls: gnutls: Certificate validation bypass due to improper handling of URI and SRV SANs

A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted certificate that contains Uniform Resource Identifier URI or Service SRV Subject Alternative Names SANs. This could cause the certificate validation process to incorrectly fall back to...

7.1CVSS5.8AI score0.00354EPSS
Exploits0References5
NVD
NVD
added 2026/06/23 6:18 p.m.9 views

CVE-2026-54019

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI added collection-level ACL checks, but the patch can still be bypassed when Milvus multitenancy mode is enabled. The ACL allows unknown non-KB collection names as...

6.5CVSS0.00281EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2026/06/16 4:53 p.m.9 views

gnutls: gnutls: Certificate validation bypass due to improper handling of URI and SRV SANs

A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted certificate that contains Uniform Resource Identifier URI or Service SRV Subject Alternative Names SANs. This could cause the certificate validation process to incorrectly fall back to...

7.1CVSS5.3AI score0.00354EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/15 1:45 a.m.13 views

EUVD-2026-36681

A security flaw has been discovered in medkey-org medkey up to fc09b7ba9441ff590b72d428d5380834216b09ed. Impacted is the function actionGetPatientById of the file app\modules\medical\port\rest\controllers\PatientController.php of the component HTTP REST API. The manipulation of the argument ID...

5.3CVSS5AI score0.00226EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.15 views

PT-2026-49167

A security flaw has been discovered in medkey-org medkey up to fc09b7ba9441ff590b72d428d5380834216b09ed. Impacted is the function actionGetPatientById of the file appmodulesmedicalportrestcontrollersPatientController.php of the component HTTP REST API. The manipulation of the argument ID results ...

5.3CVSS5.1AI score0.00226EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/06/11 1:4 p.m.21 views

guzzlehttp/psr7 has Host Confusion via Authority Reinterpretation

Impact guzzlehttp/psr7 improperly interpreted malformed Host header values when constructing request URIs from inbound request data. This issue concerns inbound request parsing and server request construction. It does not require serializing a PSR-7 request, and it is not part of the normal...

5.3CVSS5.5AI score0.00198EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/09 4:29 p.m.11 views

USN-8409-1 uriparser vulnerability

It was discovered that uriparser incorrectly handled certain URI strings. An attacker could possibly use this issue to cause uriparser to crash, resulting in a denial of service...

2.9CVSS5.5AI score0.00122EPSS
Exploits0References2
Spring Security Advisories
Spring Security Advisories
added 2026/06/09 12:0 a.m.9 views

cve-2026-41714 - MEDIUM - In Spring AMQP the `RabbitConnectionFactoryBean.setUri("amqps://...")` bypasses secure SSL setup, uses `TrustEverythingTrustManager`

cve-2026-41714 - MEDIUM - In Spring AMQP the RabbitConnectionFactoryBean.setUri"amqps://..." bypasses secure SSL setup, uses TrustEverythingTrustManager...

4CVSS6.1AI score0.00132EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:46 p.m.10 views

CVE-2026-33637

A flaw was found in Faraday, an HTTP client library. This vulnerability allows a remote attacker to perform off-host request forgery by exploiting a protocol-relative host override when a request target is passed as a URI object. This can redirect a request from a fixed-base Faraday connection to...

6.5CVSS5.9AI score0.00272EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/06/04 11:58 a.m.13 views

CVE-2026-44353

A flaw was found in Streamlink. Its HLS HTTP Live Streaming and DASH Dynamic Adaptive Streaming over HTTP parsers do not properly validate the URI Uniform Resource Identifier scheme of segment entries. A remote attacker could craft a malicious HLS playlist or DASH manifest to include local file...

6.5CVSS5.8AI score0.00345EPSS
Exploits1References2
NVD
NVD
added 2026/06/02 9:16 p.m.13 views

CVE-2026-10624

A vulnerability has been found in SourceCodester Human Resource Management 1.0. Affected by this vulnerability is an unknown functionality of the file /detailview.php of the component Employee View Page. Such manipulation of the argument employeeid leads to improper control of resource identifier...

5.3CVSS0.00242EPSS
Exploits0References6
Rows per page
Query Builder