Lucene search
K

266 matches found

OSV
OSV
added 2026/04/20 5:46 a.m.6 views

SUSE-SU-2026:1461-1 Security update for jetty-minimal

This update for jetty-minimal fixes the following issues: - CVE-2025-11143: Fixed different parsing of invalid URIs bsc1259242...

6.5CVSS5.8AI score0.00159EPSS
Exploits0References3
NVD
NVD
added 2026/04/09 10:16 p.m.10 views

CVE-2026-5263

URI nameConstraints from constrained intermediate CAs are parsed but not enforced during certificate chain verification in wolfcrypt/src/asn.c. A compromised or malicious sub-CA could issue leaf certificates with URI SAN entries that violate the nameConstraints of the issuing CA, and wolfSSL woul...

7CVSS0.00165EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/02 6:0 p.m.3 views

CVE-2026-5414

A security flaw has been discovered in Newgen OmniDocs up to 12.0.00. Affected by this issue is some unknown functionality of the file /omnidocs/WebApiRequestRedirection. The manipulation of the argument DocumentId results in improper control of resource identifiers. The attack may be performed...

6.9CVSS5.7AI score0.00315EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/02 3:31 p.m.18 views

Keycloak: Redirect URI validation bypass via ..;/ path traversal in OIDC auth endpoint

A flaw was found in Keycloak. This issue allows an attacker, who controls another path on the same web server, to bypass the allowed path in redirect Uniform Resource Identifiers URIs that use a wildcard. A successful attack may lead to the theft of an access token, resulting in information...

7.3CVSS5.8AI score0.0044EPSS
Exploits0References10Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/02 12:37 p.m.3 views

CVE-2026-4636

A flaw was found in Keycloak. An authenticated user with the umaprotection role can bypass User-Managed Access UMA policy validation. This allows the attacker to include resource identifiers owned by other users in a policy creation request, even if the URL path specifies an attacker-owned...

8.1CVSS5.8AI score0.00346EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/03/30 5:0 a.m.4 views

CVE-2026-5031

A vulnerability was found in BichitroGan ISP Billing Software 2025.3.20. Impacted is an unknown function of the file /?route=settings/users-view/ of the component Endpoint. The manipulation of the argument ID results in improper control of resource identifiers. The attack can be launched remotely...

5.3CVSS5.5AI score0.00226EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/29 6:31 a.m.3 views

EUVD-2026-16973

A vulnerability was found in BichitroGan ISP Billing Software 2025.3.20. Impacted is an unknown function of the file /?route=settings/users-view/ of the component Endpoint. The manipulation of the argument ID results in improper control of resource identifiers. The attack can be launched remotely...

5.3CVSS5.5AI score0.00226EPSS
Exploits0References5
NVD
NVD
added 2026/03/29 5:15 a.m.5 views

CVE-2026-5031

A vulnerability was found in BichitroGan ISP Billing Software 2025.3.20. Impacted is an unknown function of the file /?route=settings/users-view/ of the component Endpoint. The manipulation of the argument ID results in improper control of resource identifiers. The attack can be launched remotely...

5.3CVSS0.00226EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/29 4:30 a.m.2 views

CVE-2026-5031

A vulnerability was found in BichitroGan ISP Billing Software 2025.3.20. Impacted is an unknown function of the file /?route=settings/users-view/ of the component Endpoint. The manipulation of the argument ID results in improper control of resource identifiers. The attack can be launched remotely...

5.3CVSS5.5AI score0.00226EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/26 3:16 p.m.5 views

CVE-2026-31873

Unhead is a document head and template manager. Prior to 2.1.11, The link.href check in makeTagSafe safe.ts uses String.includes, which is case-sensitive. Browsers treat URI schemes case-insensitively. DATA:text/css,... is the same as data:text/css,... to the browser, but 'DATA:...'.includes'data...

6.1CVSS6AI score0.00237EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/03/24 12:0 a.m.11 views

sbt 操作系统命令注入漏洞

SBT is an open-source build tool for Scala, Java, and other languages. Prior to SBT 1.12.7, there was a vulnerability related to operating system command injection. This vulnerability stemmed from unvalidated user-controlled URI fragments, which could allow arbitrary commands to be executed on...

7.8CVSS6AI score0.00304EPSS
Exploits1References5
Hacker One
Hacker One
added 2026/03/22 4:50 a.m.12 views

AWS VDP: Encryption context keys and values logged at INFO level

Component: cmd/server/main.go:101-106 Affected Version: aws-encryption-provider @ 4341c70 all versions Found by: Source audit TLP: TLP:Amber --- Summary The server startup code logs all encryption context key-value pairs at INFO level. Encryption context is metadata associated with KMS operations...

5.9AI score
Exploits0
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.12 views

Sylius 安全漏洞

Sylius is an open-source e-commerce platform developed by the Polish company Sylius, based on the Symfony framework. There is a security vulnerability in Sylius, which stems from unvalidated resource IDs in multiple stores using LiveComponents. This vulnerability may lead to insecure direct objec...

7.1CVSS5.8AI score0.0029EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/09 8:2 a.m.4 views

CVE-2026-3693

A flaw has been found in Shy2593666979 AgentChat up to 2.3.0. This issue affects the function getuserinfo/updateuserinfo of the file /src/backend/agentchat/api/v1/user.py of the component User Endpoint. This manipulation of the argument userid causes improper control of resource identifiers. It i...

7.5CVSS5.4AI score0.00403EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/08 3:30 a.m.8 views

EUVD-2026-10201

A flaw has been found in Shy2593666979 AgentChat up to 2.3.0. This issue affects the function getuserinfo/updateuserinfo of the file /src/backend/agentchat/api/v1/user.py of the component User Endpoint. This manipulation of the argument userid causes improper control of resource identifiers. It i...

7.5CVSS6.7AI score0.00403EPSS
Exploits0References7
NVD
NVD
added 2026/03/08 1:15 a.m.7 views

CVE-2026-3693

A flaw has been found in Shy2593666979 AgentChat up to 2.3.0. This issue affects the function getuserinfo/updateuserinfo of the file /src/backend/agentchat/api/v1/user.py of the component User Endpoint. This manipulation of the argument userid causes improper control of resource identifiers. It i...

7.5CVSS0.00403EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/03/08 12:32 a.m.36 views

CVE-2026-3693 Shy2593666979 AgentChat User Endpoint user.py update_user_info resource injection

A flaw has been found in Shy2593666979 AgentChat up to 2.3.0. This issue affects the function getuserinfo/updateuserinfo of the file /src/backend/agentchat/api/v1/user.py of the component User Endpoint. This manipulation of the argument userid causes improper control of resource identifiers. It i...

7.5CVSS0.00403EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/03/08 12:0 a.m.14 views

PT-2026-23894

Name of the Vulnerable Software and Affected Versions Shy2593666979 AgentChat versions prior to 2.3.1 Description A flaw exists in Shy2593666979 AgentChat related to improper control of resource identifiers. The issue resides within the get user info/update user info function located in the...

7.5CVSS6.9AI score0.00403EPSS
Exploits0References14
RedhatCVE
RedhatCVE
added 2026/03/05 12:36 p.m.5 views

CVE-2025-11143

A flaw was found in org.eclipse.jetty. The Jetty URI parser handles invalid or unusual Uniform Resource Identifiers URIs differently compared to other common parsers. This discrepancy, known as differential parsing, can lead to security bypasses in systems that use multiple components to process...

6.5CVSS5.8AI score0.00159EPSS
Exploits0References4
Redos
Redos
added 2026/02/05 12:0 a.m.6 views

ROS-20260205-73-0024

A vulnerability in the sendemptyflush function of the Linux kernel dm driver is related to improper control of resource identifiers. Exploitation of the vulnerability could allow an attacker to violate data integrity and also cause a denial of service...

5.5CVSS7.1AI score0.00149EPSS
Exploits0
Rows per page
Query Builder