Lucene search
+L

20208 matches found

cve
cve
added yesterday3 views

CVE-2026-62299

CoreDNS (rewrite plugin, edns0.go) prior to version 1.14.5 could panic when a downstream plugin returns a response with no OPT record. The code path in edns0.go dereferenced a DNS OPT without a nil check, triggered by a query matching a rewrite edns0 rule (local/nsid/subnet with set/append/replac...

5.3CVSS6.1AI score
Exploits0References4
euvd
euvd
added yesterday6 views

EUVD-2026-44921

HCL DFXAnalytics is affected by an Account Takeover via Response Manipulation vulnerability. A remote attacker can intercept and alter the contents of the server's HTTP responses before they reach the client application, allowing them to manipulate the authentication or authorization logic to...

5.5CVSS6.1AI score
Exploits0References1
cve
cve
added yesterday8 views

CVE-2026-56453

CVE-2026-56453 affects HCL DFXAnalytics and describes an account takeover via response manipulation. A remote attacker can intercept and alter server HTTP responses before they reach the client, enabling manipulation of authentication/authorization logic to bypass controls and gain unauthorized a...

5.5CVSS6.1AI score
Exploits0References1
cve
cve
added yesterday11 views

CVE-2026-35149

CVE-2026-35149 involves HCL DFXServer and describes an authentication bypass caused by server response manipulation. The vulnerability allows an unauthenticated attacker to gain access by intercepting and altering authentication responses, effectively bypassing verification. Reported CVSS-3.1 met...

8.2CVSS6.1AI score
Exploits0References1
nuclei
nuclei
added yesterday71 views

Reprise License Manager 14.2 - Cross-Site Scripting

Reprise License Manager 14.2 contains a cross-site scripting vulnerability in the /goform/activateprocess "count" parameter via GET. id: CVE-2021-45422 info: name: Reprise License Manager 14.2 - Cross-Site Scripting author: edoardottt severity: medium description: | Reprise License Manager 14.2...

6.1CVSS6.4AI score0.03241EPSS
Exploits3References5
nuclei
nuclei
added yesterday58 views

Emlog Pro v2.1.14 - Cross-Site Scripting

Cross Site Scripting XSS vulnerability in Emlog Pro v2.1.14 via /admin/store.php. id: CVE-2023-41621 info: name: Emlog Pro v2.1.14 - Cross-Site Scripting author: ritikchaddha severity: medium description: | Cross Site Scripting XSS vulnerability in Emlog Pro v2.1.14 via /admin/store.php. impact: ...

6.1CVSS6.4AI score0.01146EPSS
Exploits1References2
nuclei
nuclei
added yesterday118 views

CData API Server < 23.4.8844 - Path Traversal

A path traversal vulnerability exists in the Java version of CData API Server 23.4.8844 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain complete administrative access to the application. id: CVE-2024-31848 info: name: CData API Server...

9.8CVSS7.1AI score0.08151EPSS
Exploits1References5
nuclei
nuclei
added yesterday258 views

SuiteCRM - SQL Injection

SuiteCRM is an open-source Customer Relationship Management CRM software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in events response entry point allows for a SQL injection attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue. id: CVE-2024-36412 info: name: SuiteC...

10CVSS7.1AI score0.05692EPSS
Exploits1References2
nuclei
nuclei
added yesterday69 views

Dify User Enumeration via Observable Response Discrepancy

Dify is an open-source LLM app development platform. Prior to 1.9.0, responses from the Dify API to existing and non-existent accounts differ, allowing an attacker to enumerate email addresses registered with Dify. Version 1.9.0 fixes the issue. id: CVE-2026-28288 info: name: Dify User Enumeratio...

6.9CVSS6.1AI score0.00635EPSS
Exploits1References2
redhat
redhat
added yesterday4 views

kernel: smb: client: fix OOB reads parsing symlink error response

A flaw was found in the Linux kernel's Server Message Block SMB client. A remote, untrusted server could send a specially crafted symlink error response, leading to an out-of-bounds read vulnerability. This could result in the disclosure of sensitive information from the kernel's memory to a loca...

8.1CVSS6.7AI score0.00378EPSS
Exploits0References5
cvelist
cvelist
added yesterday22 views

CVE-2026-15013 SAML Single Sign On <= 5.4.3 - Unauthenticated Authentication Bypass via 'SAMLResponse' Parameter Signature Algorithm Confusion

The SAML Single Sign On – SSO Login plugin for WordPress is vulnerable to Authentication Bypass via SAML Signature Algorithm Confusion in all versions up to, and including, 5.4.3. The vulnerability exists because MoSAMLUtilities::mosamlcastkey reads the SignatureMethod Algorithm attribute directl...

9.8CVSS0.00304EPSS
Exploits0References7
ptsecurity
ptsecurity
added yesterday9 views

PT-2026-60459

Name of the Vulnerable Software and Affected Versions ubuntu-pro-client affected versions not specified Description An input validation and injection issue exists where the client constructs APT source files using data from the contract server response via the directives.suites and...

9CVSS6.5AI score
Exploits0References5
euvd
euvd
added 2 days ago5 views

EUVD-2026-44684

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpssimodule module. This vulnerability may exist when the Server-Side Includes SSI, proxypass, and proxybuffering off directives are configured. With this configuration, an unauthenticated attacker with man-in-the-middle MITM abili...

8.3CVSS6.1AI score0.00387EPSS
Exploits0References1
osv
osv
added 2 days ago5 views

RLSA-2026:39266 Important: git-lfs security update

Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME...

7.5CVSS7AI score0.00813EPSS
Exploits0References2
redhat
redhat
added 2 days ago6 views

undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery.

A flaw was found in undici. An attacker-controlled upstream server can exploit a vulnerability in Undici's HTTP/1.1 client, specifically related to response queue poisoning on reused keep-alive sockets. This allows the attacker to inject an unsolicited HTTP/1.1 response onto an idle socket...

3.7CVSS6.9AI score0.00228EPSS
Exploits0References7
euvd
euvd
added 2 days ago4 views

EUVD-2026-44639

PraisonAI before 1.6.78 contains a server-side request forgery vulnerability in the webcrawl tool that validates hostnames at check time but re-resolves them at connection time without IP pinning. Attackers can use DNS rebinding to bypass SSRF protection and retrieve internal HTTP response bodies...

8.5CVSS6.1AI score0.00205EPSS
Exploits0References2
redhatcve
redhatcve
added 2 days ago7 views

CVE-2026-10846

A flaw was found in ldns. When applications use ldns as a resolver over User Datagram Protocol UDP, it fails to properly match the query's destination address and port with the response's source address and port. Additionally, the query ID and question are not matched with the response. This...

8.2CVSS6.1AI score0.00147EPSS
Exploits0References4
euvd
euvd
added 2 days ago3 views

EUVD-2026-44531

HCL BigFix Platform is affected by a user enumeration vulnerability which might allow an attacker, through careful system control and response time monitoring, to perform some level of user enumeration for the BigFix service...

3.1CVSS6.1AI score0.00153EPSS
Exploits0References2
nvd
nvd
added 3 days ago4 views

CVE-2026-21840

HCL BigFix Platform is affected by a user enumeration vulnerability which might allow an attacker, through careful system control and response time monitoring, to perform some level of user enumeration for the BigFix service...

3.1CVSS0.00153EPSS
Exploits0References1
cvelist
cvelist
added 3 days ago33 views

CVE-2026-21840 HCL BigFix Platform is affected by a user enumeration vulnerability

HCL BigFix Platform is affected by a user enumeration vulnerability which might allow an attacker, through careful system control and response time monitoring, to perform some level of user enumeration for the BigFix service...

3.1CVSS0.00153EPSS
Exploits0References1
Rows per page
Query Builder