Lucene search
K

1326 matches found

Cvelist
Cvelist
added 2 days ago27 views

CVE-2026-55638 9router: Unauthenticated LLM proxy access via /codex rewrite authorization bypass

9Router is an AI router & token saver. Prior to 0.5.2, 9router protects /v1, /v1beta, /api/v1, and /api/v1beta in src/dashboardGuard.js but omits /codex before next.config.mjs rewrites /codex/ to /api/v1/responses. A remote unauthenticated attacker can send requests to /codex/ to bypass the API-k...

8.6CVSS0.00372EPSS
Exploits0References3
CVE
CVE
added 4 days ago18 views

CVE-2026-59731

Astro 6.4.7 contains an authorization bypass due to improper handling of partially decoded pathnames after the iterative URL decoder limit, with an additional decodeURI() during rewrite route matching that can lead to accessing a protected route. The issue affects 6.4.7 and is fixed in 6.4.8. The...

8.2CVSS6AI score0.00267EPSS
Exploits0References4
Cvelist
Cvelist
added 4 days ago35 views

CVE-2026-59731 Astro 6.4.7 Authorization Bypass via Decode Iteration Limit and Rewrite Path Canonicalization Mismatch

Astro is a web framework for content-driven websites. Version 6.4.7 performs authorization decisions on a partially decoded pathname after reaching the iterative URL decoder limit, while later rewrite route matching performs an additional decodeURI operation and can resolve the request to a...

8.2CVSS0.00267EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 4 days ago6 views

Important: Red Hat Security Advisory: kernel update

An update for kernel is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

8.8CVSS6.2AI score0.00129EPSS
Exploits2References4
NVD
NVD
added 4 days ago10 views

CVE-2026-13127

The application opens the PDF file. JavaScript then rewrites the document to modify the page structure, resulting in the invalidation of the page objects. However, the thumbnails still use the invalid page objects, ultimately causing the application to crash...

7.8CVSS0.00116EPSS
Exploits0References1
OSV
OSV
added 6 days ago5 views

BIT-TOMCAT-2026-53404 Apache Tomcat: Bad ornext processing in RewriteValve

Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat's rewrite valve meant that if the first condition in an OR chain matched, subsequent non-OR conditions were skipped. This issue affects Apache Tomcat: from 11.0.0 through 11.0.22, from 10.1.0 through 10.1.55, from 9.0.0...

7.3CVSS5.9AI score0.00413EPSS
Exploits0References3
NVD
NVD
added 6 days ago9 views

CVE-2025-15667

A vulnerability was determined in GPAC up to 2.5-DEV. This vulnerability affects the function gfisomnalusamplerewrite of the file src/isomedia/avcext.c of the component MP4Box. This manipulation of the argument naluoutbs causes double free. It is possible to launch the attack on the local host. T...

4.8CVSS0.00112EPSS
Exploits0References8
EUVD
EUVD
added 6 days ago6 views

EUVD-2025-210429

A vulnerability was determined in GPAC up to 2.5-DEV. This vulnerability affects the function gfisomnalusamplerewrite of the file src/isomedia/avcext.c of the component MP4Box. This manipulation of the argument naluoutbs causes double free. It is possible to launch the attack on the local host. T...

4.8CVSS5.4AI score0.00112EPSS
Exploits0References8
Cvelist
Cvelist
added 6 days ago35 views

CVE-2025-15667 GPAC MP4Box avc_ext.c gf_isom_nalu_sample_rewrite double free

A vulnerability was determined in GPAC up to 2.5-DEV. This vulnerability affects the function gfisomnalusamplerewrite of the file src/isomedia/avcext.c of the component MP4Box. This manipulation of the argument naluoutbs causes double free. It is possible to launch the attack on the local host. T...

4.8CVSS0.00112EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 6 days ago6 views

CVE-2025-15667

A vulnerability was determined in GPAC up to 2.5-DEV. This vulnerability affects the function gfisomnalusamplerewrite of the file src/isomedia/avcext.c of the component MP4Box. This manipulation of the argument naluoutbs causes double free. It is possible to launch the attack on the local host. T...

4.8CVSS5.4AI score0.00112EPSS
Exploits0References8
CVE
CVE
added 6 days ago14 views

CVE-2025-15667

GPAC MP4Box contains a vulnerability in gf_isom_nalu_sample_rewrite (src/isomedia/avc_ext.c) that can cause a double free. The issue affects GPAC up to 2.5-DEV and enables a local-attack where an attacker manipulates nalu_out_bs. Public exploit details exist. A patch named f29f955f2a3b5e8e507caad...

4.8CVSS5.4AI score0.00112EPSS
Exploits0References8
OSV
OSV
added 2026/07/01 6:9 p.m.2 views

SUSE-SU-2026:2724-1 Security update for python-python-dotenv

This update for python-python-dotenv fixes the following issue: - CVE-2026-28684: follow symbolic links when rewriting .env files bsc1262423...

6.6CVSS6AI score0.00236EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/06/30 3:1 a.m.11 views

CVE-2026-53404

A flaw was found in Apache Tomcat's rewrite valve. This vulnerability involves an incorrect control flow implementation where, during the processing of rewrite rules, if the first condition in an OR chain matched, subsequent non-OR conditions were unexpectedly skipped. This can lead to unintended...

7.3CVSS5.7AI score0.00413EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-53404

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat's rewrite valve meant that if the first condition in an OR chain matched, subsequent...

7.3CVSS6AI score0.00413EPSS
Exploits0References4
OSV
OSV
added 2026/06/29 9:16 p.m.5 views

DEBIAN-CVE-2026-53404

Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat's rewrite valve meant that if the first condition in an OR chain matched, subsequent non-OR conditions were skipped. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...

7.3CVSS5.7AI score0.00413EPSS
Exploits0References1
NVD
NVD
added 2026/06/29 9:16 p.m.21 views

CVE-2026-53404

Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat's rewrite valve meant that if the first condition in an OR chain matched, subsequent non-OR conditions were skipped. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...

7.3CVSS0.00413EPSS
Exploits0References2
CVE
CVE
added 2026/06/29 8:39 p.m.87 views

CVE-2026-53404

Apache Tomcat vulnerability CVE-2026-53404 describes an Always-Incorrect Control Flow in the RewriteValve. If the first condition in an OR chain matches, subsequent non-OR conditions may be skipped, altering rule evaluation. Affected versions include Tomcat 11.0.0-M1–11.0.22, 10.1.0-M1–10.1.55, 9...

7.3CVSS5.7AI score0.00413EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/29 8:39 p.m.5 views

CVE-2026-53404

Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat's rewrite valve meant that if the first condition in an OR chain matched, subsequent non-OR conditions were skipped. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...

5.7AI score0.00413EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2026/06/29 8:39 p.m.6 views

CVE-2026-53404

Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat's rewrite valve meant that if the first condition in an OR chain matched, subsequent non-OR conditions were skipped. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...

7.3CVSS5.7AI score0.00413EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/29 8:39 p.m.49 views

CVE-2026-53404 Apache Tomcat: Bad ornext processing in RewriteValve

Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat's rewrite valve meant that if the first condition in an OR chain matched, subsequent non-OR conditions were skipped. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...

0.00413EPSS
Exploits0References1
Rows per page
Query Builder