Lucene search
K

17074 matches found

CVE
CVE
added 2026/06/23 12:13 p.m.11 views

CVE-2026-56762

Hono CVE-2026-56762 affects Hono before 4.12.12, where cookie-name validation is missing on the write path in setCookie(), serialize(), and serializeSigned(). This allows invalid characters (e.g., control chars like \r/\n) in user-controlled cookie names, producing malformed Set-Cookie header val...

6.9CVSS5.9AI score0.00247EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/23 12:13 p.m.9 views

EUVD-2026-38443

Hono before 4.12.12 does not validate cookie names on the write path in the setCookie, serialize, and serializeSigned functions, allowing invalid characters such as control characters e.g. \r or \n when an application passes a user-controlled cookie name. This can produce malformed Set-Cookie...

6.9CVSS5.9AI score0.00247EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/23 12:13 p.m.9 views

CVE-2026-56762 Hono - Missing Cookie Name Validation in setCookie()

Hono before 4.12.12 does not validate cookie names on the write path in the setCookie, serialize, and serializeSigned functions, allowing invalid characters such as control characters e.g. \r or \n when an application passes a user-controlled cookie name. This can produce malformed Set-Cookie...

6.9CVSS5.9AI score0.00247EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/23 12:13 p.m.37 views

CVE-2026-56762 Hono - Missing Cookie Name Validation in setCookie()

Hono before 4.12.12 does not validate cookie names on the write path in the setCookie, serialize, and serializeSigned functions, allowing invalid characters such as control characters e.g. \r or \n when an application passes a user-controlled cookie name. This can produce malformed Set-Cookie...

6.9CVSS0.00247EPSS
Exploits0References2
Nuclei
Nuclei
added 2026/06/23 5:8 a.m.18 views

Oracle E-Business Suite - Server-Side Request Forgery

Vulnerability in the Oracle Configurator product of Oracle E-Business Suite component: Runtime UI. Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. id:...

7.5CVSS7.4AI score0.97582EPSS
Exploits6References5
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.10 views

PT-2026-51516

Name of the Vulnerable Software and Affected Versions Hono versions prior to 4.12.12 Description The software fails to validate cookie names within the setCookie, serialize, and serializeSigned functions. When an application uses a user-controlled cookie name, invalid characters such as control...

6.9CVSS5.8AI score0.00247EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.10 views

PT-2026-51609

Name of the Vulnerable Software and Affected Versions Caliptra Core Runtime Firmware versions 2.0.0 through 2.0.1 Caliptra Core Runtime Firmware version 2.1.0 Description An incorrect check of a function return value within the ActivateFirmwareCmd::activate fw modules allows the bypass of the...

7.2CVSS5.8AI score0.00155EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.6 views

PT-2026-51651

Name of the Vulnerable Software and Affected Versions Hubbell Aclara Metrum affected versions not specified Description The Cellular Web Interface contains a flaw where missing authentication allows unauthenticated attackers to manipulate critical device settings and disrupt operations. This issu...

8.7CVSS5.8AI score0.00726EPSS
Exploits0References12
NVD
NVD
added 2026/06/22 6:16 p.m.10 views

CVE-2026-54269

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 8.6.0 and 7.6.3, protobufjs accepted certain schema-derived names that could collide with properties used by protobufjs runtime helpers. The known affected names are fields named hasOwnProperty, field or oneof names...

5.3CVSS0.00238EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/22 5:32 p.m.6 views

Important: Red Hat Security Advisory: .NET 9.0 security update

An update for .NET 9.0 is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...

7.5CVSS5.9AI score0.0243EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/22 5:29 p.m.4 views

Security Bulletin: IBM SPSS Modeler is affected by multiple vulnerabilities in IBM Semeru Runtime

Summary IBM SPSS Modeler is affected by multiple vulnerabilities in IBM Semeru Runtime. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2026-22016 DESCRIPTION: Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...

7.5CVSS7.1AI score0.00702EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/22 5:21 p.m.8 views

Important: Red Hat Security Advisory: .NET 8.0 security update

An update for .NET 8.0 is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...

7.5CVSS5.9AI score0.0243EPSS
Exploits0References3
CVE
CVE
added 2026/06/22 4:23 p.m.14 views

CVE-2026-54269

CVE-2026-54269 affects protobufjs. Prior to versions 8.6.0 and 7.6.3 , schema-derived names could collide with runtime helper properties (e.g., fields named hasOwnProperty, names like $type, and rpcCall). When loaded schemas are used, protobufjs could read schema-controlled data where an own-prop...

5.3CVSS5.9AI score0.00238EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2026/06/22 4:23 p.m.30 views

CVE-2026-54269 protobufjs: Schema-derived names can shadow runtime-significant properties

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 8.6.0 and 7.6.3, protobufjs accepted certain schema-derived names that could collide with properties used by protobufjs runtime helpers. The known affected names are fields named hasOwnProperty, field or oneof names...

5.3CVSS0.00238EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/22 4:23 p.m.4 views

CVE-2026-54269

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 8.6.0 and 7.6.3, protobufjs accepted certain schema-derived names that could collide with properties used by protobufjs runtime helpers. The known affected names are fields named hasOwnProperty, field or oneof names...

5.3CVSS5.9AI score0.00238EPSS
Exploits0References2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/22 4:22 p.m.3 views

Security Bulletin: Multiple vulnerabilities affect CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition.

Summary Due to the use of IBM® Runtime Environment Java™, CICS Transaction Gateway Desktop Edition and CICS Transaction Gateway for Multiplatforms are vulnerable to multiple vulnerabilities. CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition have updated the...

8.7CVSS7.5AI score0.00702EPSS
Exploits1Affected Software2
ATTACKERKB
ATTACKERKB
added 2026/06/22 3:30 p.m.3 views

CVE-2026-54267

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, to optimize client-side bootstrap in Server-Side Rendered SSR environments, Angular supports Hydration via...

8.6CVSS5.8AI score0.00179EPSS
Exploits0References4Affected Software1
Wiz blog
Wiz blog
added 2026/06/22 1:21 p.m.26 views

Cloud-native Security for your Windows environment: Announcing the Wiz Runtime Sensor for Windows

Secure your Windows fleet without sacrificing performance. Wiz pairs real-time threat detection with a memory-safe architecture that scales efficiently to protect your essential cloud infrastructure...

5.5AI score
Exploits0
OSV
OSV
added 2026/06/22 12:0 p.m.5 views

MAL-2026-6311 Malicious code in @thymelab/logfx (npm)

@thymelab/logfx malicious version 2.15.5, published by [email protected] is a trojanized npm package belonging to the wshu.net credential-stealer campaign. The campaign published trojanized look-alike utility packages across 12+ scopes whose publisher accounts all follow the pattern...

6.1AI score
Exploits0References6
NVD
NVD
added 2026/06/22 10:16 a.m.15 views

CVE-2023-45796

A stored cross-site scripting vulnerability in the Runtime component of Pilz PASvisu before 1.14.1 and PMI v8xx up to and including 2.0.33992 allows a low-privileged remote unauthenticated attacker to manipulate process data with potential impact on integrity and/or availability...

8.1CVSS0.00349EPSS
Exploits0References1
Rows per page
Query Builder