Lucene search
K

27019 matches found

Cvelist
Cvelist
added 2026/03/13 8:48 p.m.32 views

CVE-2026-32627 cpp-httplib has a Silent TLS Certificate Verification Bypass on HTTPS Redirect via Proxy

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.37.2, when a cpp-httplib client is configured with a proxy and setfollowlocationtrue, any HTTPS redirect it follows will have TLS certificate and hostname verification silently disabled on the new...

8.7CVSS0.00179EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/13 8:36 p.m.5 views

CVE-2026-3559

Philips Hue Bridge HomeKit Accessory Protocol Static Nonce Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Philips Hue Bridge. Authentication is not required to exploit this vulnerability. The specific...

8.1CVSS5.9AI score0.00396EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/03/13 7:55 p.m.5 views

CVE-2026-32745

In JetBrains Datalore before 2026.1 session hijacking was possible due to missing secure attribute for cookie settings...

6.3CVSS0.00102EPSS
Exploits0References1
OSV
OSV
added 2026/03/13 7:54 p.m.3 views

DEBIAN-CVE-2026-23943

Improper Handling of Highly Compressed Data Compression Bomb vulnerability in Erlang OTP ssh sshtransport modules allows Denial of Service via Resource Depletion. The SSH transport layer advertises legacy zlib compression by default and inflates attacker-controlled payloads pre-authentication...

5.3CVSS7.3AI score0.00644EPSS
Exploits0References1
Metasploit
Metasploit
added 2026/03/13 6:57 p.m.239 views

FreePBX filestore authenticated command injection

This module exploits an authenticated command injection vulnerability CVE-2025-64328 in the FreePBX filestore module. The filestore module allows administrators to configure remote file storage backends SSH, FTP, etc. for backup and file management purposes. The vulnerability exists in the SSH...

8.6CVSS6.1AI score0.84417EPSS
Exploits4
CVE
CVE
added 2026/03/13 3:50 p.m.11 views

CVE-2026-32745

JetBrains Datalore is affected prior to version 2026.1. The vulnerability arises from missing the Secure attribute on cookie settings, enabling session hijacking. No exploit details are provided in the documents. Affected product: JetBrains Datalore; root cause: cookie security attribute misconfi...

6.3CVSS5.8AI score0.00102EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/13 3:50 p.m.3 views

CVE-2026-32745

In JetBrains Datalore before 2026.1 session hijacking was possible due to missing secure attribute for cookie settings...

6.3CVSS5.8AI score0.00102EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2026/03/13 1:38 p.m.8 views

Storm-2561 Spreads Trojan VPN Clients via SEO Poisoning to Steal Credentials

Microsoft has disclosed details of a credential theft campaign that employs fake virtual private network VPN clients distributed through search engine optimization SEO poisoning techniques. "The campaign redirects users searching for legitimate enterprise software to malicious ZIP files on...

5.9AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/03/13 9:11 a.m.3 views

CVE-2026-23943

Improper Handling of Highly Compressed Data Compression Bomb vulnerability in Erlang OTP ssh sshtransport modules allows Denial of Service via Resource Depletion. The SSH transport layer advertises legacy zlib compression by default and inflates attacker-controlled payloads pre-authentication...

6.9CVSS5.8AI score0.00644EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/03/13 9:11 a.m.5 views

EEF-CVE-2026-23943 Pre-auth SSH DoS via unbounded zlib inflate

Summary Improper Handling of Highly Compressed Data Compression Bomb vulnerability in Erlang OTP ssh ssh\transport modules allows Denial of Service via Resource Depletion. The SSH transport layer advertises legacy zlib compression by default and inflates attacker-controlled payloads...

6.9CVSS7.2AI score0.00644EPSS
Exploits0References6
OSV
OSV
added 2026/03/13 9:11 a.m.8 views

EEF-CVE-2026-23942 SFTP root escape via component-agnostic prefix check in ssh_sftpd

Summary Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP sshsftpd module allows Path Traversal. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl and program routines sshsftpd:iswithinroot/2. The SFTP server uses...

5.3CVSS5.8AI score0.00363EPSS
Exploits0References6
ICS
ICS
added 2026/03/13 12:30 a.m.7 views

ABB AWIN Gateways

SUMMARY ABB became aware of vulnerability in the products versions listed as affected in the advisory. An update is available that resolves the reported vulnerabilities. AWIN gateways are not intended to be internet-facing. An attacker who successfully exploited this vulnerability could take...

5.8AI score
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/03/13 12:0 a.m.6 views

PT-2026-25323

CVE-2026-32745 In JetBrains Datalore before 2026.1 session hijacking was possible due to missing secure attribute for cookie settings https://t.co/5G9cZc08Tr...

6.3CVSS5.8AI score0.00102EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/13 12:0 a.m.5 views

PT-2026-25165

Name of the Vulnerable Software and Affected Versions Erlang OTP versions 17.0 through 28.4.1 Erlang OTP versions 26.2.5.18 through 27.3.4.9 Description An issue exists in Erlang OTP ssh ssh transport modules that allows for Denial of Service via Resource Depletion. The SSH transport layer, by...

9.4CVSS7.3AI score0.00644EPSS
Exploits0References56
Packet Storm News
Packet Storm News
added 2026/03/13 12:0 a.m.2 views

Defensible Design for OpenClaw: Securing Autonomous Tool-Invoking Agents

OpenClaw-like agents offer substantial productivity benefits, yet they are insecure by default because they combine untrusted inputs, autonomous action, extensibility, and privileged system access within a single execution loop. We use OpenClaw as an exemplar of a broader class of agents that...

6AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/03/13 12:0 a.m.8 views

PT-2026-25164

Name of the Vulnerable Software and Affected Versions Erlang OTP versions 17.0 through 28.4.1 Erlang OTP versions 26.2.5.18 through 27.3.4.9 Description An improper limitation of a pathname to a restricted directory, specifically a 'Path Traversal' issue, exists in the Erlang OTP ssh sftpd module...

9.4CVSS7.2AI score0.00644EPSS
Exploits0References55
CNNVD
CNNVD
added 2026/03/13 12:0 a.m.9 views

Angular 跨站脚本漏洞

Angular is an open-source development platform created by Angular. It is used to build mobile and desktop web applications using TypeScript/JavaScript and other languages. Versions of Angular prior to 22.0.0-next.3, 21.2.4, 20.3.18, and 19.2.20 have a cross-site scripting vulnerability. This...

9CVSS5.8AI score0.00339EPSS
Exploits0References5
Packet Storm
Packet Storm
added 2026/03/13 12:0 a.m.131 views

📄 FreePBX Filestore Authenticated Command Injection

This Metasploit module exploits an authenticated command injection vulnerability in the FreePBX filestore module. The filestore module allows administrators to configure remote file storage backends SSH, FTP, etc. for backup and file management purposes. The vulnerability exists in the SSH driver...

8.6CVSS5.9AI score0.84417EPSS
Exploits4
ATTACKERKB
ATTACKERKB
added 2026/03/12 6:27 p.m.14 views

CVE-2026-3497

Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the OpenSSH upstream project itself. The usage of sshpktdisconnect on an error, which does not terminate the...

6.9CVSS6AI score0.0218EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/12 3:30 p.m.4 views

EUVD-2026-11581

A vulnerability allowing a low-privileged user to extract saved SSH credentials...

7.7CVSS5.8AI score0.00401EPSS
Exploits0References2
Rows per page
Query Builder