Lucene search
K

48561 matches found

Github Security Blog
Github Security Blog
added 2026/06/19 3:0 p.m.8 views

Entire CLI: Path traversal in checkpoint session metadata allows arbitrary file write during resume/rewind

Impact A path traversal vulnerability in Entire CLI allows an attacker with push access to the checkpoints repository to craft malicious checkpoint metadata that causes entire session resume or entire checkpoint rewind to write attacker-controlled transcript data outside of the expected session...

6.1AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 2:37 p.m.8 views

guzzlehttp/guzzle: Dot-Only Cookie Domains Match All Hosts

Impact CookieJar incorrectly accepts cookies with a dot-only Domain attribute, such as Domain=., Domain=.., Domain=..., and whitespace-padded variants such as Domain= . . In affected versions, SetCookie::matchesDomain removes leading dots from the cookie domain, normalizing dot-only values to the...

5.8CVSS5.9AI score0.00111EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/19 2:37 p.m.25 views

GHSA-CWXW-98QJ-8QJX guzzlehttp/guzzle: Dot-Only Cookie Domains Match All Hosts

Impact CookieJar incorrectly accepts cookies with a dot-only Domain attribute, such as Domain=., Domain=.., Domain=..., and whitespace-padded variants such as Domain= . . In affected versions, SetCookie::matchesDomain removes leading dots from the cookie domain, normalizing dot-only values to the...

5.8CVSS5.9AI score0.00111EPSS
Exploits0References2
NVD
NVD
added 2026/06/19 2:16 p.m.13 views

CVE-2026-48895

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Apache APISIX. The attacker could manipulate some client headers to perform an open-redirect, to potentially expose the session token. This issue affects Apache APISIX: from 3.0.0 through 3.16.0. Users are recommended to upgrade t...

7.2CVSS0.00409EPSS
Exploits0References2
OSV
OSV
added 2026/06/19 1:58 p.m.5 views

GHSA-C73Q-8XXR-RGQM Tilt: Missing authentication on the network-exposed Tilt HUD server

Summary The Tilt HUD HTTP server exposes state-changing and sensitive-read endpoints with no authentication. When the HUD is bound to a non-loopback address, a network attacker can trigger the developer's pre-defined Tiltfile resources, tamper with Tiltfile arguments, read full engine state...

9.2CVSS6AI score
Exploits0References4
CVE
CVE
added 2026/06/19 1:18 p.m.22 views

CVE-2026-49871

CVE-2026-49871 describes a Cross-Site Request Forgery (CSRF) vulnerability in the cas-auth plugin under default configurations in Apache APISIX versions 3.0.0–3.16.0. The issue allows a remote attacker who can lure a victim to a controlled webpage to cause the victim’s browser to become authentic...

9.3CVSS5.9AI score0.00261EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/19 1:18 p.m.33 views

CVE-2026-49871 Apache APISIX: cas-auth login CSRF / session injection issue

Cross-Site Request Forgery CSRF vulnerability in the cas-auth plugin under default configurations. This defect allows a remote attacker that manages to send a victim to a webpage controlled by them can cause the victim's browser to become authenticated as a different identity. Actions the victim...

2.1CVSS0.00261EPSS
Exploits0References1
CVE
CVE
added 2026/06/19 1:17 p.m.10 views

CVE-2026-47341

CVE-2026-47341 describes an authentication bypass in Apache APISIX due to a capture-replay flaw in the hmac-auth configuration. The issue allows an attacker to reuse a token indefinitely, bypassing expiry, with affected versions 3.11.0 through 3.16.0. The advisory recommends upgrading to 3.17.0, ...

6.5CVSS5.8AI score0.0043EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/19 1:16 p.m.30 views

CVE-2026-48895 Apache APISIX: Cas-auth Host header influence on CAS service URL

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Apache APISIX. The attacker could manipulate some client headers to perform an open-redirect, to potentially expose the session token. This issue affects Apache APISIX: from 3.0.0 through 3.16.0. Users are recommended to upgrade t...

2.1CVSS0.00409EPSS
Exploits0References1
CVE
CVE
added 2026/06/19 1:16 p.m.11 views

CVE-2026-48895

CVE-2026-48895 describes an open redirect in Apache APISIX (affected versions 3.0.0–3.16.0). The issue allows manipulation of certain client headers to redirect to an untrusted site, with potential exposure of session tokens. The advisory recommends upgrading to version 3.17.0, which contains the...

7.2CVSS5.8AI score0.00409EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/19 1:16 p.m.7 views

EUVD-2026-38023

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Apache APISIX. The attacker could manipulate some client headers to perform an open-redirect, to potentially expose the session token. This issue affects Apache APISIX: from 3.0.0 through 3.16.0. Users are recommended to upgrade t...

2.1CVSS5.8AI score0.00409EPSS
Exploits0References1
CVE
CVE
added 2026/06/19 1:10 p.m.10 views

CVE-2026-47339

CVE-2026-47339 affects Apache APISIX (authz-casdoor plugin). Under default configuration, it allows an attacker to authenticate using credentials from a different source, indicating an incorrect authorization vulnerability across versions 2.14.1 through 3.16.0. The risk is described as high (per ...

8.1CVSS5.9AI score0.00285EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/19 1:10 p.m.31 views

CVE-2026-47339 Apache APISIX: authz-casdoor incorrect session sharing

Incorrect Authorization vulnerability in Apache APISIX. An attacker can capitalise on authz-casdoor plugin under default configuration to authenticate themselves with credentials from a different source. This issue affects Apache APISIX: from 2.14.1 through 3.16.0. Users are recommended to upgrad...

5.3CVSS0.00285EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.9 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: ksmbd: The issue related to “slab-use-after-free” in smb3preauthhashrsp has been fixed. The function ksmbdusersessionput should be called under smb3preauthhashrsp. This will prevent freeing a session before calling...

7.8CVSS6.7AI score0.00243EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

A use-after-free vulnerability was discovered in iscsiswtcpsessioncreate in drivers/scsi/iscsitcp.c within the SCSI sub-component of the Linux kernel. This flaw allows an attacker to access internal kernel information...

5.5CVSS6.7AI score0.00249EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: ksmbd: Fixed a use-after-free issue in multi-channel connections. There is a race condition between the session setup process and the ksmbdsessionsderegister function. The session can be freed before the connection is added to...

8.8CVSS6.3AI score0.00571EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Firefox, Thunderbird

A use-after-free might have occurred when an HTTP2 session object was released on a different thread, resulting in memory corruption and potentially exploitable crashes. This vulnerability affects Firefox 93, Thunderbird 91.3, and Firefox ESR 91.3...

8.8CVSS8.1AI score0.0111EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fixed the race condition issue caused by session lookup and expiration. The session reference count was incremented within the lock during the lookup operation, thereby avoiding the race condition related to session...

8.1CVSS6.2AI score0.00449EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: smb: client: fix double-free of TCPServerInfo::hostname When shutting down the server in cifsputtcpsession, the cifsd thread might reconnect to multiple DFS targets before realizing that it should exit the loop. As a result,...

5.5CVSS6.4AI score0.002EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: can: j1939: fix errant WARNONONCE in j1939sessiondeactivate The statement “j1939sessiondeactivate should be called with a session ref-count of at least 2” is incorrect. In some concurrent scenarios, j1939sessiondeactivate can be...

5.5CVSS6.2AI score0.00226EPSS
Exploits0References2
Rows per page
Query Builder