Lucene search
+L

9812 matches found

Nuclei
Nuclei
added 8 hours ago9 views

Rclone RC - Broken Access Control

Rclone = 1.45.0 and = 1.45.0 and 1.73.5 contains a broken access control vulnerability caused by unauthenticated access to the RC endpoint options/set allowing mutation of global runtime configuration, letting unauthenticated attackers access sensitive administrative functions, exploit requires R...

9.8CVSS5.2AI score0.34734EPSS
Exploits1References2
OSV
OSV
added yesterday5 views

ROOT-OS-UBUNTU-2404-CVE-2022-49940 CVE-2022-49940 in rootio-linux - Patched by Root

Root has patched CVE-2022-49940 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

5.5CVSS7.6AI score0.0019EPSS
Exploits0
NVD
NVD
added 3 days ago6 views

CVE-2026-48795

AdonisJS is a TypeScript-first web framework. From 10.1.3 until 10.1.5 and 11.0.3, AdonisJS @adonisjs/bodyparser incompletely fixed CVE-2026-25754 because nested multipart field payloads such as user.proto.polluted and constructor.prototype still caused lodash .set via @poppinss/utils to create...

8.6CVSS0.0054EPSS
Exploits0References5
Cvelist
Cvelist
added 3 days ago36 views

CVE-2026-48795 Incomplete fix for CVE-2026-25754 in @adonisjs/bodyparser

AdonisJS is a TypeScript-first web framework. From 10.1.3 until 10.1.5 and 11.0.3, AdonisJS @adonisjs/bodyparser incompletely fixed CVE-2026-25754 because nested multipart field payloads such as user.proto.polluted and constructor.prototype still caused lodash .set via @poppinss/utils to create...

8.6CVSS0.0054EPSS
Exploits0References5
OSV
OSV
added 3 days ago4 views

UBUNTU-CVE-2026-42618

In NTFS-3G through 2026.2.25, a heap buffer overflow exists in ntfsdecompress in compress.c that allows an attacker to corrupt one byte of heap memory in the SUID-root ntfs-3g binary by crafting a malicious NTFS image. The overflow is triggered by reading the special crafted file...

6.2AI score
Exploits0References3
RedHat Linux
RedHat Linux
added 3 days ago6 views

undici: undici: Weakening of cookie SameSite policy due to incorrect parsing of Set-Cookie header

A flaw was found in undici. When undici processes Set-Cookie headers, it incorrectly interprets the SameSite attribute, accepting partial matches instead of exact ones. This allows a malicious server to downgrade a cookie's SameSite policy to a less secure setting, potentially leading to unintend...

3.7CVSS6.9AI score0.00248EPSS
Exploits0References6
CVE
CVE
added 4 days ago8 views

CVE-2026-15694

The CVE covers Tenda BE12 Pro (v16.03.66.23). A stack-based overflow exists in the SetIpBind function (fromSetIpBind) when processing the argument page of /goform/SetIpBind. This vulnerability can be triggered remotely, and public exploits are reported. The impact is consistent with a high-severi...

9CVSS7.5AI score0.00796EPSS
Exploits0References6
CVE
CVE
added 4 days ago12 views

CVE-2026-15076

Vulnerability context: CVE-2026-15076 affects Eclipse Vert.x Web Client’s WebClientSession (versions up to 4.5.29 and 5.1.4). The issue is that the Domain attribute of a Set-Cookie header is not validated against the originating server’s domain. Root cause: WebClientSession stores cookies without...

8.2CVSS6.1AI score0.00157EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 4 days ago8 views

EUVD-2026-43637

In versions up to and including 4.5.29 4.x branch and 5.1.4 5.x branch, the WebClientSession component of Eclipse Vert.x Web Client does not validate that the Domain attribute of a Set-Cookie response header matches the originating server's domain, in violation of RFC 6265 section 5.3. An attacke...

8.2CVSS6.1AI score0.00157EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago28 views

CVE-2026-15076

In versions up to and including 4.5.29 4.x branch and 5.1.4 5.x branch, the WebClientSession component of Eclipse Vert.x Web Client does not validate that the Domain attribute of a Set-Cookie response header matches the originating server's domain, in violation of RFC 6265 section 5.3. An attacke...

8.2CVSS0.00157EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 4 days ago4 views

CVE-2026-15076

In versions up to and including 4.5.29 4.x branch and 5.1.4 5.x branch, the WebClientSession component of Eclipse Vert.x Web Client does not validate that the Domain attribute of a Set-Cookie response header matches the originating server's domain, in violation of RFC 6265 section 5.3. An attacke...

8.2CVSS6.1AI score0.00157EPSS
Exploits0References2Affected Software1
OSV
OSV
added 4 days ago3 views

CVE-2026-15076

In versions up to and including 4.5.29 4.x branch and 5.1.4 5.x branch, the WebClientSession component of Eclipse Vert.x Web Client does not validate that the Domain attribute of a Set-Cookie response header matches the originating server's domain, in violation of RFC 6265 section 5.3. An attacke...

8.2CVSS6.1AI score0.00157EPSS
Exploits0References4
NVD
NVD
added 4 days ago12 views

CVE-2026-44770

SAP Create Single Payment does not perform necessary authorization checks for an authenticated user, a restricted user could access specific entity set keys resulting in disclosure of information. This has low impact on confidentiality, with no impact on integrity and availability of the...

4.3CVSS0.00168EPSS
Exploits0References2
EUVD
EUVD
added 4 days ago4 views

EUVD-2026-43553

A weakness has been identified in antv layout 2.0.0. This impacts the function setNestedValue in the library lib/util/object.js. Executing a manipulation of the argument path can lead to improperly controlled modification of object prototype attributes. The attack can be launched remotely. The...

6.5CVSS6.5AI score0.00313EPSS
Exploits0References6
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-43594

SAP Create Single Payment does not perform necessary authorization checks for an authenticated user, a restricted user could access specific entity set keys resulting in disclosure of information. This has low impact on confidentiality, with no impact on integrity and availability of the...

4.3CVSS6.1AI score0.00168EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-44770 Missing Authorization check in SAP S/4 HANA (Create Single Payment)

SAP Create Single Payment does not perform necessary authorization checks for an authenticated user, a restricted user could access specific entity set keys resulting in disclosure of information. This has low impact on confidentiality, with no impact on integrity and availability of the...

4.3CVSS0.00168EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 4 days ago2 views

openSUSE 16 Security Update : python-Django (openSUSE-SU-2026:21313-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:21313-1 advisory. Changes in python-Django: - CVE-2026-48588: Potential exposure of private data via cached Set-Cookie response bsc1271029 - CVE-2026-53877: Heap...

6.3CVSS6.8AI score0.00375EPSS
Exploits0References9
NVD
NVD
added 5 days ago5 views

CVE-2026-15598

A weakness has been identified in antv layout 2.0.0. This impacts the function setNestedValue in the library lib/util/object.js. Executing a manipulation of the argument path can lead to improperly controlled modification of object prototype attributes. The attack can be launched remotely. The...

6.5CVSS0.00313EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 5 days ago9 views

openssl: Heap Use-After-Free in OpenSSL PKCS7_verify()

A flaw was found in OpenSSL. When processing a specially crafted PKCS7 or S/MIME Secure/Multipurpose Internet Mail Extensions signed message, a heap use-after-free vulnerability in the PKCS7verify function can be triggered. This occurs if the SignedData digestAlgorithms field is present as an emp...

8.8CVSS7AI score0.02719EPSS
Exploits0References4
CVE
CVE
added 5 days ago50 views

CVE-2026-13221

CVE-2026-13221 affects Perl versions through 5.43.9. When an alternation of more than 65,535 fixed-string branches is compiled into a trie in Perl_study_chunk, the 16‑bit delta between the first branch and the shared tail overflows. The trie’s match decision table is truncated with no warning, pr...

9.1CVSS6.1AI score0.00606EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder