Lucene search
K

2577 matches found

The Hacker News
The Hacker News
added 3 hours ago11 views

Microsoft Maps Three Salesforce Attack Paths Tied to a Year of ShinyHunters Activity

Attackers whose methods line up with the data-extortion group ShinyHunters have spent the past year walking into corporate Salesforce environments without exploiting a single flaw in the platform. The way in has been the trust the organization had already extended, usually through the OAuth...

6.1AI score
Exploits0
Nuclei
Nuclei
added yesterday123 views

Langflow AI <= 1.6.9 - CORS Misconfiguration

Langflow AI versions 1.6.9 and earlier are vulnerable to a CORS misconfiguration that allows any origin to make credentialed requests. Combined with SameSite=None cookies, this enables cross-origin token theft and subsequent remote code execution via the /api/v1/validate/code endpoint. id:...

9.4CVSS7.5AI score0.7889EPSS
Exploits3References3
NVD
NVD
added 5 days ago6 views

CVE-2026-31985

When the upstream Guardian or CMC was configured in the Remote Collector via n2os-tui, the generated configuration disabled TLS certificate verification, and no option was provided to enable it. A malicious actor could perform a man-in-the-middle attack and intercept the communication between the...

8.3CVSS0.00121EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-42535

When the upstream Guardian or CMC was configured in the Remote Collector via n2os-tui, the generated configuration disabled TLS certificate verification, and no option was provided to enable it. A malicious actor could perform a man-in-the-middle attack and intercept the communication between the...

8.3CVSS6AI score0.00121EPSS
Exploits0References1
CVE
CVE
added last week37 views

CVE-2026-46354

Summary: A PKCS#7 signature bypass in Coder (Coder v2 before patches) allows unauthenticated token theft via Azure instance identity. The issue stems from azureidentity.Validate() validating only the signer certificate chain, not the signature itself, enabling forged PKCS#7 envelopes containing a...

9.1CVSS6.1AI score0.0026EPSS
Exploits0References8Affected Software1
OSV
OSV
added last week5 views

CVE-2026-46354 Coder: PKCS#7 signature bypass in Azure instance identity allows unauthenticated agent token theft

Coder allows organizations to provision remote development environments via Terraform. In versions prior tp 2.24.5, 2.29.13, 2.30.8, 2.31.12, 2.32.2, and 2.33.3, azureidentity.Validate verifies that the PKCS7 signer certificate chains to a trusted Azure CA but never verifies the PKCS7 signature...

9.1CVSS6.1AI score0.0026EPSS
Exploits0References10
NVD
NVD
added 2026/07/07 4:17 a.m.9 views

CVE-2026-34198

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the TrustProxies middleware trusts all proxies $proxies = '', accepting X-Forwarded-Host from any source. The TrustHosts middleware, intended to prevent host header attacks...

5.3CVSS0.00139EPSS
Exploits0References4
CVE
CVE
added 2026/07/07 3:1 a.m.10 views

CVE-2026-34198

CVE-2026-34198 concerns Coolify prior to 4.0.0-beta.471. The vulnerability stems from TrustProxies trusting all proxies and accepting X-Forwarded-Host from any source, combined with a circular dependency in TrustHosts that prevents host validation. As a result, when a password reset is requested,...

5.3CVSS6AI score0.00139EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/07 3:1 a.m.5 views

EUVD-2026-41984

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the TrustProxies middleware trusts all proxies $proxies = '', accepting X-Forwarded-Host from any source. The TrustHosts middleware, intended to prevent host header attacks...

5.3CVSS6AI score0.00139EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/07/02 6:15 a.m.10 views

CVE-2026-13323

A flaw was found in Open VSX Registry. The /vscode/unpkg/ endpoint serves user-supplied HTML files with a Content-Type of text/html without Content-Security-Policy or Content-Disposition: attachment response headers. An attacker with a registered publisher account can upload a VSIX containing a...

8.7CVSS5.6AI score0.0019EPSS
Exploits1References5
NVD
NVD
added 2026/07/01 12:16 p.m.6 views

CVE-2026-13323

In Open VSX Registry before 1.0.2, the /vscode/unpkg/ endpoint serves user-supplied HTML files with Content-Type: text/html and without a Content-Security-Policy or Content-Disposition: attachment response header. An unauthenticated attacker can register a publisher account, upload a VSIX...

8.7CVSS0.0019EPSS
Exploits1References2
Snyk
Snyk
added 2026/06/29 7:29 p.m.5 views

Sensitive Cookie Without "HttpOnly" Flag

Overview Affected versions of this package are vulnerable to Sensitive Cookie Without "HttpOnly" Flag via missing HttpOnly and Secure attributes on the pinpointJwt session cookie. An attacker can access session tokens by exploiting stored or reflected cross-site scripting to exfiltrate the cookie...

7.6CVSS5.9AI score0.00126EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/26 5:23 p.m.35 views

CVE-2026-47775 Envoy OAuth2 Filter: Padding Oracle via AES-256-CBC Cookie Decryption

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, the OAuth2 HTTP filter's encrypt/decrypt functions use AES-256-CBC without an authentication tag no HMAC, no AEAD. The /callback endpoint returns HTTP 302 on...

6.8CVSS0.00219EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/06/26 5:23 p.m.6 views

CVE-2026-47775

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, the OAuth2 HTTP filter's encrypt/decrypt functions use AES-256-CBC without an authentication tag no HMAC, no AEAD. The /callback endpoint returns HTTP 302 on...

6.8CVSS5.9AI score0.00219EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/06/26 5:23 p.m.22 views

CVE-2026-47775

Envoy OAuth2 filter vulnerability (CVE-2026-47775): prior to versions 1.35.11, 1.36.7, 1.37.3, and 1.38.1, the encrypt()/decrypt() path uses AES-256-CBC without an authentication tag (no HMAC/AEAD), enabling a padding oracle via the /callback endpoint. An attacker with the encrypted CodeVerifier ...

6.8CVSS5.9AI score0.00219EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/06/25 10:34 p.m.5 views

GO-2026-5737 Authorizer: Password reset token theft and full auth token redirect via unvalidated redirect_uri in github.com/authorizerdev/authorizer

Authorizer: Password reset token theft and full auth token redirect via unvalidated redirecturi in github.com/authorizerdev/authorizer...

5.8AI score
Exploits0References4
Snyk
Snyk
added 2026/06/25 6:43 p.m.4 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the PKCS7 signature verification process for Azure instance identity. An attacker can obtain agent tokens without authentication by bypassing signature validation. Remediation Upgrade...

9.3CVSS5.8AI score0.0026EPSS
Exploits0References3
OSV
OSV
added 2026/06/25 6:43 p.m.3 views

GO-2026-5196 Coder: PKCS#7 signature bypass in Azure instance identity allows unauthenticated agent token theft in github.com/coder/coder

Coder: PKCS7 signature bypass in Azure instance identity allows unauthenticated agent token theft in github.com/coder/coder...

9.1CVSS5.8AI score0.0026EPSS
Exploits0References8
NVD
NVD
added 2026/06/25 5:16 p.m.7 views

CVE-2026-54030

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.5, LibreChat's MCP OAuth implementation does not validate that the resource parameter from OAuth Protected Resource metadata RFC 9728 matches the configured MCP server URL, allowing a malicious MCP server to...

9.3CVSS0.00113EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/06/25 4:7 p.m.13 views

CVE-2026-55412

ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI agents. Prior to 3.20.178-lts, there's an SSRF in the RestAPI data source component. The RestAPI data source executes HTTP requests server-side, and its private IP filter only...

8.3CVSS5.9AI score0.00193EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder