Lucene search
K

596 matches found

EUVD
EUVD
added 19 hours ago8 views

EUVD-2026-43267

A vulnerability was detected in kLOsk adloop up to 0.9.0. This vulnerability affects the function validateurls of the file src/adloop/ads/write.py. Performing a manipulation of the argument finalurl results in server-side request forgery. The attack may be initiated remotely. The exploit is now...

6.5CVSS6.4AI score
Exploits0References8
SUSE CVE
SUSE CVE
added 6 days ago9 views

SUSE CVE-2026-6734

Impact: When using Socks5ProxyAgent, undici reuses a single connection pool across different origins without verifying that the pool's origin matches the requested origin. All requests are dispatched through the pool connected to the first origin, regardless of the intended destination. This caus...

8.8CVSS5.9AI score0.00358EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/02 8:31 p.m.12 views

EUVD-2026-37811

Steeltoe's env sanitizer misses connection strings — leaks embedded DB passwords...

7.5CVSS5.8AI score0.00185EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/02 8:30 p.m.11 views

EUVD-2026-37806

Steeltoe.Discovery.Eureka: Unrecognized DataCenterInfo.Name poisons entire registry fetch...

7.5CVSS5.8AI score0.00339EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.6 views

Axis Communications AXIS OS Path Traversal (CVE-2024-0067)

A researcher in the AXIS OS Bug Bounty Program has found that the VAPIX API ledlimit.cgi was vulnerable for path traversal attacks allowing to list folder/file names on the local file system of the Axis device. Axis has released patched AXIS OS versions for this flaw. This plugin only works with...

4.3CVSS5.9AI score0.0038EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.7 views

Axis Communications AXIS OS Improper Validation of Specified Type of Input (CVE-2024-47261)

A researcher in the AXIS OS Bug Bounty Program has found that the VAPIX API uploadoverlayimage.cgi did not have sufficient input validation to allow an attacker to upload files to block access to create image overlays in the web interface of the Axis device. Axis has released patched AXIS OS...

4.3CVSS5.9AI score0.00347EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/06/29 1:22 p.m.7 views

CVE-2026-13676

fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to canonicalize Unicode IDN hostnames for HTTP-family URLs. The IDN conversion path calls a helper that does not exist on the global URL constructor, silently leaving the host in its original Unicode form while normalize and equal still return...

7.5CVSS5.8AI score0.00274EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2026/06/26 8:51 p.m.12 views

semantic-router exposed to compromised litellm wheel (CVE-2026-42208) via unbounded transitive pin

Impact semantic-router versions 0.1.8 through 0.1.14 declare litellm=1.61.3 with no upper bound. During the window in which litellm==1.82.8 was the latest release on PyPI, a fresh install of any affected semantic-router version could resolve to that compromised wheel. The malicious litellm==1.82....

9.8CVSS6.2AI score0.86607EPSS
Exploits7References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/24 8:21 p.m.6 views

CVE-2023-54365

A flaw was found in Traefik's HTTP/2 request handling. A remote attacker can exploit this vulnerability by rapidly creating and canceling HTTP/2 streams. This can exhaust server resources, leading to a denial of service DoS and making the service unavailable to legitimate users. This issue is...

8.7CVSS5.9AI score0.00566EPSS
Exploits0References5
CVE
CVE
added 2026/06/19 8:23 p.m.61 views

CVE-2026-48794

CVE-2026-48794 affects Authelia (versions 4.36.0–4.39.19). A domain canonicalization edge case can cause an access control rule to be skipped when it should match a request, under very specific conditions involving forwarded authorization, multi-segment subdomains (e.g., a.b.example.com vs exampl...

2.3CVSS5.8AI score0.00283EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/19 2:34 p.m.12 views

EUVD-2026-37758

undici vulnerable to Set-Cookie SameSite attribute downgrade via permissive substring matching...

3.7CVSS5.8AI score0.00248EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/19 2:20 p.m.11 views

undici vulnerable to cross-origin request routing via SOCKS5 proxy pool reuse

Impact When using Socks5ProxyAgent, undici reuses a single connection pool across different origins without verifying that the pool's origin matches the requested origin. All requests are dispatched through the pool connected to the first origin, regardless of the intended destination. This cause...

8.8CVSS6.4AI score0.00358EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/06/18 2:28 p.m.8 views

GHSA-PR7R-676H-XCF6 undici vulnerable to cross-user information disclosure via shared cache whitespace bypass

Impact Undici's cache interceptor incorrectly classifies some responses as cacheable when the upstream Cache-Control header uses whitespace-padded qualified private or no-cache field names such as private=" authorization" or no-cache="\tauthorization". The parser preserves the surrounding...

5.9CVSS5.3AI score0.00374EPSS
Exploits0References4
CVE
CVE
added 2026/06/17 9:46 p.m.29 views

CVE-2026-50201

CVE-2026-50201: Steeltoe's sensitive actuators (heapdump, environment, thread dump) default to EndpointPermissions.Restricted in Steeltoe.Management.Endpoint (pre-4.2.0) and Steeltoe.Management.EndpointCore (pre-3.4.0), mapping to CF read_basic_data. Sensitive endpoints are not upgraded to Endpoi...

6.5CVSS5.2AI score0.00231EPSS
Exploits0References3
NVD
NVD
added 2026/06/17 6:18 p.m.18 views

CVE-2026-9697

Impact: undici's ProxyAgent silently drops the requestTls option when configured with a SOCKS5 proxy URI socks5:// or socks://. The target HTTPS connection through the SOCKS5 tunnel falls back to Node's default trust store, ignoring user-configured ca, cert, key, rejectUnauthorized, and servernam...

7.4CVSS0.00476EPSS
Exploits0References14
OSV
OSV
added 2026/06/17 5:31 p.m.1 views

CVE-2026-11525 undici vulnerable to Set-Cookie SameSite attribute downgrade via permissive substring matching

Impact: When undici parses a Set-Cookie header, it accepts any SameSite attribute value that contains Strict, Lax, or None as a substring, rather than the case-insensitive exact match specified by RFC 6265. Non-spec values are silently mapped to one of the three standard tokens. For example,...

3.7CVSS7.2AI score0.00248EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/17 4:36 p.m.29 views

CVE-2026-6734 undici vulnerable to cross-origin request routing via SOCKS5 proxy pool reuse

Impact: When using Socks5ProxyAgent, undici reuses a single connection pool across different origins without verifying that the pool's origin matches the requested origin. All requests are dispatched through the pool connected to the first origin, regardless of the intended destination. This caus...

7.5CVSS0.00358EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.21 views

PT-2026-50565

Name of the Vulnerable Software and Affected Versions Steeltoe.Management.Endpoint versions prior to 4.2.0 Steeltoe.Management.EndpointCore versions prior to 3.4.0 Description Steeltoe actuator endpoints default to EndpointPermissions.Restricted, which maps to Cloud Foundry's read basic data...

6.5CVSS5.8AI score0.00231EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.14 views

PT-2026-50515

Name of the Vulnerable Software and Affected Versions undici versions prior to 7.28.0 undici versions prior to 8.5.0 Description The cache interceptor incorrectly classifies certain responses as cacheable when the upstream Cache-Control header contains whitespace-padded qualified private or...

5.9CVSS7AI score0.00374EPSS
Exploits0References96
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.20 views

PT-2026-50176

Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.25.7 n8n versions prior to 2.26.2 Description An authenticated user with permissions to create or modify workflows can provide crafted parameters to the TimescaleDB and legacy Postgres v1 nodes. This allows arbitrary SQ...

9.9CVSS6.2AI score0.00394EPSS
Exploits0References6
Rows per page
Query Builder