Lucene search
K

7 matches found

Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.25 views

PT-2026-38406

Name of the Vulnerable Software and Affected Versions Vercel CLI versions 50.16.0 through 52.0.0 Description When running in non-interactive mode via the --non-interactive flag or auto-detected AI agent, commands that cannot complete autonomously emit JSON payloads containing suggested follow-up...

5.5CVSS5.8AI score0.0016EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/06 11:16 p.m.7 views

axonflow-sdk-typescript: Webhook signing-key (HMAC-SHA256) not exposed by SDK type, preventing signature verification

Summary The AxonFlow SDK's WebhookSubscription or equivalent type did not expose the HMAC-SHA256 signing key returned by the platform's CreateWebhook endpoint. Without access to the secret through the typed SDK API, callers had no path to verify the X-AxonFlow-Signature header on incoming webhook...

5.8AI score
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/04 12:0 a.m.3 views

PT-2026-30322

Name of the Vulnerable Software and Affected Versions @hapi/content versions through 6.0.0 Description @hapi/content is susceptible to Regular Expression Denial of Service ReDoS through crafted HTTP header values. Three regular expressions used to parse Content-Type and Content-Disposition header...

8.7CVSS5.3AI score0.00413EPSS
Exploits0References208
NVD
NVD
added 2026/02/26 12:16 a.m.10 views

CVE-2026-27812

Sub2API is an AI API gateway platform designed to distribute and manage API quotas from AI product subscriptions. A vulnerability in versions prior to 0.1.85 is a Password Reset Poisoning Host Header / Forwarded Header trust issue, which allows attackers to manipulate the password reset link...

9.3CVSS0.00245EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/10/17 12:0 a.m.2 views

PT-2024-7207 · Microsoft · Edge

Name of the Vulnerable Software and Affected Versions: Microsoft Edge Chromium-based versions prior to 129.0.2792.52 Description: The issue is related to a use-after-free vulnerability in Microsoft Edge, which is based on Chromium. This vulnerability can be exploited by a remote attacker to execu...

6.1CVSS7.7AI score0.00518EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2024/04/30 12:0 a.m.6 views

PT-2024-3316 · Aruba · Arubaos

Name of the Vulnerable Software and Affected Versions: ArubaOS versions 8.10 through 10.5 Description: The issue is related to a buffer overflow vulnerability in the Utility daemon, which could lead to unauthenticated remote code execution by sending specially crafted packets to the PAPI UDP port...

9.8CVSS9.1AI score0.43998EPSS
Exploits0References17
Cvelist
Cvelist
added 2020/11/11 3:45 p.m.31 views

CVE-2020-15275 malicious SVG attachment causing stored XSS vulnerability in MoinMoin

MoinMoin is a wiki engine. In MoinMoin before version 1.9.11, an attacker with write permissions can upload an SVG file that contains malicious javascript. This javascript will be executed in a user's browser when the user is viewing that SVG file on the wiki. Users are strongly advised to upgrad...

8.7CVSS9.1AI score0.01725EPSS
Exploits1References4
Rows per page
Query Builder