Lucene search
+L

5045 matches found

Vulnrichment
Vulnrichment
added yesterday5 views

CVE-2026-12283 SQL injection in Amazon Athena Synapse connector

Amazon Athena is a serverless, interactive query service that lets you analyze data directly in Amazon S3 using standard SQL. Athena Query Federation is a feature that allows you to connect to data sources outside of Amazon S3 like DynamoDB, Azure Synapse, and custom connectors using standard SQL...

6.8CVSS6AI score
Exploits0References3
Github Security Blog
Github Security Blog
added yesterday6 views

plone.restapi: Stored XSS by spoofing mime type

Impact A stored XSS affecting RichText fields. RichTextValue.output returns the raw, unsanitized stored value whenever the stored mimeType equals the outputMimeType. Because the safe-HTML output type text/x-html-safe is the type that signifies "already sanitized", any value whose stored mimeType...

5.5AI score
Exploits0References3Affected Software1
CVE
CVE
added yesterday9 views

CVE-2026-16015

The CVE-2026-16015 affects poco-ai poco-claw up to version 0.5.4, impacting the executor_manager API: specifically the create_task function in executor_manager/app/api/v1/tasks.py. The vulnerability allows manipulation that leads to missing authentication, with public exploits reported. A fix is ...

6.3CVSS5.9AI score
Exploits0References13
ATTACKERKB
ATTACKERKB
added yesterday5 views

CVE-2026-16008

A security vulnerability has been detected in sagold json-schema-library 11.5.0/11.5.1. This impacts the function parsePropertyDependencies of the file src/keywords/propertyDependencies.ts. The manipulation leads to improperly controlled modification of object prototype attributes. The attack can...

6.5CVSS5AI score
Exploits0References9Affected Software1
Nuclei
Nuclei
added yesterday60 views

XWiki Platform - Information Disclosure

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 6.1-milestone-2 through 16.10.6, configuration files are accessible through the webjars API. id: CVE-2025-55747 info: name: XWiki Platform - Information Disclosure author: Redmomn...

9.3CVSS8.3AI score0.01557EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday17 views

Dgraph <= 25.3.2 - Admin Token Disclosure

Dgraph = 25.3.2 contains an information disclosure caused by unauthenticated access to the /debug/vars endpoint , which publishes the cmdline variable including the --security token= flag, letting unauthenticated remote attackers retrieve the admin token and access admin-only endpoints, exploit...

9.8CVSS5.3AI score0.02187EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2 days ago4 views

Linux Distros Unpatched Vulnerability : CVE-2026-59083

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Handling of URL Encoding Hex Encoding vulnerability in Apache Tomcat's rewrite valve allowed security constraint bypass for some configurations. This...

9.1CVSS5.4AI score0.00376EPSS
Exploits0References3
OSV
OSV
added 3 days ago4 views

GHSA-74J5-XF3V-CRQ8 dd-trace-go: Improper parsing of W3C baggage headers may lead to DoS

Impact Datadog tracing libraries that implement W3C baggage propagation parse incoming baggage HTTP headers without enforcing item-count or byte-size limits on the extract path. The DDTRACEBAGGAGEMAXITEMS default 64 and DDTRACEBAGGAGEMAXBYTES default 8192 limits were applied only to baggage...

7.5CVSS6.1AI score0.00106EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 3 days ago11 views

dd-trace-js: Improper parsing of W3C baggage headers may lead to DoS

Impact Datadog tracing libraries that implement W3C baggage propagation parse incoming baggage HTTP headers without enforcing item-count or byte-size limits on the extract path. The DDTRACEBAGGAGEMAXITEMS default 64 and DDTRACEBAGGAGEMAXBYTES default 8192 limits were applied only to baggage...

7.5CVSS6.1AI score0.00106EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 3 days ago12 views

websocket-driver: Message corruption via abuse of protocol length headers

Impact The frame format in draft versions of the WebSocket protocol includes a length header that allows an arbitrarily large integer to be encoded as a sequence of bytes with the high bit set. By sending an indefinite sequence of bytes with values 0x80 or above, a client can make the server pars...

9.2CVSS6AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 3 days ago9 views

websocket-driver: Memory exhaustion in HTTP header parser

Impact If this library is used to implement a WebSocket server on top of a TCP server rather than an HTTP server or framework using the WebSocket::Driver.server method, or, if it is used to complement a WebSocket client, then a peer can make a single connection consume an unbounded amount of memo...

6.3CVSS6AI score
Exploits0References5Affected Software1
OSV
OSV
added 3 days ago5 views

GHSA-8J3G-F24P-4MPW websocket-driver: Memory exhaustion in HTTP header parser

Impact If this library is used to implement a WebSocket server on top of a TCP server rather than an HTTP server or framework using the WebSocket::Driver.server method, or, if it is used to complement a WebSocket client, then a peer can make a single connection consume an unbounded amount of memo...

6.3CVSS6AI score
Exploits0References5
RedhatCVE
RedhatCVE
added 3 days ago5 views

CVE-2026-47737

A flaw was found in Puma, a Ruby/Rack web server. When setremoteaddress proxyprotocol: :v1 is enabled and persistent connections are used, Puma incorrectly re-parses PROXY protocol headers after each keep-alive request on the same connection. This allows a remote attacker to inject a second PROXY...

7.5CVSS6.1AI score0.00177EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 3 days ago9 views

PT-2026-60381

Name of the Vulnerable Software and Affected Versions websocket-driver versions prior to 0.7.5 Description The frame format in draft versions of the WebSocket protocol contains a length header that allows an arbitrarily large integer to be encoded as a sequence of bytes with the high bit set. A...

9.2CVSS5.2AI score
Exploits0References6
NVD
NVD
added 4 days ago5 views

CVE-2026-15643

AWS HealthLake MCP Server awslabs.healthlake-mcp-server is a Model Context Protocol server that enables AI assistants to interact with AWS HealthLake FHIR datastores. A server-side request forgery in the pagination handling component in AWS awslabs.healthlake-mcp-server before 0.0.14 on all...

9.2CVSS0.0022EPSS
Exploits0References2
OSV
OSV
added 4 days ago3 views

CVE-2026-15702 tamagui config.ts updateConfig prototype pollution

A security vulnerability has been detected in tamagui up to 2.3.0. This affects the function updateConfig of the file code/core/web/src/config.ts. Such manipulation leads to improperly controlled modification of object prototype attributes. The attack may be performed from remote. Upgrading to...

5.3CVSS6.3AI score0.00337EPSS
Exploits0References10
CVE
CVE
added 4 days ago11 views

CVE-2026-12707

CVE-2026-12707 affects Cloudflare quiche. After QUIC handshakes, an attacker can trigger unbounded queuing of PathEvent::ReusedSourceConnectionId during rapid source address migration, causing memory resource exhaustion. Affected component is quiche’s PathEvents collection (path_event_next() drai...

7.5CVSS6.1AI score0.00252EPSS
Exploits0References1
OSV
OSV
added 4 days ago3 views

SUSE-SU-2026:2976-1 Security update for afterburn

This update for afterburn fixes the following issues Update to version 5.10.0.git73.b97f772. Security issues fixed: - CVE-2026-41676: openssl: Deriver:derive and PkeyCtxRef:derive can overflow short buffers on OpenSSL 1.1.1 bsc1270175. - CVE-2026-41677: openssl: out-of-bounds read in PEM password...

9.3CVSS6.2AI score0.00559EPSS
Exploits1References19
CVE
CVE
added 5 days ago21 views

CVE-2026-58065

The CVE affects the Apache Airflow Git provider when performing git-over-SSH operations with StrictHostKeyChecking=no, which disables SSH host-key verification and enables MITM risk between an Airflow worker and the Git server. Deployments that clone over SSH using a deploy key or involve the Git...

8.1CVSS6.1AI score0.00461EPSS
Exploits0References3Affected Software1
RedHat Linux
RedHat Linux
added 5 days ago6 views

Important: Red Hat Security Advisory: go-toolset:rhel8 security, bug fix, and enhancement update

An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.6CVSS6.2AI score0.00939EPSS
Exploits0References5
Rows per page
Query Builder