Lucene search
+L

630 matches found

Snyk
Snyk
added 2026/06/18 1:1 p.m.4 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the processing of user-supplied URLs in outgoing HTTP components, including notification channels, OIDC backchannel logout, and SAML metadata fetches. An attacker can access internal network resources...

4.2CVSS6AI score0.00252EPSS
Exploits0References2
Circl
Circl
added 2026/06/18 10:1 a.m.11 views

CVE-2026-8024

creationtimestamp| type| source ---|---|--- 2026-06-18 10:01:16+00:00| seen| https://infosec.exchange/users/certvde/statuses/116770529327887486 2026-06-18 10:01:32+00:00| seen| https://bsky.app/profile/certvde.infosec.exchange.ap.brid.gy/post/3mokl2y64ikr2 2026-06-18 12:19:34+00:00| seen|...

9.8CVSS5.8AI score0.00553EPSS
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/16 7:30 p.m.14 views

Malicious code in pretie_x2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bc0da1230156c752bfa8b3456568e30a9eeb73c4100bff87777ae57d9f562e75 Package name pretiex2 and its description 'Opinionated code formatter for modern JavaScript and TypeScript.' with keywords including prettier...

5.8AI score
Exploits0References6
OSV
OSV
added 2026/06/16 6:5 p.m.4 views

CVE-2026-53859 OpenClaw < 2026.5.26 - Hostname Validation Bypass via Trailing-Dot Inconsistency

OpenClaw before 2026.5.26 contains a hostname validation vulnerability allowing attackers to bypass blocklist comparisons using trailing-dot notation in model or workspace-derived URLs. Attackers can exploit inconsistent hostname checks to reach destinations that operators intended to block throu...

6CVSS6AI score0.0021EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.15 views

PT-2026-51506

Name of the Vulnerable Software and Affected Versions Crawl4AI versions prior to 0.8.7 Description A stored cross-site scripting issue exists in the monitor dashboard. The application renders crawl URLs and error messages using innerHTML without proper escaping. This allows an attacker to submit ...

8.8CVSS5.6AI score0.00195EPSS
Exploits0References30
NVD
NVD
added 2026/06/15 4:16 p.m.11 views

CVE-2026-8683

Mattermost Desktop App versions =6.1 5.5.13.0 fail to account for attempting to open extremely long URLs in the Mattermost Desktop App which allows a malicious server owner to crash the application via including a script to call window.open on a very large URL. Mattermost Advisory ID:...

6.5CVSS0.00199EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 2:6 p.m.12 views

EUVD-2026-36732

Mattermost Desktop App versions =6.1 5.5.13.0 fail to account for attempting to open extremely long URLs in the Mattermost Desktop App which allows a malicious server owner to crash the application via including a script to call window.open on a very large URL. Mattermost Advisory ID:...

6.5CVSS5.2AI score0.00199EPSS
Exploits0References1
OSV
OSV
added 2026/06/15 2:6 p.m.4 views

CVE-2026-8683 Overly long URLs crash the Mattermost Desktop App

Mattermost Desktop App versions =6.1 5.5.13.0 fail to account for attempting to open extremely long URLs in the Mattermost Desktop App which allows a malicious server owner to crash the application via including a script to call window.open on a very large URL. Mattermost Advisory ID:...

6.5CVSS6AI score0.00199EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/13 12:34 a.m.12 views

EUVD-2026-36628

Capgo before 12.128.2 fails to delete previously uploaded profile images from backend storage when users replace or remove them. Attackers can access orphaned image files through previously generated URLs, allowing unauthorized retrieval of user-uploaded content...

5.3CVSS5.2AI score0.00183EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/12 9:57 p.m.34 views

CVE-2026-53867 Capgo < 12.128.2 - Orphaned File Retention via Profile Image Replacement

Capgo before 12.128.2 fails to delete previously uploaded profile images from backend storage when users replace or remove them. Attackers can access orphaned image files through previously generated URLs, allowing unauthorized retrieval of user-uploaded content...

5.3CVSS0.00183EPSS
Exploits0References2
NVD
NVD
added 2026/06/11 6:16 p.m.13 views

CVE-2026-46698

Fediverse Embeds embeds fediverse posts on WordPress sites. Prior to version 1.5.9, Fediverse Embeds registered the unauthenticated AJAX action wpajaxnoprivftfgetsiteinfo includes/SiteInfo.php that verified a nonce ftf-fediverse-embeds-nonce and then called filegethtml$siteurl on the...

5.3CVSS0.00229EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/11 1:58 p.m.15 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS7.7AI score0.00728EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.18 views

PT-2026-48410

Name of the Vulnerable Software and Affected Versions Ghidra versions prior to 12.1 Description On Windows, improper escaping of cmd.exe metacharacters in URL annotation handling allows for command injection. This occurs when malicious URLs are embedded in program comments; if a user clicks these...

8.4CVSS5.7AI score0.00503EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/09 3:51 a.m.14 views

EUVD-2026-35343

Due to incorrect host parsing, applications that rely on UriComponentsBuilder to parse and validate an externally provided URL string may be exposed to a server-side request forgery SSRF attack. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18...

4.2CVSS5.5AI score0.00123EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.20 views

PT-2026-47665

Name of the Vulnerable Software and Affected Versions Spring Framework versions 7.0.0 through 7.0.7 Spring Framework versions 6.2.0 through 6.2.18 Description Incorrect host parsing in the UriComponentsBuilder component may allow applications that use it to parse and validate externally provided...

6.5CVSS5.7AI score0.00123EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.21 views

WordPress plugin FastPicker 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.3AI score0.00124EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:37 p.m.9 views

CVE-2026-3471

Mattermost Desktop App versions =6.1 6.0.1 5.4.13.0 fail to prevent an invalid URL from loading in a pop-up window in the Mattermost Desktop App which allows a malicious server owner to repeated crash the application via calling window.open'javascript:alert';. Mattermost Advisory ID: MMSA-2026-00...

6.5CVSS5.5AI score0.00184EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:14 p.m.10 views

CVE-2026-40621

ELECOM wireless LAN access point devices do not require authentication to access some specific URLs. The affected product may be operated without authentication...

9.8CVSS7.7AI score0.00491EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/06/05 3:16 a.m.17 views

SUSE CVE-2026-10805

A flaw was found in NetworkManager. This local privilege escalation vulnerability exists in NetworkManager's dhclient backend when processing malformed Manufacturer Usage Description MUD URLs. A local user can exploit this flaw to escalate privileges by triggering a script via a crafted MUD URL,...

6.7CVSS5.7AI score0.00118EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.13 views

SAMSUNG Members 安全漏洞

Samsung Members is a community platform app developed by South Korea’s Samsung Corporation. Versions of Samsung Members prior to 5.8.01.5 contained security vulnerabilities. These vulnerabilities were due to improper input validation, which could allow local attackers to use Samsung Members...

7.1CVSS5.5AI score0.00105EPSS
Exploits0References1
Rows per page
Query Builder