Lucene search
K

2508 matches found

EUVD
EUVD
added yesterday4 views

EUVD-2026-44716

A vulnerability in Cisco Identity Services Engine ISE and Cisco ISE Passive Identity Connector ISE-PIC could allow an authenticated, remote attacker to perform path traversal attacks on the underlying operating system to either read or delete arbitrary files. To exploit this vulnerability, the...

5.5CVSS6.2AI score
Exploits0References1
Nuclei
Nuclei
added yesterday81 views

DATAGERRY - REST API Auth Bypass

Incorrect access control in BECN DATAGERRY v2.2 allows attackers to execute arbitrary commands via crafted web requests. id: CVE-2024-46627 info: name: DATAGERRY - REST API Auth Bypass author: gy741 severity: critical description: | Incorrect access control in BECN DATAGERRY v2.2 allows attackers...

9.1CVSS6.3AI score0.04099EPSS
Exploits0References5
CVE
CVE
added 2 days ago22 views

CVE-2026-47767

CVE-2026-47767 consolidates multiple disclosures of CVE-2024-50340: the vulnerability stems from a mismatch between parse_str()-built $_GET and web SAPI argv parsing when register_argc_argv=On, allowing crafted GET requests to flip APP_ENV/APP_DEBUG via SymfonyRuntime::getInput. Affected implemen...

9.8CVSS6.1AI score0.00328EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2 days ago6 views

CVE-2026-58478

Sustainable Irrigation Platform SIP through version 5.2.16 contains a server-side request forgery SSRF vulnerability that allows unauthenticated attackers to make the device issue arbitrary HTTP requests by supplying a malicious callback URL when the optional Node-RED plugin is installed. Attacke...

6.5CVSS0.00261EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2 days ago6 views

PT-2026-58075

Name of the Vulnerable Software and Affected Versions FortiOS versions 7.4.0 through 7.4.1 FortiOS versions 7.2.x FortiPAM versions 1.0 through 1.8.2 FortiProxy versions 7.4.0 through 7.4.13 FortiProxy versions 7.2.x Description A stack-based buffer overflow occurs when a privileged authenticated...

6.6CVSS6.5AI score0.00603EPSS
Exploits0References3
OSV
OSV
added 6 days ago5 views

CVE-2026-55671 ZITADEL: Server-Side Request Forgery (SSRF) and Denylist Bypass in Outgoing HTTP Components

ZITADEL is an open source identity management platform. From 4.0.0-rc.1 through 4.15.1, ZITADEL's HTTP notification channels, OIDC BackChannel Logout, and SAML metadata URL fetches do not consistently validate user-defined URLs against protected denylist handling, allowing server-side requests to...

2.3CVSS6.1AI score0.00252EPSS
Exploits0References5
CVE
CVE
added last week11 views

CVE-2026-58123

Technical details (affected version 0.51.788, exploit steps, impact) are not publicly available in the provided documents. Monitor for updates.

9.8CVSS6.8AI score0.00928EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added last week6 views

CVE-2025-3110

A flaw in OpenVPN Access Server allows remote attackers to smuggle HTTP requests when the server operates behind a reverse proxy. The issue stems from the server accepting unstandardized bare line-feed sequences in HTTP headers. Mitigation To mitigate this issue, ensure that any reverse proxy...

7.5CVSS6AI score0.00259EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/07/08 6:28 p.m.3 views

micrometer-core: micrometer-jetty11: micrometer-jetty12: Micrometer: Denial of Service via specially crafted HTTP requests

A flaw was found in Micrometer. A remote attacker can provide specially crafted HTTP requests, which may lead to a denial-of-service DoS condition. This vulnerability allows an attacker to disrupt the availability of the affected system...

7.5CVSS5.9AI score0.00623EPSS
Exploits0References5
CVE
CVE
added 2026/07/06 8:9 a.m.12 views

CVE-2026-48206

Apache Camel JIRA: A vulnerability allows an unauthenticated HTTP client to bypass input validation by supplying non-Camel header names (IssueKey, ProjectKey, IssueTransitionId, etc.) that flow into jira: producers. This lets the attacker potentially drive JIRA operations (delete/transition issue...

5.3CVSS6.1AI score0.00349EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2026/07/02 12:3 a.m.5 views

io.quarkus:quarkus-vertx-http: io.quarkus:quarkus-vertx-http: Authorization bypass via semicolons in HTTP requests

A flaw was found in io.quarkus:quarkus-vertx-http. A remote attacker can exploit an authorization bypass vulnerability by including semicolons, also known as matrix parameters, in HTTP requests. This allows bypassing path-based HTTP security policies, enabling unauthorized access to protected...

8.8CVSS6AI score0.00444EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/07/02 12:3 a.m.8 views

react-server-dom-webpack: react-server-dom-parcel: reactreact-server-dom-turbopack: React Server Components: Denial of Service via specially crafted HTTP requests

A flaw was found in React Server Components. A remote attacker can exploit this vulnerability by sending specially crafted HTTP requests to Server Function endpoints. This can lead to a Denial of Service DoS, causing server crashes, out-of-memory exceptions, or excessive CPU usage, thereby...

7.5CVSS7.3AI score0.02499EPSS
Exploits0References6
NVD
NVD
added 2026/06/30 9:16 p.m.7 views

CVE-2025-36319

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to cause a temporary denial using a specially crafted HTTP request due to improper allocation of resource throttling...

4.3CVSS0.00431EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.7 views

PT-2026-53959

Name of the Vulnerable Software and Affected Versions IBM Langflow OSS versions 1.0.0 through 1.9.6 Description An authenticated attacker can perform a Server-Side Request Forgery SSRF, which occurs when a server is tricked into making requests to an unintended location. The issue exists because...

8.2CVSS6AI score0.00199EPSS
Exploits0References6
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/26 6:37 p.m.3 views

Security Bulletin: IBM Terracotta is affected by a Micrometer vulnerability that could allow Denial of Service (Dos) attacks

Summary IBM Terracotta uses Micrometer, a popular Java library used in Spring applications, for application monitoring within the product. Vulnerability Details CVEID:CVE-2026-40983 DESCRIPTION: In Micrometer, it is possible for a user to provide specially crafted gRPC requests that may cause a...

7.5CVSS5.8AI score0.00623EPSS
Exploits0Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 6:9 p.m.5 views

CVE-2026-53945

Ghost is a Node.js content management system. From 6.0.9 until 6.21.1, Ghost’s private-IP check for outbound HTTP requests could be bypassed via DNS rebinding, allowing an attacker to coerce the Ghost server into reaching hosts on internal networks through features that issue external fetches. Th...

4CVSS5.9AI score0.0014EPSS
Exploits0References2Affected Software1
The Hacker News
The Hacker News
added 2026/06/22 4:29 p.m.20 views

29-Year-Old Squid Proxy Bug 'Squidbleed' Can Leak Cleartext HTTP Requests

A heap over-read in the Squid web proxy can leak another user's cleartext HTTP request, including any credentials or session tokens it carries, to anyone already allowed to send traffic through the same proxy. The bug traces to a 1997 FTP-parsing change and is still live in Squid's default...

6.2AI score
Exploits0
NVD
NVD
added 2026/06/19 12:16 a.m.12 views

CVE-2026-40624

Improper input validation in AVer PTC500S, PTC115, PTC500+, and PTC115+ cameras may allow a remote, unauthenticated attacker to achieve arbitrary code execution via a specially crafted web request...

9.8CVSS0.00616EPSS
Exploits0References2
CVE
CVE
added 2026/06/18 11:54 p.m.74 views

CVE-2026-40624

CVE-2026-40624 affects AVer PTC cameras: PTC500S, PTC115, PTC500+, and PTC115+. The advisory states that improper input validation in these devices may allow a remote, unauthenticated attacker to achieve arbitrary code execution via a specially crafted web request. The CVSS metrics indicate a CRI...

9.8CVSS5.8AI score0.00616EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/18 11:54 p.m.8 views

CVE-2026-40624

Improper input validation in AVer PTC500S, PTC115, PTC500+, and PTC115+ cameras may allow a remote, unauthenticated attacker to achieve arbitrary code execution via a specially crafted web request...

9.8CVSS5.8AI score0.00616EPSS
Exploits0References3
Rows per page
Query Builder