Lucene search
+L

2516 matches found

CNNVD
CNNVD
added 2026/05/12 12:0 a.m.10 views

Fortinet FortiDeceptor 参数注入漏洞

Fortinet FortiDeceptor is a network threat detection platform developed by the American company Fortinet. This platform primarily exploits deceptive techniques to uncover network threats. Versions of Fortinet FortiDeceptor, ranging from 6.0.0 to 6.0.2, 5.3.0 to 5.3.3, 5.2.0 to 5.2.1, all versions...

6.5CVSS5.8AI score0.00241EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.13 views

PT-2026-40108

Name of the Vulnerable Software and Affected Versions FortiMail versions 7.6.0 through 7.6.3 FortiMail versions 7.4.0 through 7.4.5 FortiMail versions 7.2.0 through 7.2.8 Description Improper neutralization of special elements used in an SQL command allows an authenticated privileged attacker to...

7.2CVSS6AI score0.00359EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.14 views

PT-2026-40111

Name of the Vulnerable Software and Affected Versions FortiAnalyzer versions 7.6.0 through 7.6.4 FortiAnalyzer versions 7.4.0 through 7.4.8 FortiAnalyzer version 7.2 FortiAnalyzer version 7.0 FortiAnalyzer version 6.4 FortiManager versions 7.6.0 through 7.6.4 FortiManager versions 7.4.0 through...

5.3CVSS5.8AI score0.00424EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.17 views

PT-2026-40115

Name of the Vulnerable Software and Affected Versions FortiSandbox versions 5.0.0 through 5.0.1 FortiSandbox versions 4.4.0 through 4.4.8 FortiSandbox Cloud versions 5.0.2 through 5.0.5 FortiSandbox PaaS version 23.4 FortiSandbox PaaS version 23.3 FortiSandbox PaaS version 23.1 FortiSandbox PaaS...

10CVSS6AI score0.00733EPSS
Exploits0References25
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.13 views

Fortinet FortiSandbox 安全漏洞

Fortinet FortiSandbox is an APT Advanced Persistent Threat protection device developed by the American company Fortinet. This device offers features such as dual sandbox technology, dynamic threat intelligence systems, real-time control panels, and reporting capabilities. Security vulnerabilities...

9.8CVSS6.2AI score0.00733EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.14 views

Fortinet FortiNDR SQL注入漏洞

Fortinet FortiNDR is a network detection and response solution provided by the American company Fortinet. Versions 7.6.0 to 7.6.2, 7.4.0 to 7.4.9, all versions of 7.2, all versions of 7.1, and all versions of 7.0 of Fortinet FortiNDR contain an SQL injection vulnerability. This vulnerability stem...

8.8CVSS6AI score0.00264EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.14 views

Fortinet FortiMail SQL注入漏洞

Fortinet FortiMail is a suite of email security gateway products developed by the American company Fortinet. This product provides features such as email security protection and data protection. Versions 7.6.0 to 7.6.3, 7.4.0 to 7.4.5, and 7.2.0 to 7.2.8 of Fortinet FortiMail contain SQL injectio...

7.2CVSS6.1AI score0.00359EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

Zyxel WRE6505 操作系统命令注入漏洞

The Zyxel WRE6505 is a wireless signal expansion device produced by the Chinese company Zyxel. The Zyxel WRE6505 v2 V1.00ABDV.3C0 version contains a vulnerability related to operating system command injection. This vulnerability stems from CGI programs that allow command injection, potentially...

8.8CVSS5.9AI score0.01007EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

OpenTelemetry .NET Contrib 安全漏洞

OpenTelemetry .NET Contrib is an open-source telemetry data collection and processing library developed by OpenTelemetry - CNCF. Previous versions of OpenTelemetry .NET Contrib, such as 0.2.0-alpha.1, contained security vulnerabilities. These vulnerabilities stemmed from the use of an unbounded...

7.5CVSS5.9AI score0.00311EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/12 12:0 a.m.11 views

Fortinet FortiAnalyzer DoS due to unsafe function in signal handler (FG-IR-26-137)

The version of FortiAnalyzer installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-26-137 advisory. - A use of potentially Dangerous Function vulnerability CWE-676 in FortiAnalyzer and FortiManager API may allow an...

5.3CVSS5.9AI score0.00424EPSS
Exploits0References2
OSV
OSV
added 2026/05/11 4:11 p.m.10 views

GHSA-3JH5-RR2Q-XFV7 Valtimo has sensitive data exposure through HTTP request/response logging in LoggingRestClientCustomizer

Summary The LoggingRestClientCustomizer in the web module automatically intercepts all outgoing HTTP calls made via Spring's RestClient and logs the full request body, response body, and response headers. When an error response is received, this information is included in the thrown...

7.6CVSS5.9AI score0.002EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/11 2:50 p.m.46 views

EUVD-2026-27867

Facebook React has a Denial of Service Vulnerability in React Server Components...

7.5CVSS5.8AI score0.01533EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.14 views

Geyser 代码问题漏洞

Geyser is a cross-platform game version bridging proxy tool developed by GeyserMC. Versions of Geyser prior to 2.9.3 contained code vulnerabilities. These vulnerabilities stemmed from server-side request forgeing when processing texture data for players’ heads in Minecraft. This allowed attackers...

2.4CVSS6AI score0.00158EPSS
Exploits0References2
Fedora
Fedora
added 2026/05/10 2:55 a.m.13 views

[SECURITY] Fedora 44 Update: python-requests-2.33.1-1.fc44

Most existing Python modules for sending HTTP requests are extremely verbose and cumbersome. Python=E2=80=99s built-in urllib2 module provides most of the HTTP capabilities you should need, but the API is thoroughly broken. This library is designed to make HTTP requests easy for developers...

5.5CVSS5.8AI score0.00182EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/05/08 11:8 p.m.6 views

CVE-2026-44313 LinkWarden: Server-Side Request Forgery (SSRF) in Link Creation via fetchTitleAndHeaders Function

Linkwarden is a self-hosted, open-source collaborative bookmark manager to collect, organize and archive webpages. Prior to version 2.13.0, a Server-Side Request Forgery SSRF vulnerability in the fetchTitleAndHeaders function allows authenticated users to make arbitrary HTTP requests to internal...

9.1CVSS5.9AI score0.00285EPSS
Exploits0References1
CVE
CVE
added 2026/05/08 10:31 p.m.17 views

CVE-2026-42352

pygeoapi is vulnerable to SSRF via the OGC API - Process execution path in versions 0.23.0 up to 0.23.3. The issue arises from the subscriber object enabling requests to internal HTTP services. It has been patched in version 0.23.3. Affected releases include 0.23.0–0.23.2, with fixes in 0.23.3. M...

8.6CVSS5.9AI score0.00454EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/08 10:31 p.m.34 views

CVE-2026-42352 pygeoapi 0.23.x: Unauthenticated SSRF via OGC API - Processes Subscriber

pygeoapi is a Python server implementation of the OGC API suite of standards. From version 0.23.0 to before version 0.23.3, OGC API process execution requests can use the subscriber object to requests to internal HTTP services. This issue has been patched in version 0.23.3...

8.6CVSS0.00454EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.17 views

YARD 路径遍历漏洞

YARD is a Ruby documentation generation tool developed by Loren Segal. Versions of YARD prior to 0.9.42 contained a path traversal vulnerability. This vulnerability stemmed from the use of the yard server’s path traversal feature, which could allow uncleaned HTTP requests to access arbitrary file...

7.5CVSS5.9AI score0.00388EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/06 9:38 p.m.13 views

Interpretation Conflict

Overview Affected versions of this package are vulnerable to Interpretation Conflict via the getMethod function. An attacker can perform unauthorized actions by sending crafted HTTP requests that override the intended HTTP method, potentially bypassing middleware restrictions and escalating...

8.7CVSS5.8AI score0.0031EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/06 4:24 p.m.86 views

CVE-2026-23870

A denial of service vulnerability could be triggered by sending specially crafted HTTP requests to server function endpoints, this could lead to server crashes, out-of-memory exceptions or excessive CPU usage; affecting the following packages: react-server-dom-webpack, react-server-dom-parcel,...

7.5CVSS0.01533EPSS
Exploits1References1
Rows per page
Query Builder