Lucene search
+L

2516 matches found

RedhatCVE
RedhatCVE
added 2026/04/23 12:33 p.m.6 views

CVE-2025-66286

An API design flaw in WebKitGTK and WPE WebKit allows untrusted web content to unexpectedly perform IP connections, DNS lookups, and HTTP requests. Applications expect to use the WebPage::send-request signal handler to approve or reject all network requests. However, certain types of HTTP request...

4.7CVSS5.8AI score0.00233EPSS
Exploits0References4
CVE
CVE
added 2026/04/22 11:27 p.m.19 views

CVE-2026-4917

Technical details about CVE-2026-4917 are not publicly available in the provided documents. Monitor for updates as information is released.

4.9CVSS5.9AI score0.00356EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.11 views

PowerDNS Recursor(pdns_recursor) 安全漏洞

PowerDNS Recursor pdnsrecursor is a domain name resolution server developed by the Dutch company PowerDNS. There is a security vulnerability in PowerDNS Recursor pdnsrecursor, which stems from the ability of attackers to send web requests, leading to unlimited memory allocation on internal web...

7.5CVSS5.8AI score0.00606EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.11 views

PowerDNS DNSdist和PowerDNS Authoritative 安全漏洞

PowerDNS DNSdist and PowerDNS Authoritative are both products of the PowerDNS company. PowerDNS DNSdist is a proxy software that provides DNS traffic load balancing and security protection capabilities. PowerDNS Authoritative is a DNS server software. Both PowerDNS DNSdist and PowerDNS...

7.5CVSS5.8AI score0.00524EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.10 views

PowerDNS DNSdist和PowerDNS Authoritative 安全漏洞

PowerDNS DNSdist and PowerDNS Authoritative are both products of the PowerDNS company. PowerDNS DNSdist is a proxy software that provides DNS traffic load balancing and security protection capabilities. PowerDNS Authoritative is a DNS server software. Both PowerDNS DNSdist and PowerDNS...

7.5CVSS5.8AI score0.00514EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2026/04/22 12:0 a.m.8 views

HTTP Chunked Encoding Behavior Analyzer

This script is a security analysis tool designed to test how a web server such as Kestrel-based applications handles HTTP requests using chunked transfer encoding...

5.8AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/04/21 11:49 p.m.6 views

CVE-2026-41135

free5GC UDR is the Policy Control Function PCF for free5GC, an an open-source project for 5th generation 5G mobile core networks. A memory leak vulnerability in versions prior to 1.4.3 allows any unauthenticated attacker with network access to the PCF SBI interface to cause uncontrolled memory...

7.5CVSS5.7AI score0.00515EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.9 views

Oracle Financial Services Analytical Applications Infrastructure 安全漏洞

Oracle Financial Services Analytical Applications Infrastructure is a financial data analysis and modeling platform developed by Oracle Corporation. Versions 8.0.7.9, 8.0.8.7, and 8.1.2.5 of Oracle Financial Services Analytical Applications Infrastructure contain security vulnerabilities. These...

4.8CVSS7.2AI score0.00196EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.9 views

Oracle PeopleSoft Enterprise FIN Project Costing 安全漏洞

Oracle PeopleSoft Enterprise FIN Project Costing is a project cost management system developed by Oracle Corporation. Version 9.2 of Oracle PeopleSoft Enterprise FIN Project Costing contains a security vulnerability. This vulnerability stems from issues with the Projects component, which may allo...

6.5CVSS7.2AI score0.00261EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.10 views

Oracle PeopleSoft Enterprise SCM Purchasing 安全漏洞

Oracle PeopleSoft Enterprise SCM Purchasing is a procurement management system developed by Oracle Corporation. Version 9.2 of Oracle PeopleSoft Enterprise SCM Purchasing contains a security vulnerability. This vulnerability stems from issues with the Purchasing component, which may allow attacke...

6.5CVSS7.2AI score0.00261EPSS
Exploits0References2
OSV
OSV
added 2026/04/17 10:32 p.m.8 views

GHSA-XMXX-7P24-H892 OpenClaw: Gateway HTTP endpoints re-resolve bearer auth after SecretRef rotation

Summary Gateway HTTP and WebSocket handlers captured the resolved bearer-auth configuration when the server started. After a SecretRef rotation, the already-running gateway could continue accepting the old bearer token until restart. Impact A bearer token that should have been revoked by SecretRe...

9.2CVSS5.7AI score0.0054EPSS
Exploits1References6
OSV
OSV
added 2026/04/16 10:36 p.m.6 views

GHSA-45Q2-GJVG-7973 Angular: SSRF via protocol-relative and backslash URLs in Angular Platform-Server

Impact A Server-Side Request Forgery SSRF vulnerability exists in @angular/platform-server due to improper handling of URLs during Server-Side Rendering SSR. When an attacker sends a request such as GET /\evil.com/ HTTP/1.1 the server engine Express, etc. passes the URL string to Angular’s...

8.7CVSS5.8AI score0.00304EPSS
Exploits0References5
OSV
OSV
added 2026/04/16 12:54 p.m.4 views

SUSE-SU-2026:21206-1 Security update for LibVNCServer

This update for LibVNCServer fixes the following issues: - CVE-2026-32853: crafted FramebufferUpdate message can lead to information disclosure or denial of service bsc1260431. - CVE-2026-32854: crafted HTTP requests can cause a denial of service bsc1260429...

8.1CVSS5.8AI score0.05322EPSS
Exploits2References5
EUVD
EUVD
added 2026/04/15 6:31 p.m.7 views

EUVD-2026-22964

A vulnerability in the authentication service feature of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass authentication policy requirements. This vulnerability is due to improper validation of user-supplied authentication input in HT...

5.3CVSS5.9AI score0.00299EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/04/15 5:31 p.m.3 views

tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE

A directory traversal vulnerability in Apache Tomcat caused by improper URL normalization during request rewriting. When specific rewrite rules are used, an attacker could craft a malicious request to bypass access restrictions and reach protected directories such as /WEB-INF/ or /META-INF/. If...

7.5CVSS7.2AI score0.66535EPSS
Exploits4References6
NVD
NVD
added 2026/04/15 5:17 p.m.6 views

CVE-2026-20147

A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to...

9.9CVSS0.11679EPSS
Exploits0References1
CVE
CVE
added 2026/04/15 4:3 p.m.73 views

CVE-2026-20152

Cisco Secure Web Appliance (AsyncOS) authentication service is affected by CVE-2026-20152. The issue stems from improper validation of user-supplied authentication input in HTTP requests, allowing an unauthenticated, remote attacker to bypass authentication policy requirements. According to the p...

5.3CVSS5.9AI score0.00299EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/15 4:3 p.m.4 views

CVE-2026-20152

A vulnerability in the authentication service feature of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass authentication policy requirements. This vulnerability is due to improper validation of user-supplied authentication input in HT...

5.3CVSS5.9AI score0.00299EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/04/15 4:3 p.m.30 views

CVE-2026-20152 Cisco Secure Web Appliance Authentication Service Traffic Bypass Vulnerability

A vulnerability in the authentication service feature of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass authentication policy requirements. This vulnerability is due to improper validation of user-supplied authentication input in HT...

5.3CVSS0.00299EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/15 4:3 p.m.4 views

CVE-2026-20078 Cisco Unity Connection Arbitrary File Download Vulnerability

Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker to download arbitrary files from an affected system. To exploit these vulnerabilities, the attacker must have valid administrative credentials. These vulnerabilities are due to improper sanitization o...

6.5CVSS6AI score0.00388EPSS
Exploits0References1
Rows per page
Query Builder