2516 matches found
CVE-2025-66286
An API design flaw in WebKitGTK and WPE WebKit allows untrusted web content to unexpectedly perform IP connections, DNS lookups, and HTTP requests. Applications expect to use the WebPage::send-request signal handler to approve or reject all network requests. However, certain types of HTTP request...
CVE-2026-4917
Technical details about CVE-2026-4917 are not publicly available in the provided documents. Monitor for updates as information is released.
PowerDNS Recursor(pdns_recursor) 安全漏洞
PowerDNS Recursor pdnsrecursor is a domain name resolution server developed by the Dutch company PowerDNS. There is a security vulnerability in PowerDNS Recursor pdnsrecursor, which stems from the ability of attackers to send web requests, leading to unlimited memory allocation on internal web...
PowerDNS DNSdist和PowerDNS Authoritative 安全漏洞
PowerDNS DNSdist and PowerDNS Authoritative are both products of the PowerDNS company. PowerDNS DNSdist is a proxy software that provides DNS traffic load balancing and security protection capabilities. PowerDNS Authoritative is a DNS server software. Both PowerDNS DNSdist and PowerDNS...
PowerDNS DNSdist和PowerDNS Authoritative 安全漏洞
PowerDNS DNSdist and PowerDNS Authoritative are both products of the PowerDNS company. PowerDNS DNSdist is a proxy software that provides DNS traffic load balancing and security protection capabilities. PowerDNS Authoritative is a DNS server software. Both PowerDNS DNSdist and PowerDNS...
HTTP Chunked Encoding Behavior Analyzer
This script is a security analysis tool designed to test how a web server such as Kestrel-based applications handles HTTP requests using chunked transfer encoding...
CVE-2026-41135
free5GC UDR is the Policy Control Function PCF for free5GC, an an open-source project for 5th generation 5G mobile core networks. A memory leak vulnerability in versions prior to 1.4.3 allows any unauthenticated attacker with network access to the PCF SBI interface to cause uncontrolled memory...
Oracle Financial Services Analytical Applications Infrastructure 安全漏洞
Oracle Financial Services Analytical Applications Infrastructure is a financial data analysis and modeling platform developed by Oracle Corporation. Versions 8.0.7.9, 8.0.8.7, and 8.1.2.5 of Oracle Financial Services Analytical Applications Infrastructure contain security vulnerabilities. These...
Oracle PeopleSoft Enterprise FIN Project Costing 安全漏洞
Oracle PeopleSoft Enterprise FIN Project Costing is a project cost management system developed by Oracle Corporation. Version 9.2 of Oracle PeopleSoft Enterprise FIN Project Costing contains a security vulnerability. This vulnerability stems from issues with the Projects component, which may allo...
Oracle PeopleSoft Enterprise SCM Purchasing 安全漏洞
Oracle PeopleSoft Enterprise SCM Purchasing is a procurement management system developed by Oracle Corporation. Version 9.2 of Oracle PeopleSoft Enterprise SCM Purchasing contains a security vulnerability. This vulnerability stems from issues with the Purchasing component, which may allow attacke...
GHSA-XMXX-7P24-H892 OpenClaw: Gateway HTTP endpoints re-resolve bearer auth after SecretRef rotation
Summary Gateway HTTP and WebSocket handlers captured the resolved bearer-auth configuration when the server started. After a SecretRef rotation, the already-running gateway could continue accepting the old bearer token until restart. Impact A bearer token that should have been revoked by SecretRe...
GHSA-45Q2-GJVG-7973 Angular: SSRF via protocol-relative and backslash URLs in Angular Platform-Server
Impact A Server-Side Request Forgery SSRF vulnerability exists in @angular/platform-server due to improper handling of URLs during Server-Side Rendering SSR. When an attacker sends a request such as GET /\evil.com/ HTTP/1.1 the server engine Express, etc. passes the URL string to Angular’s...
SUSE-SU-2026:21206-1 Security update for LibVNCServer
This update for LibVNCServer fixes the following issues: - CVE-2026-32853: crafted FramebufferUpdate message can lead to information disclosure or denial of service bsc1260431. - CVE-2026-32854: crafted HTTP requests can cause a denial of service bsc1260429...
EUVD-2026-22964
A vulnerability in the authentication service feature of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass authentication policy requirements. This vulnerability is due to improper validation of user-supplied authentication input in HT...
tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE
A directory traversal vulnerability in Apache Tomcat caused by improper URL normalization during request rewriting. When specific rewrite rules are used, an attacker could craft a malicious request to bypass access restrictions and reach protected directories such as /WEB-INF/ or /META-INF/. If...
CVE-2026-20147
A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to...
CVE-2026-20152
Cisco Secure Web Appliance (AsyncOS) authentication service is affected by CVE-2026-20152. The issue stems from improper validation of user-supplied authentication input in HTTP requests, allowing an unauthenticated, remote attacker to bypass authentication policy requirements. According to the p...
CVE-2026-20152
A vulnerability in the authentication service feature of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass authentication policy requirements. This vulnerability is due to improper validation of user-supplied authentication input in HT...
CVE-2026-20152 Cisco Secure Web Appliance Authentication Service Traffic Bypass Vulnerability
A vulnerability in the authentication service feature of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass authentication policy requirements. This vulnerability is due to improper validation of user-supplied authentication input in HT...
CVE-2026-20078 Cisco Unity Connection Arbitrary File Download Vulnerability
Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker to download arbitrary files from an affected system. To exploit these vulnerabilities, the attacker must have valid administrative credentials. These vulnerabilities are due to improper sanitization o...