Lucene search
K

605 matches found

Nuclei
Nuclei
added 7 hours ago12 views

BMC FootPrints 'searchWeb' - Server-Side Request Forgery

BMC FootPrints versions 20.20.02 through 20.24.01.001 contain a Server-Side Request Forgery SSRF vulnerability in the /footprints/servicedesk/import/searchWeb endpoint. The 'url' parameter allows unauthenticated attackers to force the server to make HTTP requests to arbitrary URLs, enabling acces...

8.8CVSS6.2AI score0.3436EPSS
Exploits2References2
Nuclei
Nuclei
added 7 hours ago9 views

mcp-atlassian < 0.17.0 - Server-Side Request Forgery

MCP Atlassian 0.17.0 contains a server-side request forgery caused by improper validation of custom HTTP headers in the HTTP middleware, letting unauthenticated attackers force outbound requests to arbitrary URLs, exploit requires access to the mcp-atlassian HTTP endpoint. id: CVE-2026-27826 info...

9CVSS6.2AI score0.13589EPSS
Exploits2References4
ATTACKERKB
ATTACKERKB
added 6 days ago8 views

CVE-2026-47214

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. Prior to 2.94.0, the HTML backend has unsafe URI and path handling. This vulnerability is fixed in 2.94.0...

7.1CVSS5.8AI score0.00217EPSS
Exploits0References3Affected Software1
CVE
CVE
added last week7 views

CVE-2026-12473

OHIF Viewers are affected: two default-configured data sources, DICOMWebProxy and DICOMJSON, fetch an arbitrary URL parameter without validation. A global authentication service in OHIF automatically injects the user's OIDC Bearer token into those requests and transmits it to an attacker-controll...

8.3CVSS6AI score0.00232EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/23 12:30 a.m.9 views

EUVD-2026-38379

Nuxt versions 4.0.0 before 4.4.7 and 3.x before 3.21.7 fail to validate script-capable URLs in the navigateTo open option, allowing client-side script execution. Attackers can supply javascript: URLs through the open parameter to execute arbitrary scripts in the application's origin when...

6.1CVSS6.1AI score0.00234EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/22 3:40 p.m.4 views

CVE-2026-46417 Angular: SSRF via Hostname Hijacking in @angular/platform-server

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-next.12, 21.2.13, 20.3.21, and 19.2.22, a Server-Side Request Forgery SSRF vulnerability exists in @angular/platform-server. The issue stems from how...

8.8CVSS5.8AI score0.0021EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in Firefox

Search queries in the default search engine might appear to be the currently navigated URL, provided that the search query itself is a properly formed URL. This could lead to a site spoofing another site, if it was maliciously set as the default search engine. This vulnerability affects Firefox...

3.1CVSS6.1AI score0.00382EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Firefox and Thunderbird

Relative URLs that start with three slashes were incorrectly parsed. The “path-traversal” /../ part in the path could be used to override the specified host. This could lead to security issues in websites. This vulnerability affects Firefox 120, Firefox ESR 115.5.0, and Thunderbird 115.5...

6.5CVSS6.7AI score0.01406EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Firefox and Thunderbird

A maliciously installed WebExtension could open arbitrary URLs, which under the right circumstances could be exploited to collect sensitive user data. This vulnerability affects Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4.1...

4.3CVSS6.6AI score0.00906EPSS
Exploits0References2
Circl
Circl
added 2026/06/18 10:1 a.m.8 views

CVE-2026-8024

creationtimestamp| type| source ---|---|--- 2026-06-18 10:01:16+00:00| seen| https://infosec.exchange/users/certvde/statuses/116770529327887486 2026-06-18 10:01:32+00:00| seen| https://bsky.app/profile/certvde.infosec.exchange.ap.brid.gy/post/3mokl2y64ikr2 2026-06-18 12:19:34+00:00| seen|...

9.8CVSS5.8AI score0.00553EPSS
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/16 7:30 p.m.9 views

Malicious code in pretie_x2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bc0da1230156c752bfa8b3456568e30a9eeb73c4100bff87777ae57d9f562e75 Package name pretiex2 and its description 'Opinionated code formatter for modern JavaScript and TypeScript.' with keywords including prettier...

5.8AI score
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.12 views

PT-2026-51506

Name of the Vulnerable Software and Affected Versions Crawl4AI versions prior to 0.8.7 Description A stored cross-site scripting issue exists in the monitor dashboard. The application renders crawl URLs and error messages using innerHTML without proper escaping. This allows an attacker to submit ...

9.3CVSS5.6AI score0.00195EPSS
Exploits0References17
NVD
NVD
added 2026/06/15 4:16 p.m.8 views

CVE-2026-8683

Mattermost Desktop App versions =6.1 5.5.13.0 fail to account for attempting to open extremely long URLs in the Mattermost Desktop App which allows a malicious server owner to crash the application via including a script to call window.open on a very large URL. Mattermost Advisory ID:...

6.5CVSS0.00199EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 2:6 p.m.9 views

EUVD-2026-36732

Mattermost Desktop App versions =6.1 5.5.13.0 fail to account for attempting to open extremely long URLs in the Mattermost Desktop App which allows a malicious server owner to crash the application via including a script to call window.open on a very large URL. Mattermost Advisory ID:...

6.5CVSS5.2AI score0.00199EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/13 12:34 a.m.9 views

EUVD-2026-36628

Capgo before 12.128.2 fails to delete previously uploaded profile images from backend storage when users replace or remove them. Attackers can access orphaned image files through previously generated URLs, allowing unauthorized retrieval of user-uploaded content...

5.3CVSS5.2AI score0.00183EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/12 9:57 p.m.27 views

CVE-2026-53867 Capgo < 12.128.2 - Orphaned File Retention via Profile Image Replacement

Capgo before 12.128.2 fails to delete previously uploaded profile images from backend storage when users replace or remove them. Attackers can access orphaned image files through previously generated URLs, allowing unauthorized retrieval of user-uploaded content...

5.3CVSS0.00183EPSS
Exploits0References2
NVD
NVD
added 2026/06/11 6:16 p.m.11 views

CVE-2026-46698

Fediverse Embeds embeds fediverse posts on WordPress sites. Prior to version 1.5.9, Fediverse Embeds registered the unauthenticated AJAX action wpajaxnoprivftfgetsiteinfo includes/SiteInfo.php that verified a nonce ftf-fediverse-embeds-nonce and then called filegethtml$siteurl on the...

5.3CVSS0.00229EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/11 1:58 p.m.12 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS7.7AI score0.00728EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.16 views

PT-2026-48410

Name of the Vulnerable Software and Affected Versions Ghidra versions prior to 12.1 Description On Windows, improper escaping of cmd.exe metacharacters in URL annotation handling allows for command injection. This occurs when malicious URLs are embedded in program comments; if a user clicks these...

8.4CVSS5.7AI score0.00503EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/09 3:51 a.m.13 views

EUVD-2026-35343

Due to incorrect host parsing, applications that rely on UriComponentsBuilder to parse and validate an externally provided URL string may be exposed to a server-side request forgery SSRF attack. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18...

4.2CVSS5.5AI score0.00123EPSS
Exploits0References1
Rows per page
Query Builder