Lucene search
K

12709 matches found

Cvelist
Cvelist
added 2026/06/03 2:41 p.m.39 views

CVE-2022-31114 backpack/crud Vulnerable to Cross-site Scripting

backpack/crud provides Create, Read, Update & Delete CRUD functions for Backpack, a collection of Laravel packages that help users build custom administration panels. Versions prior to 5.0.13, 4.1.69, and 4.0.63 are vulnerable to cross-site scripting. An attacker could conduct a targeted phishing...

5.1CVSS0.00303EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/03 2:41 p.m.7 views

CVE-2022-31114

backpack/crud provides Create, Read, Update & Delete CRUD functions for Backpack, a collection of Laravel packages that help users build custom administration panels. Versions prior to 5.0.13, 4.1.69, and 4.0.63 are vulnerable to cross-site scripting. An attacker could conduct a targeted phishing...

5.1CVSS5.4AI score0.00303EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/06/03 8:24 a.m.10 views

Improper Output Neutralization for Logs

Overview org.webjars.npm:morgan is a HTTP request logger middleware for node.js. Affected versions of this package are vulnerable to Improper Output Neutralization for Logs via the :remote-user token, which extracts the Basic auth username from the Authorization header and writes it to the log...

6.9CVSS5.5AI score0.00246EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.12 views

PT-2026-46017

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description AppArmor fails to properly handle unaligned DFA tables, which can originate from either the kernel or userspace. Because 8-byte alignment is not guaranteed, this can trigger unaligned...

5.5CVSS5.2AI score0.00114EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.12 views

PT-2026-45950

Name of the Vulnerable Software and Affected Versions backpack/crud versions prior to 5.0.13 backpack/crud versions prior to 4.1.69 backpack/crud versions prior to 4.0.63 Description Reflected Cross-Site Scripting XSS occurs because error views output the exception message without escaping it. An...

5.1CVSS5.8AI score0.00303EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.13 views

PT-2026-46097

Summary Cookies set with the cookies parameter on requests are sent after following a cross-origin redirect. Impact If a developer uses the cookies parameter on a per-request basis then sensitive data might be leaked to an attacker if they manage to control a redirect. Workaround If unable to...

8.7CVSS5.8AI score0.0015EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.16 views

PT-2026-46099

Summary Using CookieJar.load with untrusted input may allow arbitrary code execution. Impact Most applications using this function will be doing so with the user's own data, so this is unlikely to affect many applications. Workaround If an application does allow attacker controlled files to be...

6.4CVSS6.1AI score0.00128EPSS
Exploits0References5
Veeam
Veeam
added 2026/06/03 12:0 a.m.70 views

Email item data export from EWS failed

Challenge Exchange Online backup jobs in Veeam Backup for Microsoft 365 and Veeam Data Cloud for Microsoft 365 may fail to process mailboxes, returning one of the following errors: Processing mailbox failed with error: Email item data export from EWS failed item IDs: .... The operation has timed...

5.7AI score
Exploits0
CVE
CVE
added 2026/06/02 6:35 p.m.21 views

CVE-2026-35049

The CVE-2026-35049 entry affects the wire-ios iOS client. Before version 4.16.0, processing a crafted Proteus external message with an encrypted payload under 16 bytes causes an automatic crash after receipt. The malicious message remains in the conversation and causes a crash loop on relaunch, p...

6.5CVSS5.7AI score0.00235EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/02 6:32 p.m.9 views

CVE-2026-47265

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, cookies set with the cookies parameter on requests are sent after following a cross-origin redirect. If a developer uses the cookies parameter on a per-request basis then sensitive data might ...

8.7CVSS5.8AI score0.0015EPSS
Exploits0References3Affected Software1
AlpineLinux
AlpineLinux
added 2026/06/02 6:32 p.m.10 views

CVE-2026-47265

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, cookies set with the cookies parameter on requests are sent after following a cross-origin redirect. If a developer uses the cookies parameter on a per-request basis then sensitive data might ...

8.7CVSS5.3AI score0.0015EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/06/02 6:29 p.m.11 views

CVE-2026-34993

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, using CookieJar.load with untrusted input may allow arbitrary code execution. Most applications using this function will be doing so with the user's own data, so this is unlikely to affect man...

7.3CVSS6.1AI score0.00128EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.14 views

PT-2026-45836

Name of the Vulnerable Software and Affected Versions AIOHTTP versions prior to 3.14.0 Description Cookies set using the cookies parameter on requests are sent after following a cross-origin redirect. This behavior can lead to the leakage of sensitive data to an attacker if they can control the...

8.7CVSS5.8AI score0.0015EPSS
Exploits0References42
Tenable Nessus
Tenable Nessus
added 2026/06/02 12:0 a.m.18 views

Linux Distros Unpatched Vulnerability : CVE-2026-44825

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Hardcoded credentials in the Basic Authentication setup tool bin/solr auth enable in Apache Solr versions 9.4.0 through 9.10.1 and 10.0.0 allows a remote attack...

9.8CVSS7.8AI score0.00529EPSS
Exploits1References2
NVD
NVD
added 2026/06/01 9:16 a.m.13 views

CVE-2026-44825

Hardcoded credentials in the Basic Authentication setup tool bin/solr auth enable in Apache Solr versions 9.4.0 through 9.10.1 and 10.0.0 allows a remote attacker to gain full administrative access to the cluster via publicly known default credentials installed silently alongside the user-specifi...

9.8CVSS0.00529EPSS
Exploits1References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2026/06/01 8:34 a.m.12 views

Multiple vulnerabilities in ServerView Agents for Windows

Overview ServerView Agents for Windows provided by Fsas Technologies Inc. is server management software. ServerView Agents for Windows contains multiple vulnerabilities listed below. Incorrect permission assignment for critical resource CWE-732 - CVE-2026-27788 Privilege chaining CWE-268 -...

8.5CVSS7.2AI score0.00097EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/01 8:2 a.m.9 views

CVE-2026-44825

Hardcoded credentials in the Basic Authentication setup tool bin/solr auth enable in Apache Solr versions 9.4.0 through 9.10.1 and 10.0.0 allows a remote attacker to gain full administrative access to the cluster via publicly known default credentials installed silently alongside the user-specifi...

8.1CVSS5.8AI score0.00529EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/06/01 8:2 a.m.45 views

CVE-2026-44825 Apache Solr: Enabling BasicAuth using bin/solr CLI configures additional insecure users

Hardcoded credentials in the Basic Authentication setup tool bin/solr auth enable in Apache Solr versions 9.4.0 through 9.10.1 and 10.0.0 allows a remote attacker to gain full administrative access to the cluster via publicly known default credentials installed silently alongside the user-specifi...

8.1CVSS0.00529EPSS
Exploits1References1
OSV
OSV
added 2026/05/29 6:24 p.m.10 views

GHSA-49PM-43HF-6XFQ IPAM controller service account granted unnecessary full access to Secrets

Impact IPAM is the IP address Manager for Cluster API Provider Metal3. The IPAM controller's ClusterRole granted full CRUD permissions create, delete, get, list, patch, update, watch on core/v1 Secrets. The controller never accesses Secrets during normal operation. If the controller pod were...

4.4CVSS5.8AI score0.00333EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/05/29 6:24 p.m.20 views

IPAM controller service account granted unnecessary full access to Secrets

Impact IPAM is the IP address Manager for Cluster API Provider Metal3. The IPAM controller's ClusterRole granted full CRUD permissions create, delete, get, list, patch, update, watch on core/v1 Secrets. The controller never accesses Secrets during normal operation. If the controller pod were...

4.4CVSS5.8AI score0.00333EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder