Lucene search
K

13369 matches found

RedHat Linux
RedHat Linux
added 2026/07/06 4:59 a.m.6 views

kernel: netfilter: flowtable: strictly check for maximum number of actions

A flaw was found in the Netfilter flowtable component of the Linux kernel. This vulnerability occurs because the system does not strictly check the maximum number of hardware offload actions for IPv6, allowing it to process more actions than supported. This could potentially lead to system...

7.8CVSS5.9AI score0.00141EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/07/06 3:0 a.m.34 views

CVE-2026-14792 Formbricks Survey actions.ts access control

A security vulnerability has been detected in Formbricks 5.0.0. This impacts an unknown function of the file apps/web/modules/survey/link/actions.ts of the component Survey Handler. The manipulation leads to improper access controls. Remote exploitation of the attack is possible. Upgrading to...

6.9CVSS0.00366EPSS
Exploits0References8
OSV
OSV
added 2026/07/06 3:0 a.m.3 views

CVE-2026-14792 Formbricks Survey actions.ts access control

A security vulnerability has been detected in Formbricks 5.0.0. This impacts an unknown function of the file apps/web/modules/survey/link/actions.ts of the component Survey Handler. The manipulation leads to improper access controls. Remote exploitation of the attack is possible. Upgrading to...

6.9CVSS6.1AI score0.00366EPSS
Exploits0References10
Snyk
Snyk
added 2026/07/03 10:18 p.m.4 views

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization in the workflow approval process. An attacker can gain unauthorized access to protected resources or perform privileged actions by bypassing the intended approval gate through manipulation of permanent fork pull...

8.9CVSS5.9AI score0.00201EPSS
Exploits0References2
NVD
NVD
added 2026/07/03 9:17 p.m.11 views

CVE-2026-58426

Gitea Actions Artifacts V4 signed URL HMAC ambiguity allows cross-repository artifact read and cross-task upload-state write...

9.6CVSS0.00177EPSS
Exploits0References4
OSV
OSV
added 2026/07/03 8:54 p.m.4 views

CVE-2026-58426 Gitea Actions Artifacts V4 signed URL HMAC ambiguity allows cross-repository artifact read and cross-task upload-state write

Gitea Actions Artifacts V4 signed URL HMAC ambiguity allows cross-repository artifact read and cross-task upload-state write...

9.6CVSS5.9AI score0.00177EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/03 5:0 p.m.43 views

CVE-2026-14620 webpack-dev-server vulnerable to cross-site request forgery via internal developer endpoints

webpack-dev-server versions 5.2.5 and earlier expose two internal developer endpoints, /webpack-dev-server/open-editor and /webpack-dev-server/invalidate, that perform state-changing actions on any GET request without verifying that the request originated from the dev server's own page. Any websi...

4.7CVSS0.00116EPSS
Exploits0References2
CVE
CVE
added 2026/07/03 5:0 p.m.34 views

CVE-2026-14620

webpack-dev-server prior to 5.2.6 exposes two internal endpoints (/webpack-dev-server/open-editor and /webpack-dev-server/invalidate) that perform state-changing actions on any GET request without origin verification. This enables cross-origin interactions when a user visits any website while the...

4.7CVSS6.1AI score0.00116EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/07/03 6:40 a.m.14 views

CVE-2026-59102

A flaw was found in Forgejo. This stored cross-site scripting XSS vulnerability allows an authenticated attacker to execute malicious code in other users' web browsers. The flaw occurs when a user's full name, containing specially crafted HTML, is used in an Actions run description without proper...

5.4CVSS5.8AI score0.00199EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.14 views

PT-2026-55658

Name of the Vulnerable Software and Affected Versions Gitea affected versions not specified Description An HMAC ambiguity in Gitea Actions Artifacts V4 signed URLs allows for cross-repository artifact reading and cross-task upload-state writing. HMAC Hash-based Message Authentication Code is a...

9.6CVSS5.9AI score0.00177EPSS
Exploits0References11
Cvelist
Cvelist
added 2026/07/02 7:44 p.m.35 views

CVE-2026-59102 Forgejo < 15.0.3 - Stored XSS via Actions Run Full Name Rendering

Forgejo before 15.0.3 contains a stored cross-site scripting vulnerability that allows authenticated attackers to execute arbitrary JavaScript in other users' browsers by setting a full name containing an HTML payload and triggering an Actions run. When the DEFAULTSHOWFULLNAME option is enabled,...

5.4CVSS0.00199EPSS
Exploits0References4
CVE
CVE
added 2026/07/02 7:44 p.m.16 views

CVE-2026-59102

CVE-2026-59102 affects Forgejo prior to 15.0.3, with a stored XSS in the Actions run page when DEFAULT_SHOW_FULL_NAME is enabled. The description shows that an authenticated attacker can inject an HTML payload into the full name, which is interpolated into an HTML string via a translation functio...

5.4CVSS6AI score0.00199EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/02 7:44 p.m.8 views

CVE-2026-59102

Forgejo before 15.0.3 contains a stored cross-site scripting vulnerability that allows authenticated attackers to execute arbitrary JavaScript in other users' browsers by setting a full name containing an HTML payload and triggering an Actions run. When the DEFAULTSHOWFULLNAME option is enabled,...

5.4CVSS6AI score0.00199EPSS
Exploits0References5
EUVD
EUVD
added 2026/07/02 7:44 p.m.9 views

EUVD-2026-41433

Forgejo before 15.0.3 contains a stored cross-site scripting vulnerability that allows authenticated attackers to execute arbitrary JavaScript in other users' browsers by setting a full name containing an HTML payload and triggering an Actions run. When the DEFAULTSHOWFULLNAME option is enabled,...

5.4CVSS6AI score0.00199EPSS
Exploits0References4
CVE
CVE
added 2026/07/02 2:49 p.m.30 views

CVE-2026-55110

Summary: CVE-2026-55110 describes a CORS misconfiguration in UniFi OS that could allow a malicious page to trigger actions in UniFi OS using an authenticated user’s session after the user visits a malicious page. Affected software/component: UniFi OS (CORS configuration issue). Root cause: CORS m...

7.5CVSS5.7AI score0.00141EPSS
Exploits0References1Affected Software1
RedHat Linux
RedHat Linux
added 2026/07/02 12:3 a.m.8 views

next.js: Next.js: Denial of Service via crafted POST requests to server actions

A flaw was found in Next.js. Applications utilizing Partial Prerendering via the Cache Components feature are susceptible to connection exhaustion. A remote attacker can send crafted POST requests to a server action, triggering a request-body handling deadlock. This leaves connections open,...

7.5CVSS6AI score0.00546EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.13 views

PT-2026-55302

Name of the Vulnerable Software and Affected Versions Forgejo versions prior to 15.0.3 Description Authenticated attackers can execute arbitrary JavaScript in the browsers of other users. This occurs when the DEFAULT SHOW FULL NAME option is enabled and an attacker sets a full name containing an...

5.4CVSS6.3AI score0.00199EPSS
Exploits0References10
EUVD
EUVD
added 2026/07/01 4:2 p.m.8 views

EUVD-2026-41053

Guardian language-system fails to sanitize the id GET parameter before inserting it into multiple HTML form action attributes in textfile.php lines 94, 101, 323, 403, 826, 852. An authenticated attacker can craft a URL that injects script tags executing in the victim's browser session...

4.8CVSS5.8AI score0.00147EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/01 4:2 p.m.32 views

CVE-2026-34097 Guardian Language-System XSS via id Parameter in text_file.php

Guardian language-system fails to sanitize the id GET parameter before inserting it into multiple HTML form action attributes in textfile.php lines 94, 101, 323, 403, 826, 852. An authenticated attacker can craft a URL that injects script tags executing in the victim's browser session...

4.8CVSS0.00147EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 4:2 p.m.21 views

CVE-2026-34097

CVE-2026-34097 concerns Guardian Language-System. The vulnerability arises because text_file.php fails to sanitize the GET parameter id before it is inserted into multiple HTML form action attributes (lines 94, 101, 323, 403, 826, 852). This allows an authenticated attacker to craft a URL that in...

4.8CVSS5.8AI score0.00147EPSS
Exploits0References2
Rows per page
Query Builder