Lucene search
K

31918 matches found

CVE
CVE
added 7 hours ago10 views

CVE-2026-9561

CVE-2026-9561 affects Eclipse Kura before 5.6.2. The Web Console (org.eclipse.kura.web2) and REST API (org.eclipse.kura.rest.provider) trust the client-controlled X-Forwarded-For header as the primary source for client IP in audit contexts, and Jetty’s ForwardedRequestCustomizer is installed on a...

8.8CVSS6.1AI score
Exploits0References1
Cvelist
Cvelist
added 7 hours ago9 views

CVE-2026-9561

Eclipse Kura versions prior to 5.6.2 trust the client-supplied X-Forwarded-For HTTP header as the authoritative source of the client IP address in audit log entries. The org.eclipse.kura.web2 Web Console and org.eclipse.kura.rest.provider REST API components use this header as the primary IP sour...

8.8CVSS
Exploits0References1
Nuclei
Nuclei
added 7 hours ago12 views

vLLM 0.8.3 - 0.14.0 - Information Disclosure

vLLM 0.8.3 to - 0.14.1 contains an information disclosure caused by leaking a heap address in error messages from the multimodal endpoint when processing invalid images, letting remote attackers reduce ASLR entropy, exploit requires sending invalid images. id: CVE-2026-22778 info: name: vLLM 0.8....

9.8CVSS6.7AI score0.03816EPSS
Exploits0References3
Nuclei
Nuclei
added 7 hours ago54 views

EspoCRM <= 9.3.3 - Server-Side Request Forgery

EspoCRM = 9.3.3 contains an authenticated server-side request forgery caused by improper internal-host validation using alternative IPv4 formats in HostCheck::isNotInternalHost, letting authenticated users access internal resources via /api/v1/Attachment/fromImageUrl endpoint. id: CVE-2026-33534...

4.3CVSS6.1AI score0.01978EPSS
Exploits5References2
Nuclei
Nuclei
added 7 hours ago37 views

WordPress User Messages <= 1.2.4 - Reflected XSS

WordPress User Messages plugin = 1.2.4 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires victim to load a...

6.1CVSS7AI score0.00567EPSS
Exploits1References2
Nuclei
Nuclei
added 7 hours ago32 views

ChurchCRM - API Authentication Bypass via URL Injection

ChurchCRM 7.1.0 contains an authentication bypass caused by improper API middleware URL handling in ChurchCRM/Slim/Middleware/AuthMiddleware.php, letting unauthenticated attackers access protected API endpoints, exploit requires crafted request URL with 'api/public id: CVE-2026-39339 info: name:...

9.1CVSS6.1AI score0.01351EPSS
Exploits0References1
Nuclei
Nuclei
added 7 hours ago86 views

Imgproxy < 3.27.2 - Server-Side Request Forgery (SSRF)

imgproxy contains an issue caused by not blocking the 0.0.0.0 address even when IMGPROXYALLOWLOOPBACKSOURCEADDRESSES is set to false, letting local services be exposed, exploit requires network access. id: CVE-2025-24354 info: name: Imgproxy 3.27.2 - Server-Side Request Forgery SSRF author:...

5.3CVSS6.9AI score0.00844EPSS
Exploits0References2
Nuclei
Nuclei
added 7 hours ago13 views

SquirrelMail Address Add 1.4.2 - Cross-Site Scripting

SquirrelMail Address Add 1.4.2 plugin contains a cross-site scripting vulnerability. It fails to properly sanitize user-supplied input, thus allowing an attacker to execute arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to...

4.3CVSS6.3AI score0.03436EPSS
Exploits2References2
Nuclei
Nuclei
added 7 hours ago84 views

Multiple Shipping Address Woocommerce < 2.0 - SQL Injection

The Multiple Shipping Address Woocommerce plugin before 2.0 does not properly sanitize and escape numerous parameters before using them in SQL statements via some AJAX actions available to unauthenticated users, leading to unauthenticated SQL injections. id: CVE-2022-0783 info: name: Multiple...

9.8CVSS7.1AI score0.07866EPSS
Exploits2References2
RedHat Linux
RedHat Linux
added 9 hours ago9 views

kernel: Linux kernel: netfilter: ebtables SNAT target writes to shared memory pages during ARP hardware address rewrite

A flaw was found in the Linux kernel's netfilter bridge ebtables SNAT Source Network Address Translation module. This vulnerability allows a local attacker on a system configured with specific bridge netfilter rules to improperly modify underlying memory pages during an ARP Address Resolution...

8.8CVSS6.1AI score0.00129EPSS
Exploits0References5
EUVD
EUVD
added 12 hours ago5 views

EUVD-2026-43616

A vulnerability was identified in nextlevelbuilder GoClaw up to 3.13.3-beta.3. This vulnerability affects the function handleNavigate of the file pkg/browser/tool.go. Such manipulation of the argument args.targetUrl leads to information disclosure. The attack may be performed from remote. The...

5.3CVSS5.9AI score
Exploits0References7
EUVD
EUVD
added 14 hours ago5 views

EUVD-2026-43563

luci-app-banip contains a log parsing vulnerability where the awk-based parser extracts the first IPv4 address from log lines regardless of field position, allowing attackers to inject arbitrary IPs via attacker-controlled fields like usernames. An unauthenticated remote attacker can inject an IP...

8.7CVSS6.2AI score
Exploits0References4
EUVD
EUVD
added 14 hours ago6 views

EUVD-2026-43588

SAP HANA Database user self service tools allows an unauthenticated user to send specially crafted requests that produce distinguishable responses, enabling enumeration of valid user accounts and email addresses. Successful exploitation could allow the attacker to enumerate valid user accounts,...

3.7CVSS6.1AI score
Exploits0References2
Circl
Circl
added yesterday5 views

CVE-2026-62192

creationtimestamp| type| source ---|---|--- 2026-07-13 22:42:38+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqkrbdxlxy2t...

8.1CVSS6.1AI score
Exploits0References1
NVD
NVD
added yesterday6 views

CVE-2026-62184

luci-app-banip contains a log parsing vulnerability where the awk-based parser extracts the first IPv4 address from log lines regardless of field position, allowing attackers to inject arbitrary IPs via attacker-controlled fields like usernames. An unauthenticated remote attacker can inject an IP...

8.7CVSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-62184

luci-app-banip contains a log parsing vulnerability where the awk-based parser extracts the first IPv4 address from log lines regardless of field position, allowing attackers to inject arbitrary IPs via attacker-controlled fields like usernames. An unauthenticated remote attacker can inject an IP...

8.7CVSS6.2AI score
Exploits0References4
CVE
CVE
added yesterday5 views

CVE-2026-62184

CVE-2026-62184 affects the OpenWrt luci-app-banip component. The issue is a log-parsing vulnerability in an awk-based parser that always extracts the first IPv4 address from a log line, regardless of its actual field position. An unauthenticated remote attacker can inject an IP address via attack...

8.7CVSS6.2AI score
Exploits0References3
Cvelist
Cvelist
added yesterday17 views

CVE-2026-62184 luci-app-banip Log Monitor IP Extraction Bypass

luci-app-banip contains a log parsing vulnerability where the awk-based parser extracts the first IPv4 address from log lines regardless of field position, allowing attackers to inject arbitrary IPs via attacker-controlled fields like usernames. An unauthenticated remote attacker can inject an IP...

8.7CVSS
Exploits0References3
OSV
OSV
added yesterday12 views

ROOT-APP-NPM-CVE-2026-42338 CVE-2026-42338 in @rootio/ip-address - Patched by Root

Root has patched CVE-2026-42338 in the @rootio/ip-address package for Root:npm. Multiple fixed versions available...

6.1CVSS5.8AI score0.00471EPSS
Exploits1
NVD
NVD
added yesterday4 views

CVE-2026-14846

In version 8.2.1 of PrestaShop, there is a vulnerability relating to the incorrect sanitisation of elements, caused by inadequate validation of the ‘Alias’ parameter in the ‘Update your address’ function. This flaw allows an attacker to inject malicious expressions that are executed when the...

4.5CVSS0.0033EPSS
Exploits0References1
Rows per page
Query Builder