Lucene search
+L

723 matches found

euvd
euvd
added yesterday5 views

EUVD-2026-44917

HCL DFXAnalytics is affected by a Login Replay Attack vulnerability. The application allows a remote attacker to intercept, delay, or fraudulently retransmit valid authentication data to achieve unauthorized access. To mitigate this risk, the application must implement a mechanism to include...

2.6CVSS6.2AI score
Exploits0References1
nuclei
nuclei
added yesterday41 views

WordPress Plugin Age Verification v0.4 - Open Redirect

Open redirect vulnerability in age-verification.php in the Age Verification plugin 0.4 and earlier for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirectto parameter. id: CVE-2012-6499 info: name: WordPress Plugin Age...

5.8CVSS6.2AI score0.10557EPSS
Exploits1References3
nvd
nvd
added 3 days ago5 views

CVE-2026-50663

Relative path traversal in Age of Empires II: Definitive Edition Game allows an unauthorized attacker to execute code over a network...

8.8CVSS0.0065EPSS
Exploits0References1
cve
cve
added 3 days ago27 views

CVE-2026-50663

CVE-2026-50663 affects Age of Empires II: Definitive Edition. The vulnerability is a relative path traversal in the game that could allow an unauthorized attacker to execute code over the network. The current documents specify the impact as remote code execution with high severity (CVSS 3.1: AV:N...

8.8CVSS6.2AI score0.0065EPSS
Exploits0References1
cvelist
cvelist
added 3 days ago22 views

CVE-2026-50663 Game: Age of Empires II: Definitive Edition Remote Code Execution Vulnerability

...

8.8CVSS0.0065EPSS
Exploits0References1
mscve
mscve
added 3 days ago8 views

Game: Age of Empires II: Definitive Edition Remote Code Execution Vulnerability

Relative path traversal in Age of Empires II: Definitive Edition Game allows an unauthorized attacker to execute code over a network...

8.8CVSS6.2AI score0.0065EPSS
Exploits0
ptsecurity
ptsecurity
added 3 days ago4 views

PT-2026-58211

Name of the Vulnerable Software and Affected Versions Age of Empires II: Definitive Edition affected versions not specified Description A relative path traversal issue allows an unauthorized attacker to achieve remote code execution over a network. The attack occurs when a user joins an...

8.8CVSS6.5AI score0.0065EPSS
Exploits0References6
nvd
nvd
added last week7 views

CVE-2026-56664

ZITADEL is an open source identity management platform. Prior to 3.4.12 and 4.15.2, ZITADEL's external JWT Identity Provider validation in internal/idp/providers/jwt/session.go skips the maximum token age freshness check when an incoming token omits the iat claim, allowing arbitrarily old tokens...

4.2CVSS0.00203EPSS
Exploits0References5
osv
osv
added last week3 views

CVE-2026-56664 ZITADEL: Missing Token Lifecyle Validation (`exp` and `iat`) in JWT IdP Provider

ZITADEL is an open source identity management platform. Prior to 3.4.12 and 4.15.2, ZITADEL's external JWT Identity Provider validation in internal/idp/providers/jwt/session.go skips the maximum token age freshness check when an incoming token omits the iat claim, allowing arbitrarily old tokens...

4.2CVSS6.1AI score0.00203EPSS
Exploits0References7
cvelist
cvelist
added last week31 views

CVE-2026-56664 ZITADEL: Missing Token Lifecyle Validation (`exp` and `iat`) in JWT IdP Provider

ZITADEL is an open source identity management platform. Prior to 3.4.12 and 4.15.2, ZITADEL's external JWT Identity Provider validation in internal/idp/providers/jwt/session.go skips the maximum token age freshness check when an incoming token omits the iat claim, allowing arbitrarily old tokens...

4.2CVSS0.00203EPSS
Exploits0References5
osv
osv
added 2026/07/06 8:43 p.m.4 views

GHSA-GV83-GQW6-9J2C GoFiber never set HSTS header in helmet middleware due to incorrect protocol check

Summary The helmet middleware in gofiber/fiber never sets the Strict-Transport-Security HSTS response header, even when HSTSMaxAge is explicitly configured, because the condition check at helmet.go:67 uses c.Protocol — which returns the HTTP protocol version string e.g., "HTTP/1.1", "HTTP/2.0" —...

4.8CVSS5.9AI score0.00212EPSS
Exploits1References2
ptsecurity
ptsecurity
added 2026/07/06 12:0 a.m.8 views

PT-2026-56054

Name of the Vulnerable Software and Affected Versions Fiber versions prior to 3.4.0 Description The helmet middleware in the Fiber web framework fails to set the Strict-Transport-Security HSTS response header, even when HSTSMaxAge is configured. This occurs because the logic in...

4.8CVSS6AI score0.00212EPSS
Exploits1References7
cgr
cgr
added 2026/06/26 8:22 p.m.8 views

GHSA-W879-237Q-WC7R vulnerabilities

Vulnerabilities for packages: flux-source-controller-fips, external-dns, argocd-image-updater-fips, backup-restore-operator, coder, amazon-ssm-agent-fips, crossplane-provider-azure-managedidentity, gitlab-runner-fips, cilium, crossplane-provider-azure-search, falcoctl, aactl,...

6.1AI score
Exploits0
wolfi
wolfi
added 2026/06/26 8:22 p.m.9 views

GHSA-W879-237Q-WC7R vulnerabilities

Vulnerabilities for packages: docker-machine-driver-harvester, skaffold, scorecard, cluster-api-azure-controller, crossplane-provider-azure-sql, steampipe, gitlab-runner, hcloud, syft, dagger, telegraf, flux-source-controller, terraform-provider-azurerm, kubescape, argo-events, tkn, age, trivy,...

6.1AI score
Exploits0
euvd
euvd
added 2026/06/25 8:44 a.m.9 views

EUVD-2026-39229

"Remember me" cookie age is not verified on the server. This potentially allows an attacker to intercept a valid cookie and reuse it indefinitely, even after the configured expiration time has passed. This issue affects all Apache Shiro versions from 1.2.4 through 2.x, and 3.0.0-alpha-1, only whe...

2CVSS5.9AI score0.00224EPSS
Exploits0References1
astralinux
astralinux
added 2026/06/24 3:11 p.m.7 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: f2fs: Fixed out-of-bounds access during read/writing of sysfs attributes. Some f2fs sysfs attributes suffer from out-of-bounds memory access and incorrect handling of integer values whose size is not 4 bytes. Example: vm: echo...

7.1CVSS5.8AI score0.00156EPSS
Exploits0References2
euvd
euvd
added 2026/06/17 6:35 p.m.11 views

EUVD-2025-210217

Unauthenticated Arbitrary File Download in Premium Age Verification / Restriction for WordPress = 3.0.2 versions...

7.5CVSS5.2AI score0.00294EPSS
Exploits0References2
nvd
nvd
added 2026/06/17 1:19 p.m.11 views

CVE-2025-49403

Unauthenticated Arbitrary File Download in Premium Age Verification / Restriction for WordPress = 3.0.2 versions...

7.5CVSS0.00294EPSS
Exploits0References1
cve
cve
added 2026/06/17 9:50 a.m.12 views

CVE-2025-49403

CVE-2025-49403 affects Premium Age Verification / Restriction for WordPress (WordPress plugin) versions <= 3.0.2. Unauthenticated Arbitrary File Download is reported; Patchstack notes vulnerability in versions

7.5CVSS5.2AI score0.00294EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/17 9:50 a.m.36 views

CVE-2025-49403 WordPress Premium Age Verification / Restriction for WordPress Plugin <= 3.0.2 - Arbitrary File Download Vulnerability

Unauthenticated Arbitrary File Download in Premium Age Verification / Restriction for WordPress = 3.0.2 versions...

7.5CVSS0.00294EPSS
Exploits0References1
Rows per page
Query Builder