Lucene search
K

1345 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:14 p.m.10 views

CVE-2026-40900

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the /de2api/datasetData/previewSql endpoint. The user-supplied SQL is wrapped in a subquery without validation that the input is a single SELECT statement...

8.8CVSS5.9AI score0.00342EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:13 p.m.10 views

CVE-2026-40213

OpenStack Cyborg before 16.0.1 uses rule:allow checkstr='@' as the default policy for multiple API endpoints. This unconditionally authorizes any request carrying a valid Keystone token regardless of roles, project membership, or scope. An authenticated user with zero role assignments can complet...

7.4CVSS5.6AI score0.00206EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/05 6:31 p.m.32 views

CVE-2026-5411 WP Captcha PRO <= 5.38 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Upload

The WP Captcha PRO the premium version of the Advanced Google reCAPTCHA plugin, both have the same slug plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 5.38. This is due to a capability check in the saveajax function of the licensing module,...

8.8CVSS0.00449EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:34 a.m.13 views

CVE-2026-6657

A flaw was found in jupyter-server. A remote attacker can bypass Cross-Origin Resource Sharing CORS origin validation when the alloworiginpat configuration is used. This vulnerability allows malicious domains to pass validation against patterns intended for trusted domains. This could lead to...

8.8CVSS5.7AI score0.00197EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2026/06/05 3:16 a.m.13 views

SUSE CVE-2026-6657

A vulnerability in jupyter-server versions 1.12.0 through 2.17.0 allows an attacker to bypass CORS origin validation when the alloworiginpat configuration is used. The issue arises from the use of re.match for validating the Origin header, which only anchors at the start of the string. This allow...

8.8CVSS6AI score0.00197EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.18 views

PT-2026-47032

Name of the Vulnerable Software and Affected Versions WP Captcha PRO versions prior to 5.39 Description The plugin is susceptible to arbitrary file upload, which can lead to remote code execution. The issue stems from a flawed capability check in the save ajax function within the licensing module...

8.8CVSS5.9AI score0.00449EPSS
Exploits0References7
NVD
NVD
added 2026/06/03 4:16 p.m.11 views

CVE-2026-6657

A vulnerability in jupyter-server versions 1.12.0 through 2.17.0 allows an attacker to bypass CORS origin validation when the alloworiginpat configuration is used. The issue arises from the use of re.match for validating the Origin header, which only anchors at the start of the string. This allow...

8.8CVSS0.00197EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/03 3:6 p.m.45 views

CVE-2026-6657 CORS Origin Validation Bypass in jupyter-server

A vulnerability in jupyter-server versions 1.12.0 through 2.17.0 allows an attacker to bypass CORS origin validation when the alloworiginpat configuration is used. The issue arises from the use of re.match for validating the Origin header, which only anchors at the start of the string. This allow...

6.1CVSS0.00197EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/06/03 3:6 p.m.12 views

CVE-2026-6657 CORS Origin Validation Bypass in jupyter-server

A vulnerability in jupyter-server versions 1.12.0 through 2.17.0 allows an attacker to bypass CORS origin validation when the alloworiginpat configuration is used. The issue arises from the use of re.match for validating the Origin header, which only anchors at the start of the string. This allow...

6.1CVSS6AI score0.00197EPSS
Exploits1References1
CVE
CVE
added 2026/06/03 3:6 p.m.28 views

CVE-2026-6657

CVE-2026-6657 affects jupyter-server versions 1.12.0–2.17.0. Root cause: use of re.match() for Origin validation in allow_origin_pat, allowing attacker-controlled domains to bypass CORS checks (e.g., trusted.example.com.evil.com) across CORS headers, WebSocket, referer validation, and login redir...

8.8CVSS6.6AI score0.00197EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/06/03 11:16 a.m.9 views

DEBIAN-CVE-2026-47065

ZDRES-232: resolveProxyClass Not Overridden - acceptMatchers Filter Bypass via java.lang.reflect.Proxy Assessment: Fully addressed. When the serialised stream contains a TCPROXYCLASSDESC the marker for a java.lang.reflect.Proxy , JDK’s ObjectInputStream.readProxyDesc is dispatched. JDK then calls...

9.8CVSS5.5AI score0.00468EPSS
Exploits0References1
NVD
NVD
added 2026/06/03 11:16 a.m.10 views

CVE-2026-47065

ZDRES-232: resolveProxyClass Not Overridden - acceptMatchers Filter Bypass via java.lang.reflect.Proxy Assessment: Fully addressed. When the serialised stream contains a TCPROXYCLASSDESC the marker for a java.lang.reflect.Proxy , JDK’s ObjectInputStream.readProxyDesc is dispatched. JDK then calls...

9.8CVSS0.00468EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/03 9:39 a.m.11 views

EUVD-2026-34069

ZDRES-232: resolveProxyClass Not Overridden - acceptMatchers Filter Bypass via java.lang.reflect.Proxy Assessment: Fully addressed. When the serialised stream contains a TCPROXYCLASSDESC the marker for a java.lang.reflect.Proxy , JDK’s ObjectInputStream.readProxyDesc is dispatched. JDK then calls...

9.8CVSS5.8AI score0.00468EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/06/03 9:39 a.m.8 views

CVE-2026-47065

ZDRES-232: resolveProxyClass Not Overridden - acceptMatchers Filter Bypass via java.lang.reflect.Proxy Assessment: Fully addressed. When the serialised stream contains a TCPROXYCLASSDESC the marker for a java.lang.reflect.Proxy , JDK’s ObjectInputStream.readProxyDesc is dispatched. JDK then calls...

9.8CVSS5.5AI score0.00468EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/06/03 9:39 a.m.7 views

CVE-2026-47065

ZDRES-232: resolveProxyClass Not Overridden - acceptMatchers Filter Bypass via java.lang.reflect.Proxy Assessment: Fully addressed. When the serialised stream contains a TCPROXYCLASSDESC the marker for a java.lang.reflect.Proxy , JDK’s ObjectInputStream.readProxyDesc is dispatched. JDK then calls...

9.8CVSS5.8AI score0.00468EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/03 9:39 a.m.11 views

CVE-2026-47065 Apache MINA: Critical Deserialization Allow-list Bypass via resolveProxyClass - ZDRES-232

ZDRES-232: resolveProxyClass Not Overridden - acceptMatchers Filter Bypass via java.lang.reflect.Proxy Assessment: Fully addressed. When the serialised stream contains a TCPROXYCLASSDESC the marker for a java.lang.reflect.Proxy , JDK’s ObjectInputStream.readProxyDesc is dispatched. JDK then calls...

9.8CVSS5.8AI score0.00468EPSS
Exploits0References1
CVE
CVE
added 2026/06/03 9:39 a.m.131 views

CVE-2026-47065

CVE-2026-47065 (Apache MINA context) describes two deserialization bypass issues: first, resolveProxyClass bypasses the accept/allow-list when JDK resolves proxy interfaces from a serialized proxy via ObjectInputStream.readProxyDesc(), and second, readClassDescriptor triggers static initializers ...

9.8CVSS5.8AI score0.00468EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.26 views

PT-2026-45913

Name of the Vulnerable Software and Affected Versions Java affected versions not specified Description Two issues exist regarding Java deserialization filters. First, a filter bypass occurs when a serialized stream contains a TC PROXYCLASSDESC marker for a java.lang.reflect.Proxy. In this case,...

9.8CVSS5.8AI score0.00468EPSS
Exploits0References18
Tenable Nessus
Tenable Nessus
added 2026/06/03 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-6657

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability in jupyter-server versions 1.12.0 through 2.17.0 allows an attacker to bypass CORS origin validation when the alloworiginpat configuration is...

8.8CVSS6.6AI score0.00197EPSS
Exploits1References3
OSV
OSV
added 2026/06/02 7:8 p.m.12 views

EEF-CVE-2026-48597 Atom table exhaustion via untrusted URL scheme in Tesla.Adapter.Mint

Summary Allocation of Resources Without Limits or Throttling vulnerability in elixir-tesla tesla allows denial of service via atom table exhaustion in Tesla.Adapter.Mint. Tesla.Adapter.Mint.openconn/2 converts the URL scheme of every outgoing request to a BEAM atom via String.toatomuri.scheme wit...

8.2CVSS5.8AI score0.00301EPSS
Exploits0References4
Rows per page
Query Builder