Lucene search
K

192384 matches found

OSV
OSV
added 2026/02/09 9:31 p.m.2 views

GHSA-37GF-GMXV-74WV Keycloak fails to verify if an Identity Provider (IdP) is enabled before issuing tokens

A flaw was found in Keycloak. A vulnerability exists in the jwt-authorization-grant flow where the server fails to verify if an Identity Provider IdP is enabled before issuing tokens. The issuer lookup mechanism lookupIdentityProviderFromIssuer retrieves the IdP configuration but does not filter...

8.8CVSS5.8AI score0.00449EPSS
Exploits0References10
Github Security Blog
Github Security Blog
added 2026/02/09 8:35 p.m.6 views

Craft CMS: save_images_Asset graphql mutation can be abused to exfiltrate AWS credentials of underlying host

Summary - The saveimagesAsset graphql mutation allows a user to give a url of an image to download. Url must use a domain, not a raw IP. - Attacker sets up domain attacker.domain with an A record of something like 169.254.169.254 special AWS metadata IP - Attacker invokes saveimagesAsset with url...

6.5CVSS5.7AI score0.00419EPSS
Exploits1References6Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/09 8:27 p.m.4 views

CVE-2026-25761 Command injection via crafted filenames in Super-linter Action

Super-linter is a combination of multiple linters to run as a GitHub Action or standalone. From 6.0.0 to 8.3.0, the Super-linter GitHub Action is vulnerable to command injection via crafted filenames. When this action is used in downstream GitHub Actions workflows, an attacker can submit a pull...

8.8CVSS6.1AI score0.01325EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/09 7:23 p.m.6 views

CVE-2026-2145

A vulnerability was identified in cym1102 nginxWebUI up to 4.3.7. The impacted element is an unknown function of the file /adminPage/conf/check of the component Web Management Interface. Such manipulation of the argument nginxDir leads to cross site scripting. The attack can be executed remotely...

5.4CVSS3.6AI score0.00264EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/02/09 7:23 p.m.6 views

CVE-2026-2169

A vulnerability has been found in D-Link DWR-M921 1.1.50. This impacts an unknown function of the file /boafrm/formLtefotaUpgradeFibocom. Such manipulation of the argument fotaurl leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the publi...

8.8CVSS5.5AI score0.02607EPSS
Exploits1References1
HackRead
HackRead
added 2026/02/09 6:16 p.m.5 views

Cyber Attack Hits European Commission Staff Mobile Systems

The European Commission reports a cyber attack on its central mobile infrastructure that may have exposed staff names and phone numbers...

5.5AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2026/02/09 5:12 p.m.9 views

A one-prompt attack that breaks LLM safety alignment

Large language models LLMs and diffusion models now power a wide range of applications, from document assistance to text-to-image generation, and users increasingly expect these systems to be safety-aligned by default. Yet safety alignment is only as robust as its weakest failure mode. Despite...

5.7AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/09 2:42 p.m.10 views

SolarWinds Web Help Desk Exploited for RCE in Multi-Stage Attacks on Exposed Servers

Microsoft has revealed that it observed a multi‑stage intrusion that involved the threat actors exploiting internet‑exposed SolarWinds Web Help Desk WHD instances to obtain initial access and move laterally across the organization's network to other high-value assets. That said, the Microsoft...

9.8CVSS8.2AI score0.8833EPSS
Exploits7
RedhatCVE
RedhatCVE
added 2026/02/09 1:23 p.m.12 views

CVE-2026-2147

A weakness has been identified in Tenda AC21 16.03.08.16. This impacts an unknown function of the file /cgi-bin/DownloadLog of the component Web Management Interface. Executing a manipulation can lead to information disclosure. The attack may be performed from remote. The exploit has been made...

6.9CVSS5.1AI score0.00521EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2026/02/09 11:57 a.m.6 views

iperf3: iperf Heap Buffer Overflow

A flaw was found in iperf3. An off-by-one error in the iperfauth.c file leads to a heap-based buffer overflow, potentially allowing a network attacker to trigger an application-level denial of service. This overflow occurs during the processing of authentication data. The vulnerability can only b...

10CVSS5.9AI score0.00365EPSS
Exploits0References6
GithubExploit
GithubExploit
added 2026/02/09 11:39 a.m.200 views

Exploit for CVE-2025-8671

CVE-2025-8671-vulnerability-POC- CVE-2025-8671 vulnerability P...

7.5CVSS5.5AI score0.04604EPSS
Exploits3
Cvelist
Cvelist
added 2026/02/09 10:2 a.m.35 views

CVE-2026-2227 D-Link DCS-931L setSystemAdmin doSystem command injection

A vulnerability was found in D-Link DCS-931L up to 1.13.0. Impacted is the function doSystem of the file /setSystemAdmin. Performing a manipulation of the argument AdminID results in command injection. The attack may be initiated remotely. The exploit has been made public and could be used. This...

5.8CVSS0.05351EPSS
Exploits1References6
OSV
OSV
added 2026/02/09 9:30 a.m.3 views

GHSA-6FGP-M6Q4-J3Q5 MCP Run Python Deno Sandbox Misconfiguration Allows SSRF Attacks via Localhost Access

Impact Server-Side Request Forgery SSRF: A security vulnerability exists in the mcp-run-python tool specifically within the Pydantic-AI integration due to an overly permissive Deno sandbox configuration. The tool configures the Deno runtime—which is intended to isolate the execution of untrusted...

5.8CVSS6.2AI score0.00165EPSS
Exploits0References3
NVD
NVD
added 2026/02/09 9:16 a.m.35 views

CVE-2026-25905

The Python code being run by 'runPython' or 'runPythonAsync' is not isolated from the rest of the JS code, allowing any Python code to use the Pyodide APIs to modify the JS environment. This may result in an attacker hijacking the MCP server - for malicious purposes including MCP tool shadowing...

5.8CVSS0.00177EPSS
Exploits0References1
NVD
NVD
added 2026/02/09 9:16 a.m.8 views

CVE-2026-2225

A flaw has been found in itsourcecode News Portal Project 1.0. This vulnerability affects unknown code of the file /admin/index.php of the component Administrator Login. This manipulation of the argument email causes sql injection. The attack can be initiated remotely. The exploit has been...

9.8CVSS0.00416EPSS
Exploits1References6
CVE
CVE
added 2026/02/09 7:39 a.m.38 views

CVE-2026-22903

Affects lighttpd-based server variants (modified lighttpd) where an unauthenticated remote attacker can send a crafted HTTP request with an overly long SESSIONID cookie. The underlying issue is a stack buffer overflow, triggered by the oversized cookie, leading to server crashes and potentially r...

9.8CVSS6.7AI score0.00667EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/09 7:20 a.m.4 views

CVE-2026-2236 HGiga|C&Cm@il - SQL Injection

C&Cm@il developed by HGiga has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents...

8.7CVSS6.3AI score0.0041EPSS
Exploits0References2
OSV
OSV
added 2026/02/09 5:16 a.m.4 views

CVE-2025-66594

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. Detailed messages are displayed on the error page. This information could be exploited by an attacker for other attacks. The affected products and versions are as follows: FAST/TOOLS Packages: RVSVRN, UNSVRN,...

5.3CVSS5.7AI score
Exploits0References1
NVD
NVD
added 2026/02/09 4:15 a.m.7 views

CVE-2025-66600

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product lacks HSTS HTTP Strict Transport Security configuration. When an attacker performs a Man in the middle MITM attack, communications with the web server could be sniffed. The affected products and...

8.8CVSS0.00308EPSS
Exploits0References1
CVE
CVE
added 2026/02/09 3:35 a.m.11 views

CVE-2025-66596

CVE-2025-66596 affects Yokogawa FAST/TOOLS. The issue is improper validation of request headers, where an attacker providing an invalid Host header can cause users to be redirected to malicious sites. Affected FAST/TOOLS packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB, across versions R9.01 to R1...

6.9CVSS5.3AI score0.00153EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder