Lucene search
+L

136 matches found

CVE
CVE
added 4 days ago12 views

CVE-2026-15076

Vulnerability context: CVE-2026-15076 affects Eclipse Vert.x Web Client’s WebClientSession (versions up to 4.5.29 and 5.1.4). The issue is that the Domain attribute of a Set-Cookie header is not validated against the originating server’s domain. Root cause: WebClientSession stores cookies without...

8.2CVSS6.1AI score0.00157EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/10 12:0 a.m.9 views

PT-2026-57272

Name of the Vulnerable Software and Affected Versions MCP Server Kubernetes versions prior to 3.9.0 Description An argument injection issue exists in the structured tools kubectl get, kubectl describe, and kubectl delete. Improper input validation and argument parsing allow the resourceType and...

9.8CVSS6.1AI score0.00421EPSS
Exploits1References14
Microsoft CVE
Microsoft CVE
added 2026/07/09 8:1 a.m.6 views

sftp in OpenSSH before 10.4 does not properly constrain the location of downloaded files when "sftp server:/path ." is used with an attacker-controlled server.

...

5.4CVSS6.1AI score0.00241EPSS
Exploits0
OSV
OSV
added 2026/07/08 1:16 a.m.6 views

DEBIAN-CVE-2026-59995

sftp in OpenSSH before 10.4 does not properly constrain the location of downloaded files when "sftp server:/path ." is used with an attacker-controlled server...

5.4CVSS6AI score0.00241EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/08 12:4 a.m.7 views

EUVD-2026-42137

sftp in OpenSSH before 10.4 does not properly constrain the location of downloaded files when "sftp server:/path ." is used with an attacker-controlled server...

4.2CVSS6AI score0.00241EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/08 12:4 a.m.126 views

CVE-2026-59995

sftp in OpenSSH before 10.4 does not properly constrain the location of downloaded files when "sftp server:/path ." is used with an attacker-controlled server...

4.2CVSS0.00241EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/07/08 12:4 a.m.7 views

CVE-2026-59995

sftp in OpenSSH before 10.4 does not properly constrain the location of downloaded files when "sftp server:/path ." is used with an attacker-controlled server...

5.4CVSS6AI score0.00241EPSS
Exploits0
OSV
OSV
added 2026/07/08 12:4 a.m.3 views

CVE-2026-59995

sftp in OpenSSH before 10.4 does not properly constrain the location of downloaded files when "sftp server:/path ." is used with an attacker-controlled server...

4.2CVSS6.1AI score0.00241EPSS
Exploits0References5
AlpineLinux
AlpineLinux
added 2026/07/08 12:4 a.m.9 views

CVE-2026-59995

sftp in OpenSSH before 10.4 does not properly constrain the location of downloaded files when "sftp server:/path ." is used with an attacker-controlled server...

5.4CVSS5.9AI score0.00241EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.8 views

PT-2026-56286

Name of the Vulnerable Software and Affected Versions OpenSSH versions prior to 10.4 Description The sftp client does not properly constrain the location of downloaded files when the command sftp server:/path . is used to connect to an attacker-controlled server. Recommendations Update to version...

6.5CVSS6.1AI score0.00265EPSS
Exploits0References24
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.11 views

PT-2026-55971

Name of the Vulnerable Software and Affected Versions OpenAI Codex for macOS affected versions not specified Description The desktop application renders remote images from Markdown within model responses. An attacker can use indirect prompt injection—a technique where malicious instructions are...

6.5CVSS6AI score0.00221EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/02 7:41 p.m.40 views

CVE-2026-59096 Dapr - OIDC Discovery Issuer and JWKS URI Injection via Unvalidated X-Forwarded-Host

Dapr Sentry's OIDC discovery endpoint derives the issuer and jwksuri of the /.well-known/openid-configuration document from the request Host, honoring an attacker-controlled X-Forwarded-Host header without validation when no allowed-hosts list is configured the default, and serves the document wi...

8.2CVSS0.00246EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.15 views

PT-2026-52565

Name of the Vulnerable Software and Affected Versions OHIF affected versions not specified Description The DICOMWebProxy and DICOMJSON data sources, when used with default configurations, fetch an arbitrary URL parameter without proper validation. A global authentication service within the...

8.3CVSS6AI score0.00232EPSS
Exploits0References8
OSV
OSV
added 2026/06/11 7:16 a.m.13 views

MAL-2026-5596 Malicious code in 0x2ai-demo8x (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f6d1ce2d7b8faa5bde122eb2bc6e0a79fec5f5720cfa7de0718a0c8948b344d6 On npm install, scripts/postinstall.cjs copies the package's payload/ tree into INITCWD the consumer's project root using fs.cpSync,...

5.5AI score
Exploits0References1
OSV
OSV
added 2026/06/09 5:17 p.m.11 views

ALPINE-CVE-2026-42767

Issue summary: An attacker-controlled CMP Certificate Management Protocol server could trigger a NULL pointer dereference in a CMP client application. Impact summary: A NULL pointer dereference causes a crash of the application and a Denial of Service. An attacker controlling a CMP server or acti...

5.9CVSS5.5AI score0.00349EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 4:3 p.m.37 views

CVE-2026-42767 NULL Pointer Dereference in CRMF EncryptedValue Decryption

Issue summary: An attacker-controlled CMP Certificate Management Protocol server could trigger a NULL pointer dereference in a CMP client application. Impact summary: A NULL pointer dereference causes a crash of the application and a Denial of Service. An attacker controlling a CMP server or acti...

0.00349EPSS
Exploits0References6
OSV
OSV
added 2026/06/08 4:16 p.m.3 views

ALPINE-CVE-2026-44185

Buffer Over-read vulnerability in Apache HTTP Server via outbound OCSP requests to an attacker controlled OCSP server This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

7.3CVSS5.9AI score0.00598EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/08 3:11 p.m.10 views

CVE-2026-44186 Apache HTTP Server: Loop in `proxy_ftp_handler` in mod_proxy_ftp

Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in the modproxyftp module in Apache HTTP Server with an attacker controlled backend FTP server. This issue affects undefined: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

5.4AI score0.00562EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.23 views

PT-2026-47323

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.4.0 through 2.4.67 Description A buffer over-read occurs during outbound OCSP Online Certificate Status Protocol requests sent to an attacker-controlled OCSP server. A buffer over-read is a condition where a syste...

7.5CVSS5.6AI score0.00937EPSS
Exploits0References154
RedhatCVE
RedhatCVE
added 2026/06/05 7:20 p.m.13 views

CVE-2026-23818

A vulnerability has been identified in the graphical user interface GUI of HPE Aruba Networking Private 5G Core On-Prem that could allow an attacker to abuse an open redirect vulnerability in the login flow using a crafted URL. Successful exploitation may redirect an authenticated user to an...

9.6CVSS5.7AI score0.00321EPSS
Exploits0References1
Rows per page
Query Builder