Lucene search
K

38693 matches found

EUVD
EUVD
added 11 hours ago5 views

EUVD-2026-43555

CrewAI before 1.15.1 contains a server-side request forgery vulnerability in the validateurl function that performs one-shot DNS resolution and blocklist checks before returning the original URL unchanged. Attackers can bypass the security filter by supplying URLs that redirect to internal...

8.3CVSS6.1AI score
Exploits0References6
Nuclei
Nuclei
added yesterday44 views

Adobe Experience Manager - XML External Entity Injection

Adobe Experience Manager 6.5, 6.4, 6.3 and 6.2 are susceptible to XML external entity injection. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. id: CVE-2019-8086 info: name: Adobe...

7.5CVSS7AI score0.24141EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday24 views

WordPress CAS Theme <= 1.0.0 - Server-Side Request Forgery

The CAS WordPress theme through version 1.0.0 is vulnerable to Server-Side Request Forgery SSRF via the 'url' parameter in the getremotedata.php script. This vulnerability allows unauthenticated attackers to make the server perform requests to arbitrary URLs. id: CVE-2024-4399 info: name: WordPre...

9.1CVSS6.2AI score0.01836EPSS
Exploits2References2
Nuclei
Nuclei
added yesterday52 views

Gradio - Open Redirect

An open redirect vulnerability exists in the gradio-app/gradio, affecting the latest version. The vulnerability allows an attacker to redirect users to arbitrary websites, which can be exploited for phishing attacks, Cross-site Scripting XSS, Server-Side Request Forgery SSRF, amongst others. This...

6.1CVSS6.3AI score0.01021EPSS
Exploits1References1
Nuclei
Nuclei
added yesterday77 views

Keycloak - SAML Core Package Signature Validation Flaw

A flaw exists in the SAML signature validation method within the Keycloak XMLSignatureUtil class. The method incorrectly determines whether a SAML signature is for the full document or only for specific assertions based on the position of the signature in the XML document, rather than the Referen...

7.7CVSS6.6AI score0.0203EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday34 views

WordPress Stop User Enumeration <=1.3.7 - Cross-Site Scripting

WordPress Stop User Enumeration 1.3.7 and earlier are vulnerable to unauthenticated reflected cross-site scripting. id: CVE-2017-18536 info: name: WordPress Stop User Enumeration =1.3.7 - Cross-Site Scripting author: daffainfo severity: medium description: WordPress Stop User Enumeration 1.3.7 an...

6.1CVSS6.1AI score0.0203EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday49 views

GPT Academic v1.3.9 - Open Redirect

An open redirect vulnerability exists in GPT Academic v1.3.9, where the file parameter in the /file= endpoint can be manipulated to redirect users to malicious websites. This could facilitate phishing attacks by tricking users into visiting attacker-controlled URLs. id: CVE-2024-10812 info: name:...

6.1CVSS6.4AI score0.00574EPSS
Exploits1References1
Nuclei
Nuclei
added yesterday57 views

WordPress PhastPress <1.111 - Open Redirect

WordPress PhastPress plugin before 1.111 contains an open redirect vulnerability. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2021-24210 info: name: WordPress PhastPress 1.111 - Open...

6.1CVSS6.4AI score0.03066EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday144 views

SAP NetWeaver Development Infrastructure - Server Side Request Forgery

Server-Side Request Forgery SSRF vulnerability has been detected in the SAP NetWeaver Development Infrastructure Component Build Service versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50The SAP NetWeaver Development Infrastructure Component Build Service allows a threat actor who has access to the...

9.9CVSS7AI score0.67699EPSS
Exploits0References5
Nuclei
Nuclei
added 2 days ago139 views

Apache Tomcat - Open Redirect

Apache Tomcat versions prior to 9.0.12, 8.5.34, and 7.0.91 are prone to an open-redirection vulnerability because it fails to properly sanitize user-supplied input. id: CVE-2018-11784 info: name: Apache Tomcat - Open Redirect author: geeknik severity: medium description: | Apache Tomcat versions...

4.3CVSS6.6AI score0.94494EPSS
Exploits3References5
RedHat Linux
RedHat Linux
added 5 days ago3 views

apache-cxf: org.apache.cxf/cxf-rt-rs-security-oauth2: Apache CXF: Token Confusion/Routing attacks due to improper validation of JWT audience claims

A flaw was found in Apache CXF. The JwtAccessTokenValidator class fails to properly validate the 'aud' Audience claims within incoming JSON Web Token JWT access tokens. This vulnerability allows an attacker to reuse a JWT, originally intended for one resource server, against a different resource...

9.1CVSS5.9AI score0.00445EPSS
Exploits0References6
CVE
CVE
added 6 days ago20 views

CVE-2026-15041

The CVE describes a flaw in 389 Directory Server (389-ds-base): non-constant-time comparison in the PBKDF2-SHA256 password verification uses standard memcmp() instead of a constant-time function. This could allow a remote attacker to leverage timing measurements of LDAP bind attempts to infer par...

3.7CVSS5.9AI score0.003EPSS
Exploits0References2Affected Software3
RedhatCVE
RedhatCVE
added 6 days ago5 views

CVE-2026-60001

A flaw was found in OpenSSH's SSH daemon sshd. A remote attacker could exploit this vulnerability by repeatedly attempting authentication. The flaw allows the attacker to bypass the intended minimum authentication delay, which can facilitate brute-force attacks. This makes it easier for an attack...

6.5CVSS6AI score0.00265EPSS
Exploits0References6
OSV
OSV
added last week4 views

PYSEC-2026-2008 vantage6 vulnerable to username timing attack

Impact It is possible to find out usernames from the response time of login requests. This could aid attackers in credential attacks Workarounds No...

3.7CVSS5.9AI score0.00398EPSS
Exploits0References7
CVE
CVE
added 2026/07/07 12:0 a.m.10 views

CVE-2026-37271

CVE-2026-37271 affects Fire-Boltt Smartwatch FB BGS001 (Firmware MOY-JS14-2.0.4). The issue is improper authentication: the device accepts GATT Write Request commands without sufficient authentication or strong session validation. Under certain conditions, previously captured BLE packets can be r...

9.8CVSS6AI score0.00373EPSS
Exploits0References2
CVE
CVE
added 2026/07/06 11:17 p.m.15 views

CVE-2024-56141

Minosoft’s open-source Minecraft Java Edition client (Kotlin) uses AES with an IV equal to the secret key in CryptManager.kt since commit f1ae30e2. The non-random IV makes encryption vulnerable to chosen-ciphertext/plaintext attacks, enabling an attacker who can request specific encryptions to re...

5CVSS6AI score0.00111EPSS
Exploits0References2
OSV
OSV
added 2026/07/06 4:18 p.m.4 views

BIT-TOMCAT-2026-55955 Apache Tomcat: EncryptInterceptor not protected against replay attacks

Improper Authentication vulnerability in Apache Tomcat allowed a replay attack against the EncryptionInterceptor in the cluster component. This issue affects Apache Tomcat: from 11.0.0 through 11.0.22, from 10.1.0 through 10.1.55, from 9.0.13 through 9.0.18, from 8.5.38 through 8.5.100, from...

6.5CVSS5.9AI score0.0028EPSS
Exploits0References3
CVE
CVE
added 2026/07/04 1:23 a.m.22 views

CVE-2025-71342

CVE-2025-71342 affects picklescan prior to 0.0.30, which fails to detect malicious pickle files that use idlelib.run.Executive.runcode in reduce methods. This can allow code embedded in pickle files to execute during pickle.load, enabling remote code execution in PyTorch models and related supply...

8.1CVSS6.6AI score0.00427EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/02 1:46 p.m.5 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the Authorizer function. An attacker can determine valid usernames by measuring the response time difference between valid and invalid usernames during authentication attempts. Remediation There is no fixed...

6.9CVSS6AI score0.00516EPSS
Exploits0References2
Opera Security Advisories
Opera Security Advisories
added 2026/07/02 12:0 a.m.7 views

Here’s how Opera’s Paste Protect guards you natively against clipboard attacks

News, Security Here’s how Opera’s Paste Protect guards you natively against clipboard attacks Share July 2nd, 2026 At Opera, user security is a top priority. That’s why today, we are excited to announce that Opera is the first browser to introduce Paste Protect: a native defense measure against...

8.8CVSS7.5AI score0.01654EPSS
Exploits4References1
Rows per page
Query Builder