Lucene search
K

64 matches found

EUVD
EUVD
added yesterday5 views

EUVD-2026-43636

Eclipse Kura versions prior to 5.6.2 trust the client-supplied X-Forwarded-For HTTP header as the authoritative source of the client IP address in audit log entries. The org.eclipse.kura.web2 Web Console and org.eclipse.kura.rest.provider REST API components use this header as the primary IP sour...

8.8CVSS6.1AI score0.00204EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday6 views

CVE-2026-9561

Eclipse Kura versions prior to 5.6.2 trust the client-supplied X-Forwarded-For HTTP header as the authoritative source of the client IP address in audit log entries. The org.eclipse.kura.web2 Web Console and org.eclipse.kura.rest.provider REST API components use this header as the primary IP sour...

8.8CVSS6.1AI score0.00204EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/29 5:17 p.m.8 views

CVE-2026-57942 LibreTranslate - IP Spoofing via X-Forwarded-For Header

LibreTranslate through 1.9.7, fixed in commit 397fd22, contains an IP spoofing vulnerability in the getremoteaddress function that allows unauthenticated attackers to spoof client IP addresses by injecting arbitrary values into the X-Forwarded-For header without trusted proxy validation. Attacker...

6.9CVSS5.9AI score0.00192EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/24 5:33 a.m.35 views

CVE-2026-10552 Blue Captcha <= 2.0.1 - Cross-Site Request Forgery via 'blcap_action' Parameter

The Blue Captcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 2.0.1. This is due to missing or incorrect nonce validation on the main admin panel blcapmainpage and on the Hall of Shame and Log subpages, which accept a 'blcapaction' / 'action'...

4.3CVSS0.00146EPSS
Exploits0References6
NVD
NVD
added 2026/06/19 9:16 p.m.12 views

CVE-2026-47203

Authelia is an open-source authentication and authorization server providing two-factor authentication and single sign-on SSO for applications via a web portal. In versions 4.38.0 through 4.39.19, when a user authenticates via Basic Auth i.e via the Authorization header with the Basic scheme on t...

6.3CVSS0.00308EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:45 p.m.11 views

CVE-2026-31019

In the Website module of Dolibarr ERP & CRM 22.0.4 and below, the application uses blacklist-based filtering to restrict dangerous PHP functions related to system command execution. An authenticated user with permission to edit PHP content can bypass this filtering, resulting in full remote code...

8.8CVSS6.8AI score0.00572EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/28 1:2 p.m.13 views

CVE-2026-48692

A flaw was found in FastNetMon Community Edition. The gRPC API server, exposed on port 50052, operates without any authentication mechanism. A remote attacker with local network access can exploit this vulnerability to ban arbitrary IP addresses, resulting in a denial of service for legitimate...

8.1CVSS6AI score0.00233EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/05/26 4:16 p.m.16 views

CVE-2026-48692

FastNetMon Community Edition through 1.2.9 exposes a gRPC API server on port 50052 with no authentication mechanism. The server is initialized with grpc::InsecureServerCredentials src/fastnetmon.cpp line 477 and a source code comment explicitly acknowledges 'Listen on the given address without an...

8.1CVSS6.2AI score0.00233EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/26 12:0 a.m.8 views

CVE-2026-48692

FastNetMon Community Edition through 1.2.9 exposes a gRPC API server on port 50052 with no authentication mechanism. The server is initialized with grpc::InsecureServerCredentials src/fastnetmon.cpp line 477 and a source code comment explicitly acknowledges 'Listen on the given address without an...

6.2AI score0.00233EPSS
Exploits0References4
OSV
OSV
added 2026/05/26 12:0 a.m.3 views

CVE-2026-48692

FastNetMon Community Edition through 1.2.9 exposes a gRPC API server on port 50052 with no authentication mechanism. The server is initialized with grpc::InsecureServerCredentials src/fastnetmon.cpp line 477 and a source code comment explicitly acknowledges 'Listen on the given address without an...

8.1CVSS6.3AI score0.00233EPSS
Exploits0References6
Malwarebytes
Malwarebytes
added 2026/04/03 2:37 p.m.9 views

Blocking children from social media is a badly executed good idea

While we can probably all agree that there is more than enough proof that social media is bad for the mental health of our children, the methods we are trying to block or ban them seem to do more harm than good. Across the world, lawmakers are tripping over each other to be seen “doing something”...

6AI score
Exploits0
OSV
OSV
added 2026/03/27 4:42 p.m.6 views

CVE-2026-34362 AVideo's WebSocket Token Never Expires Due to Commented-Out Timeout Validation in verifyTokenSocket()

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the verifyTokenSocket function in plugin/YPTSocket/functions.php has its token timeout validation commented out, causing WebSocket tokens to never expire despite being generated with a 12-hour timeout. This allows...

5.4CVSS5.8AI score0.00247EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/02/27 12:0 a.m.10 views

Calibre 访问控制错误漏洞

Calibre is an open-source, free tool developed by Kovid Goyal, a personal developer from India. It serves as a comprehensive e-book reading management and format conversion tool. Versions of Calibre prior to 9.4.0 contained a access control error vulnerability. This vulnerability stemmed from a...

5.3CVSS5.8AI score0.00148EPSS
Exploits1References1
Malwarebytes
Malwarebytes
added 2026/01/12 2:4 p.m.5 views

Regulators around the world are scrutinizing Grok over sexual deepfakes

Grok’s failure to block sexualized images of minors has turned a single “isolated lapse” into a global regulatory stress test for xAI’s ambitions. The response from lawmakers and regulators suggests this will not be solved with a quick apology and a hotfix. Last week we reported on Grok's apology...

6.5AI score
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-45067

Malicious code in bioql PyPI...

4.3CVSS5.1AI score0.0028EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2025/06/24 9:16 a.m.5 views

U.S. House Bans WhatsApp on Official Devices Over Security and Data Protection Issues

The U.S. House of Representatives has formally banned congressional staff members from using WhatsApp on government-issued devices, citing security concerns. The development was first reported by Axios. The decision, according to the House Chief Administrative Officer CAO, was motivated by worrie...

6.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 12:40 a.m.9 views

CVE-2022-41961

BigBlueButton is an open source web conferencing system. Versions prior to 2.4-rc-6 are subject to Ineffective user bans. The attacker could register multiple users, and join the meeting with one of them. When that user is banned, they could still join the meeting with the remaining registered...

4.3CVSS6.6AI score0.0028EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/11/07 6:33 a.m.5 views

Malicious code in client-req-bans (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e7b540646327a4a8326c496059737e3bb81af664a3c51951c1a4caeb0e265496 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References3
CNNVD
CNNVD
added 2024/11/01 12:0 a.m.6 views

SourceBans++ 安全漏洞

SourceBans++ is a global administration, banning and communication management system for the Source engine by the SourceBans++ Dev team. A security vulnerability exists in SourceBans++ versions prior to v.1.8.0. A remote attacker can exploit this vulnerability to obtain sensitive information via ...

7.5CVSS6.4AI score0.00463EPSS
Exploits0References1
OSV
OSV
added 2024/10/30 3:35 a.m.6 views

MAL-2024-10278 Malicious code in req-bans (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 891a9d8d6df58ad3743a6ec2db7217d78ec1fe0a3d8bb938181ec4ac26ee5489 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References3
Rows per page
Query Builder