Lucene search
K

236 matches found

RedHat Linux
RedHat Linux
added 2 days ago7 views

crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption

A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security TLS session resumption when certificate authority CA settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing ...

10CVSS6.8AI score0.00765EPSS
Exploits1References8
OSV
OSV
added 6 days ago2 views

GHSA-77PV-3W4Q-VRJ5 OpenClaw: QQBot pre-dispatch slash commands could skip allowFrom checks

Summary QQBot pre-dispatch slash commands could skip allowFrom checks. In affected versions, a QQBot sender able to invoke slash commands could dispatch the command before applying the configured allowFrom policy. This advisory is scoped to the named feature and configuration. It does not change...

6.9CVSS6AI score0.00192EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 6 days ago4 views

netty-handler: netty-handler: IPv6 subnet rule bypass due to incorrect masking operation

A flaw was found in netty-handler, a component of the Netty network application framework. A remote attacker can exploit an incorrect masking operation in the IpSubnetFilterRule.compareTo function to bypass configured IPv6 subnet rules. This allows valid public IP addresses to circumvent intended...

8.1CVSS5.9AI score0.00552EPSS
Exploits0References7
EUVD
EUVD
added 2026/07/01 12:34 a.m.5 views

EUVD-2026-40745

Insufficient policy enforcement in Parser in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass content security policy via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.00238EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.6 views

PT-2026-53878

Name of the Vulnerable Software and Affected Versions @fastify/express versions prior to 4.0.7 Description A middleware scoping flaw exists where plugin prefixes are not applied to middleware mount paths when the mount path is provided as an array or a regular expression. This occurs due to...

9.1CVSS6AI score0.00295EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-13676

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to canonicalize Unicode IDN hostnames for HTTP- family URLs. The IDN conversion path calls a helper that do...

7.5CVSS6AI score0.00274EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.7 views

PT-2026-53267

Name of the Vulnerable Software and Affected Versions fast-uri versions 2.3.1 through 3.1.2 fast-uri version 4.0.0 Description The software fails to canonicalize Unicode Internationalized Domain Names IDN for HTTP-family URLs. This occurs because the IDN conversion path utilizes a helper missing...

7.5CVSS5.8AI score0.00274EPSS
Exploits0References13
Debian
Debian
added 2026/06/26 3:6 p.m.10 views

[SECURITY] [DSA 6370-1] incus security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6370-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 26, 2026 https://www.debian.org/security/faq -...

6.1AI score0.00025EPSS
Exploits0
OSV
OSV
added 2026/06/25 9:31 p.m.4 views

GHSA-QHMF-XW27-6RQR MessagePack-CSharp: Typeless deserialization type restrictions do not recurse into arrays or generic arguments

Summary MessagePack-CSharp's typeless deserialization includes MessagePackSerializerOptions.ThrowIfDeserializingTypeIsDisallowedType as a safety check for dangerous types. The default implementation checks the outer type name, but it does not recursively inspect array element types or generic typ...

6.3CVSS5.9AI score0.00246EPSS
Exploits0References3
CVE
CVE
added 2026/06/25 3:45 p.m.13 views

CVE-2026-54040

Summary of CVE-2026-54040 (LibreChat): Before version 0.8.4-rc1, the POST /api/auth/2fa/backup/regenerate endpoint regenerates all 2FA backup codes without requiring a valid TOTP token or existing backup code verification. An attacker with a stolen session token can silently replace a victim’s 2F...

7.1CVSS6AI score0.0015EPSS
Exploits1References1Affected Software1
Snyk
Snyk
added 2026/06/23 9:22 p.m.4 views

Incomplete List of Disallowed Inputs

Overview Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs in the BasicPolymorphicTypeValidator.Builder.allowIfSubTypeIsArray method, which allowlists an array based only on clazz.isArray and does not validate the array's component type. An attacker who...

9.2CVSS5.8AI score0.00677EPSS
Exploits0References2
NVD
NVD
added 2026/06/22 10:16 p.m.7 views

CVE-2026-56321

Capgo backend Supabase edge functions before 12.128.2 does not apply the global authentication middleware to the GET /private/rolebindings/:orgid endpoint, unlike the POST and DELETE rolebindings routes, so unauthenticated requests reach the handler instead of being rejected at the middleware...

6.9CVSS0.00322EPSS
Exploits0References2
CVE
CVE
added 2026/06/22 9:4 p.m.13 views

CVE-2026-56321

Capgo (backend Supabase edge functions) before 12.128.2 fails to apply the global authentication middleware to GET /private/role_bindings/:org_id, unlike POST/DELETE for the same resource. Unaunthenticated requests reach the handler instead of middleware rejection, but the handler still performs ...

6.9CVSS5.9AI score0.00322EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/19 8:23 p.m.22 views

CVE-2026-48794 Authelia has an Edge Case Access Control Rule Mismatch

Authelia is an open-source authentication and authorization server providing two-factor authentication and single sign-on SSO for applications via a web portal. In versions 4.36.0 through 4.39.19, due to lack of canonicalization of domains in very specific edge cases, an access control rule may b...

2.3CVSS0.00283EPSS
Exploits0References2
CVE
CVE
added 2026/06/19 8:23 p.m.55 views

CVE-2026-48794

CVE-2026-48794 affects Authelia (versions 4.36.0–4.39.19). A domain canonicalization edge case can cause an access control rule to be skipped when it should match a request, under very specific conditions involving forwarded authorization, multi-segment subdomains (e.g., a.b.example.com vs exampl...

2.3CVSS5.8AI score0.00283EPSS
Exploits0References2
OSV
OSV
added 2026/06/17 8:17 p.m.4 views

DEBIAN-CVE-2026-48817

Starlette is a lightweight ASGI framework/toolkit. In versions 1.0.1 and below, when dispatching a request, HTTPEndpoint selects the handler by lowercasing the HTTP method and looking it up as an attribute with getattr, without restricting the lookup to a known set of HTTP verbs. When an...

5.3CVSS5.4AI score0.00213EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.21 views

PT-2026-49569

Name of the Vulnerable Software and Affected Versions Python-Multipart versions prior to 0.0.30 Description The parse options header function parsed Content-Disposition and Content-Type headers using email.message.Message, which applies RFC 2231/5987 decoding. This allows extended parameter synta...

5.3CVSS5.8AI score0.00177EPSS
Exploits0References11
SUSE CVE
SUSE CVE
added 2026/06/04 2:23 a.m.9 views

SUSE CVE-2026-43660

A validation issue was addressed with improved logic. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may prevent Content Security Policy from being...

7.1CVSS5.8AI score0.0027EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.24 views

PT-2026-46859

Summary The jwt and jwk middlewares do not verify that the Authorization header value uses theBearer scheme. Any two-part header value — regardless of the scheme name in the first position — proceeds to JWT verification. A request presenting a valid JWT under a non-Bearer scheme identifier such a...

6.5CVSS5.7AI score0.00199EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/02 11:27 a.m.12 views

org.eclipse.jetty/jetty-http: HTTP request smuggling via chunked extension quoted-string parsing

A flaw was found in Eclipse Jetty. The HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used. An attacker can inject crafted requests to manipulate and trick the parser. This issue can lead to security controls bypass, cache poisoning or unauthorized endpoint access...

9.1CVSS5.8AI score0.01127EPSS
Exploits1References6
Rows per page
Query Builder