Lucene search
+L

2734 matches found

nuclei
nuclei
added 10 hours ago151 views

Flowise 1.6.5 - Authentication Bypass

The flowise version = 1.6.5 is vulnerable to authentication bypass vulnerability. id: CVE-2024-31621 info: name: Flowise 1.6.5 - Authentication Bypass author: DhiyaneshDK severity: high description: | The flowise version = 1.6.5 is vulnerable to authentication bypass vulnerability. impact: |...

7.6CVSS7AI score0.59867EPSS
Exploits4References3
nuclei
nuclei
added 10 hours ago82 views

Nacos <1.4.1 - Authentication Bypass

This template only works on Nuclei engine prior to version 2.3.3 and version = 2.3.5. In Nacos before version 1.4.1, when configured to use authentication -Dnacos.core.auth.enabled=true Nacos uses the AuthFilter servlet filter to enforce authentication. This filter has a backdoor that enables Nac...

9.8CVSS7.1AI score0.74242EPSS
Exploits2References5
nuclei
nuclei
added 10 hours ago408 views

JFrog Artifactory 6.7.3 - Admin Login Bypass

JFrog Artifactory 6.7.3 is vulnerable to an admin login bypass issue because by default the access-admin account is used to reset the password of the admin account. While this is only allowable from a connection directly from localhost, providing an X-Forwarded-For HTTP header to the request allo...

9.8CVSS7AI score0.53879EPSS
Exploits3References5
cve
cve
added yesterday9 views

CVE-2026-47160

Vaultwarden is affected by a server-side request forgery (SSRF) in the /icons/{domain}/icon.png endpoint, where decimal/hexadecimal/octal IP representations bypassed should_block_address() and post_resolve() checks, enabling blind internal network or port discovery. The issue is fixed in version ...

5.8CVSS6.1AI score0.00048EPSS
Exploits0References4
cvelist
cvelist
added 2 days ago26 views

CVE-2026-45066 Symfony: HtmlSanitizer allowLinkHosts() / allowMediaHosts() Bypass via URL-Parser Differentials and <area> Misclassification

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 6.1.0-BETA1 until 6.4.40, 7.4.12, and 8.0.12, HtmlSanitizer URL sanitization can allow off-allowlist URLs through allowLinkHosts or allowMediaHosts because UrlSanitizer::parse follows RFC 3986...

2.3CVSS0.00454EPSS
Exploits0References5
vulnrichment
vulnrichment
added 2 days ago4 views

CVE-2026-50303 Windows Key Guard Security Feature Bypass Vulnerability

...

5.5CVSS6.1AI score0.00207EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2 days ago3 views

CVE-2026-49783 Secure Boot Security Feature Bypass Vulnerability

...

7.8CVSS6.1AI score0.00263EPSS
Exploits0References1
mscve
mscve
added 2 days ago7 views

Secure Boot Security Feature Bypass Vulnerability

Improperly implemented security check for standard in Windows Secure Boot allows an authorized attacker to bypass a security feature locally...

7.8CVSS6.1AI score0.00263EPSS
Exploits0
cve
cve
added 3 days ago9 views

CVE-2026-62184

CVE-2026-62184 affects the OpenWrt luci-app-banip component. The issue is a log-parsing vulnerability in an awk-based parser that always extracts the first IPv4 address from a log line, regardless of its actual field position. An unauthenticated remote attacker can inject an IP address via attack...

8.7CVSS6.2AI score0.00445EPSS
Exploits0References3
cve
cve
added 6 days ago8 views

CVE-2026-49213

TypeBot prior to version 3.17.2 contains an SSRF protection bypass in the shared validator (packages/lib/src/ssrf/validateHttpReqUrl.ts). The validator allows the IPv6 unspecified address :: (and its expanded form) to bypass local, metadata, and private range checks, enabling a workspace editor/c...

8.1CVSS6.1AI score0.00319EPSS
Exploits0References4
cvelist
cvelist
added 2026/07/09 5:8 p.m.35 views

CVE-2026-13461 PayRange version 7.0.7 contains a JavaScript injection vulnerability

When coupled with the SSL bypass vulnerability, JavaScript can be injected into a WebView in the PayRange version 7.0.7 app. The injection of specific JavaScript function calls allows the attacker to escape the WebView sandbox and perform a number of dangerous actions on the user's device...

0.0034EPSS
Exploits0References2
redhat
redhat
added 2026/07/09 2:49 p.m.4 views

fast-uri: fast-uri: Path traversal vulnerability allows bypass of security policies

A flaw was found in fast-uri. A remote attacker could exploit this vulnerability by providing a specially crafted Uniform Resource Locator URL containing percent-encoded path separators and dot segments. Due to incorrect processing, fast-uri would decode these elements before proper normalization...

7.5CVSS7.2AI score0.00521EPSS
Exploits0References6
redhat
redhat
added 2026/07/09 9:24 a.m.6 views

firefox: thunderbird: Same-origin policy bypass in the Networking: Cookies component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Same-origin policy bypass in the Networking: Cookies component...

9.1CVSS5.9AI score0.00189EPSS
Exploits0References6
redhat
redhat
added 2026/07/08 9:46 p.m.6 views

Important: Red Hat Security Advisory: tomcat security update

An update for tomcat is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

7.5CVSS7.2AI score0.21691EPSS
Exploits6References3
cvelist
cvelist
added 2026/07/08 8:50 p.m.33 views

CVE-2026-55778 Parse Server: Stored XSS via non-standard file extension bypassing file upload extension blocklist

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.9.1-alpha.11 and 8.6.81, the default fileUpload.fileExtensions blocklist could be bypassed by uploading a file with a non-standard or compound extension and dangerous content type,...

2.1CVSS0.00406EPSS
Exploits0References7
cvelist
cvelist
added 2026/07/08 7:56 p.m.33 views

CVE-2026-8801 File Extension Restriction Bypass in MOVEit Transfer

Path equivalence: vulnerability in Progress MOVEit Transfer File Upload modules. This issue affects MOVEit Transfer: before 2025.0.8, from 2025.1.0 before 2025.1.4...

3.5CVSS0.00311EPSS
Exploits0References1
cve
cve
added 2026/07/08 7:40 p.m.9 views

CVE-2026-58251

CVE-2026-58251 affects NATS Server prior to version 2.14.0, 2.12.7, and 2.11.16. An authenticated user with subscription deny permissions could bypass a plain Subject deny rule by using a queue subscription, because queue-specific deny evaluation could override the plain subject deny result when ...

6.5CVSS6AI score0.00463EPSS
Exploits0References7Affected Software1
redhat
redhat
added 2026/07/08 6:28 p.m.8 views

jackson-databind: jackson-databind: Arbitrary code execution via PolymorphicTypeValidator bypass

A flaw was found in jackson-databind. This vulnerability allows a remote attacker to bypass the PolymorphicTypeValidator PTV when polymorphic typing is enabled and a type identifier contains generic parameters. By crafting a malicious type ID, an attacker can place a denied class as a generic typ...

8.1CVSS6.2AI score0.00617EPSS
Exploits1References7
redhat
redhat
added 2026/07/08 4:38 p.m.6 views

Apache Tomcat: Apache Tomcat: Missing Encryption of Sensitive Data due to EncryptInterceptor bypass

A flaw was found in Apache Tomcat. This vulnerability, categorized as Missing Encryption of Sensitive Data, arises from a bypass in the EncryptInterceptor, a component designed to ensure data encryption. This bypass, introduced as a fix for CVE-2026-29146, allows sensitive data to remain...

7.5CVSS6.1AI score0.21691EPSS
Exploits6References5
osv
osv
added 2026/07/08 12:0 a.m.2 views

ALSA-2026:36790 Important: tomcat9 security, bug fix, and enhancement update

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participator...

7.5CVSS7AI score0.21691EPSS
Exploits6References6
Rows per page
Query Builder