Lucene search
K

374 matches found

Nuclei
Nuclei
added 3 days ago17 views

DELMIA Apriso - Command Injection

An Improper Control of Generation of Code code injection / file upload → RCE vulnerability affecting DELMIA Apriso Release 2020 → Release 2025. When an authenticated user can upload files and the upload handler fails to canonicalize filenames or enforce storage restrictions, an attacker may place...

8CVSS6.6AI score0.76148EPSS
Exploits0References3
OSV
OSV
added 2026/07/03 12:11 p.m.3 views

OPENSUSE-SU-2026:21231-1 Security update for python-pydata-sphinx-theme

This update for python-pydata-sphinx-theme fixes the following issues: Changes in python-pydata-sphinx-theme: - CVE-2026-13676: fast-uri: failure to canonicalize Unicode/IDN hostnames for HTTP-family URLs allows for bypass bsc1269597 revendor the vendored tarball with updated versions...

7.5CVSS5.9AI score0.00274EPSS
Exploits0References2
NVD
NVD
added 2026/06/29 11:16 p.m.11 views

CVE-2026-8023

Zephyr's HTTP server subsys/net/lib/http provides a static-filesystem resource type HTTPRESOURCETYPESTATICFS, available when CONFIGFILESYSTEM is enabled that serves files from a configured root directory. Before this fix, both the HTTP/1 and HTTP/2 front-ends placed the raw, attacker-controlled...

7.5CVSS0.00912EPSS
Exploits1References2
OSV
OSV
added 2026/06/29 2:16 p.m.13 views

DEBIAN-CVE-2026-13676

fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to canonicalize Unicode IDN hostnames for HTTP-family URLs. The IDN conversion path calls a helper that does not exist on the global URL constructor, silently leaving the host in its original Unicode form while normalize and equal still return...

7.5CVSS5.8AI score0.00274EPSS
Exploits0References1
NVD
NVD
added 2026/06/29 2:16 p.m.11 views

CVE-2026-13676

fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to canonicalize Unicode IDN hostnames for HTTP-family URLs. The IDN conversion path calls a helper that does not exist on the global URL constructor, silently leaving the host in its original Unicode form while normalize and equal still return...

7.5CVSS0.00274EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/29 1:22 p.m.40 views

CVE-2026-13676 fast-uri vulnerable to host confusion via failed IDN canonicalization

fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to canonicalize Unicode IDN hostnames for HTTP-family URLs. The IDN conversion path calls a helper that does not exist on the global URL constructor, silently leaving the host in its original Unicode form while normalize and equal still return...

7.5CVSS0.00274EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/29 1:22 p.m.14 views

CVE-2026-13676 fast-uri vulnerable to host confusion via failed IDN canonicalization

fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to canonicalize Unicode IDN hostnames for HTTP-family URLs. The IDN conversion path calls a helper that does not exist on the global URL constructor, silently leaving the host in its original Unicode form while normalize and equal still return...

7.5CVSS5.8AI score0.00274EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/29 1:22 p.m.7 views

EUVD-2026-40093

fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to canonicalize Unicode IDN hostnames for HTTP-family URLs. The IDN conversion path calls a helper that does not exist on the global URL constructor, silently leaving the host in its original Unicode form while normalize and equal still return...

7.5CVSS5.8AI score0.00274EPSS
Exploits0References2
OSV
OSV
added 2026/06/29 1:22 p.m.3 views

CVE-2026-13676 fast-uri vulnerable to host confusion via failed IDN canonicalization

fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to canonicalize Unicode IDN hostnames for HTTP-family URLs. The IDN conversion path calls a helper that does not exist on the global URL constructor, silently leaving the host in its original Unicode form while normalize and equal still return...

7.5CVSS6AI score0.00274EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.8 views

PT-2026-53267

Name of the Vulnerable Software and Affected Versions fast-uri versions 2.3.1 through 3.1.2 fast-uri version 4.0.0 Description The software fails to canonicalize Unicode Internationalized Domain Names IDN for HTTP-family URLs. This occurs because the IDN conversion path utilizes a helper missing...

7.5CVSS5.8AI score0.00274EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.11 views

PT-2026-53754

Name of the Vulnerable Software and Affected Versions Zephyr versions 4.0.0 through 4.4.0 Description The HTTP server subsys/net/lib/http contains a path traversal flaw when using the static-filesystem resource type HTTP RESOURCE TYPE STATIC FS with CONFIG FILE SYSTEM enabled. Both HTTP/1 and...

7.5CVSS6AI score0.00912EPSS
Exploits1References7
OSV
OSV
added 2026/06/27 12:12 a.m.6 views

GHSA-72R4-9C5J-MJ57 pnpm: `patch-remove` could delete project-selected files outside the patches directory

Summary The patch-remove deletion-scope issue tracked as GHSA-72r4-9c5j-mj57 / CAND-PNPM-030 has been addressed in pnpm. A crafted patch entry could resolve outside the configured patches directory and cause pnpm patch-remove to delete an arbitrary reachable file. This patch validates the...

7.1CVSS5.9AI score0.00257EPSS
Exploits1References4
EUVD
EUVD
added 2026/06/26 10:32 p.m.10 views

EUVD-2026-38083

Authelia has an Edge Case Access Control Rule Mismatch...

2.3CVSS5.8AI score0.00283EPSS
Exploits0References3
OSV
OSV
added 2026/06/26 10:32 p.m.3 views

GHSA-J748-H363-WQJ8 Authelia has an Edge Case Access Control Rule Mismatch

Impact CVSSv4 Baseline Score: Low 2.4 CVSSv4 Weighted Score: Low 1.3 The full CVSSv4 Vector for this vulnerability is: CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:P/CR:H/IR:L/AR:L/MAV:N/MAC:H/MAT:P/MPR:L/MVC:L/MVI:N/MVA:N/MSC:L/MSI:N/MSA:N/S:N/AU:Y/R:U/V:D/RE:L/U:Amber...

2.3CVSS5.7AI score0.00283EPSS
Exploits0References4
NVD
NVD
added 2026/06/26 9:16 p.m.8 views

CVE-2026-52884

Notepad++ is a free and open-source source code editor. In v8.9.6.1, isInTrustedDirectory does NOT canonicalize the path before checking. It uses a prefix-based check PathIsPrefix or equivalent that matches paths starting with trusted directory strings. A path traversal using ....\ after a truste...

7.8CVSS0.00155EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/26 9:5 p.m.13 views

EUVD-2026-37950

Relyra SAML SignatureValue not cryptographically verified - authentication bypass...

9.1CVSS5.8AI score0.00135EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/25 6:47 p.m.6 views

EUVD-2026-39536

Cursor is a code editor built for programming with AI. Prior to 3.0, Cursor runs agent terminal commands in a sandbox by default. Before a Write, the agent canonicalizes the target path to confirm it stays inside the workspace, but when canonicalization fails it falls back to the original path an...

9.3CVSS6.2AI score0.00638EPSS
Exploits0References1
OSV
OSV
added 2026/06/24 1:9 p.m.4 views

OESA-2026-2692 mongo-c-driver security update

mongo-c-driver is a project that includes two libraries: libmongoc, a client library written in C for MongoDB. libbson, a library providing useful routines related to building, parsing, and iterating BSON documents. Security Fixes: The MongoDB C Driver's Cyrus SASL integration performs unsafe...

8.6CVSS6.1AI score0.00126EPSS
Exploits0References2
OSV
OSV
added 2026/06/24 1:9 p.m.5 views

OESA-2026-2691 mongo-c-driver security update

mongo-c-driver is a project that includes two libraries: libmongoc, a client library written in C for MongoDB. libbson, a library providing useful routines related to building, parsing, and iterating BSON documents. Security Fixes: The MongoDB C Driver's Cyrus SASL integration performs unsafe...

8.6CVSS6.1AI score0.00126EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.18 views

PT-2026-53084

Name of the Vulnerable Software and Affected Versions 7-Zip for Windows versions prior to 26.02 Description 7-Zip fails to preserve the Mark-of-the-Web MotW when extracting a specially crafted RAR5 archive. The software uses a guard to suppress archive-supplied Zone.Identifier streams, but it onl...

4.8CVSS5.8AI score0.00119EPSS
Exploits0References11
Rows per page
Query Builder