Lucene search
K

9 matches found

CVE
CVE
added 2026/06/19 8:23 p.m.60 views

CVE-2026-48794

CVE-2026-48794 affects Authelia (versions 4.36.0–4.39.19). A domain canonicalization edge case can cause an access control rule to be skipped when it should match a request, under very specific conditions involving forwarded authorization, multi-segment subdomains (e.g., a.b.example.com vs exampl...

2.3CVSS5.8AI score0.00283EPSS
Exploits0References2
NVD
NVD
added 2026/05/05 8:16 p.m.8 views

CVE-2026-40280

Gotenberg is an API-based document conversion tool. In versions 8.30.1 and earlier, the default private-IP deny-lists for the --webhook-deny-list and --api-download-from-deny-list flags use a case-sensitive regular expression ^https?:// to match URL schemes. Because Go's net/url.Parse normalizes...

7.8CVSS0.00463EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/05/05 7:52 p.m.3 views

CVE-2026-40280

Gotenberg is an API-based document conversion tool. In versions 8.30.1 and earlier, the default private-IP deny-lists for the --webhook-deny-list and --api-download-from-deny-list flags use a case-sensitive regular expression ^https?:// to match URL schemes. Because Go's net/url.Parse normalizes...

8.8CVSS5.7AI score0.00538EPSS
Exploits2References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/30 12:0 a.m.15 views

PT-2026-37104

Name of the Vulnerable Software and Affected Versions Gotenberg versions 8.30.1 and earlier Description Gotenberg is an API-based document conversion tool. The default private-IP deny-lists for the --webhook-deny-list and --api-download-from-deny-list flags use a case-sensitive regular expression...

7.8CVSS5.8AI score0.00463EPSS
Exploits1References12
CNNVD
CNNVD
added 2025/04/28 12:0 a.m.5 views

libsoup 安全漏洞

libsoup is a GNOME HTTP client/server library from the GNOME Project. A security vulnerability exists in libsoup that stems from bypassing cookie domain validation via capitalized characters...

4.3CVSS4.8AI score0.00348EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2024/06/11 12:40 p.m.20 views

CVE-2024-5699

In violation of spec, cookie prefixes such as Secure were being ignored if they were not correctly capitalized - by spec they should be checked with a case-insensitive comparison. This could have resulted in the browser not correctly honoring the behaviors specified by the prefix. This...

9.8CVSS7.3AI score0.00773EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2023/06/14 12:0 a.m.10 views

PT-2023-24777 · Grav · Grav

Name of the Vulnerable Software and Affected Versions: Grav versions prior to 1.7.42 Description: The issue concerns a flat-file content management system where the denylist, introduced to prevent the execution of dangerous functions via malicious template injection, was insufficient. This allowe...

8.8CVSS7.7AI score0.02074EPSS
Exploits1References13
CNNVD
CNNVD
added 2023/04/20 12:0 a.m.5 views

Open Networking Foundation ONOS 安全漏洞

Open Networking Foundation ONOS is an open source SDN controller from Open Networking Foundation open source. It is used to build next-generation SDN/NFV solutions. A security vulnerability exists in Open Networking Foundation ONOS version 2.5.1, which stems from an Intent with a capital letter i...

9.8CVSS8.3AI score0.01007EPSS
Exploits1References3
CNVD
CNVD
added 2016/11/07 12:0 a.m.4 views

OIC Exponent CMS Privilege Bypass Vulnerability

OIC Exponent CMS is a free, open source modular content management system CMS based on PHP from the American OIC Group of companies. The system supports direct editing in the page, and provides user management, site configuration, content editing and other functions. A privilege bypass...

7.5CVSS6.9AI score0.01406EPSS
Exploits0References1
Rows per page
Query Builder