Lucene search
+L

5184 matches found

EUVD
EUVD
added yesterday9 views

EUVD-2026-45359

A security flaw has been discovered in Sipeed PicoClaw up to 0.2.9. This affects the function webhook.ParseRequest of the file pkg/channels/line/line.go of the component LINE Webhook. The manipulation results in authentication bypass by capture-replay. The attack may be launched remotely. The...

6.9CVSS5.5AI score0.0043EPSS
Exploits0References6
CVE
CVE
added yesterday7 views

CVE-2026-16083

Affected software: Sipeed PicoClaw up to version 0.2.9, specifically the LINE Webhook component (webhook.ParseRequest in pkg/channels/line/line.go). Vulnerability: Authentication bypass via capture-replay. Remote exploitable condition reported; exploit released publicly. Impact: Authentication by...

6.9CVSS5.5AI score0.0043EPSS
Exploits0References6
Cvelist
Cvelist
added yesterday26 views

CVE-2026-16083 Sipeed PicoClaw LINE Webhook line.go webhook.ParseRequest authentication replay

A security flaw has been discovered in Sipeed PicoClaw up to 0.2.9. This affects the function webhook.ParseRequest of the file pkg/channels/line/line.go of the component LINE Webhook. The manipulation results in authentication bypass by capture-replay. The attack may be launched remotely. The...

6.9CVSS0.0043EPSS
Exploits0References6
NVD
NVD
added 2 days ago8 views

CVE-2026-15943

A flaw was found in the Keycloak keycloak-services component, which handles the management of identity providers. The issue occurs when a delegated administrator updates an OIDC identity provider using a masked client secret sentinel value. Due to improper validation, Keycloak reuses the existing...

5.5CVSS0.00207EPSS
Exploits0References2
CVE
CVE
added 2 days ago11 views

CVE-2026-15943

A vulnerability in Keycloak's keycloak-services component affects identity provider management. When a delegated administrator updates an OIDC identity provider using a masked client secret sentinel value, the system performs improper validation and reuses the existing real secret even if fields ...

5.5CVSS5.4AI score0.00207EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2 days ago6 views

CVE-2026-15943

A flaw was found in the Keycloak keycloak-services component, which handles the management of identity providers. The issue occurs when a delegated administrator updates an OIDC identity provider using a masked client secret sentinel value. Due to improper validation, Keycloak reuses the existing...

5.5CVSS5.3AI score0.00207EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2 days ago8 views

CVE-2026-15943

A flaw was found in the Keycloak keycloak-services component, which handles the management of identity providers. The issue occurs when a delegated administrator updates an OIDC identity provider using a masked client secret sentinel value. Due to improper validation, Keycloak reuses the existing...

5.5CVSS5.3AI score0.00207EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 3 days ago7 views

SUSE CVE-2026-42533

A vulnerability exists in NGINX Plus and NGINX Open Source when a map directive uses regex matching and a string expression references the map's regex capture variables before referencing the map output variable. Alternatively, the same result could be achieved by using a non-cacheable variable i...

9.2CVSS6.3AI score0.0083EPSS
Exploits1References3
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-44823

PlaywrightCapture stored capture-specific configuration and runtime data as mutable class-level variables rather than instance-level variables. Consequently, multiple Capture objects running within the same Python process could share state, including HTTP headers, cookies, browser storage, HTTP...

7.1CVSS6.1AI score0.00295EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 3 days ago7 views

Google Chrome < 150.0.7871.128 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 150.0.7871.128. It is, therefore, affected by multiple vulnerabilities as referenced in the 202607stable-channel-update-for-desktop049796704 advisory. - Use after free in Aura. CVE-2026-15905 - Use after free in...

5.4AI score
Exploits0References15
NVD
NVD
added 4 days ago7 views

CVE-2026-63175

PlaywrightCapture stored capture-specific configuration and runtime data as mutable class-level variables rather than instance-level variables. Consequently, multiple Capture objects running within the same Python process could share state, including HTTP headers, cookies, browser storage, HTTP...

7.1CVSS0.00295EPSS
Exploits0References1
CVE
CVE
added 4 days ago14 views

CVE-2026-63175

PlaywrightCapture has a vulnerability where capture-specific configuration and runtime data are stored as mutable class-level variables instead of instance-level vars on the Catchure object. This can allow multiple Capture objects in the same Python process to share state such as HTTP headers, co...

7.1CVSS6.1AI score0.00295EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago44 views

CVE-2026-63175 Cross-Capture Session Data Leakage Due to Shared Mutable State in Looklyloo - PlaywrightCapture

PlaywrightCapture stored capture-specific configuration and runtime data as mutable class-level variables rather than instance-level variables. Consequently, multiple Capture objects running within the same Python process could share state, including HTTP headers, cookies, browser storage, HTTP...

7.1CVSS0.00295EPSS
Exploits0References1
OSV
OSV
added 4 days ago6 views

CVE-2026-63175 Cross-Capture Session Data Leakage Due to Shared Mutable State in Looklyloo - PlaywrightCapture

PlaywrightCapture stored capture-specific configuration and runtime data as mutable class-level variables rather than instance-level variables. Consequently, multiple Capture objects running within the same Python process could share state, including HTTP headers, cookies, browser storage, HTTP...

7.1CVSS6.1AI score0.00295EPSS
Exploits0References4
OSV
OSV
added 4 days ago6 views

JLSEC-2026-764 In affected libpcap versions during the setup of a remote packet capture the internal function...

In affected libpcap versions during the setup of a remote packet capture the internal function sockinitaddress calls getaddrinfo and possibly freeaddrinfo, but does not clearly indicate to the caller function whether freeaddrinfo still remains to be called after the function returns. This makes i...

4.4CVSS6.1AI score0.00227EPSS
Exploits0References4
OSV
OSV
added 4 days ago5 views

JLSEC-2026-765 Remote packet capture support is disabled by default in libpcap. When a user builds libpcap with...

Remote packet capture support is disabled by default in libpcap. When a user builds libpcap with remote packet capture support enabled, one of the functions that become available is pcapfindalldevsex. One of the function arguments can be a filesystem path, which normally means a directory with...

4.4CVSS6.1AI score0.0022EPSS
Exploits0References4
EUVD
EUVD
added 4 days ago8 views

EUVD-2026-44683

A vulnerability exists in NGINX Plus and NGINX Open Source when a map directive uses regex matching and a string expression references the map's regex capture variables before referencing the map output variable. Alternatively, the same result could be achieved by using a non-cacheable variable i...

9.2CVSS6.4AI score0.0083EPSS
Exploits1References1
AlpineLinux
AlpineLinux
added 4 days ago7 views

CVE-2026-42533

A vulnerability exists in NGINX Plus and NGINX Open Source when a map directive uses regex matching and a string expression references the map's regex capture variables before referencing the map output variable. Alternatively, the same result could be achieved by using a non-cacheable variable i...

9.2CVSS6.4AI score0.0083EPSS
Exploits1
Positive Technologies
Positive Technologies
added 4 days ago14 views

PT-2026-60178

Name of the Vulnerable Software and Affected Versions NGINX Plus versions prior to 37.0.3.1 NGINX Open Source versions prior to 1.31.3 NGINX Open Source versions prior to 1.30.4 NGINX Ingress Controller affected versions not specified Gateway Fabric affected versions not specified App Protect WAF...

9.2CVSS8.8AI score0.0083EPSS
Exploits1References24
RedHat Linux
RedHat Linux
added 6 days ago6 views

kernel: ALSA: usb-audio: Add sanity check for OOB writes at silencing

A flaw was found in the Linux kernel's ALSA Advanced Linux Sound Architecture USB audio subsystem. An inconsistency in how USB audio playback and capture streams are handled can lead to an out-of-bounds write to a memory buffer. This can result in a system crash, causing a denial of service for a...

7.8CVSS6AI score0.00123EPSS
Exploits0References5
Rows per page
Query Builder