Lucene search
K

4591 matches found

Circl
Circl
added 2026/06/29 7:30 a.m.8 views

CVE-2026-10083

creationtimestamp| type| source ---|---|--- 2026-06-29 07:30:27+00:00| seen| https://infosec.exchange/users/offseq/statuses/116832221707811519 2026-06-29 07:30:29+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mpfxrflfcf2b 2026-06-29 07:54:05+00:00| seen|...

7.5CVSS5.8AI score0.00204EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/29 2:54 a.m.5 views

gnutls: GnuTLS: Policy bypass due to case-sensitive nameConstraints comparison

A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons of nameConstraints labels, specifically for dNSName DNS or rfc822Name email constraints within excludedSubtrees or permittedSubtrees. A remote attacker can exploit this by crafting a leaf...

7.4CVSS5.8AI score0.00566EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/06/29 2:40 a.m.5 views

gnutls: GnuTLS: Policy bypass due to case-sensitive nameConstraints comparison

A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons of nameConstraints labels, specifically for dNSName DNS or rfc822Name email constraints within excludedSubtrees or permittedSubtrees. A remote attacker can exploit this by crafting a leaf...

7.4CVSS5.8AI score0.00566EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.9 views

PT-2026-53690

Name of the Vulnerable Software and Affected Versions CSS::Minifier::XS versions prior to 0.14 Description The minify function contains a memory leak that occurs when processing a document consisting entirely of characters intended for removal, such as whitespace and comments, resulting in the...

6.5CVSS5.8AI score0.00238EPSS
Exploits0References5
NVD
NVD
added 2026/06/28 2:16 a.m.8 views

CVE-2026-58057

Flowise before 3.1.3 validates Custom MCP stdio environment variables against a denylist using a case-sensitive comparison, so on Windows, where environment names are case-insensitive, supplying 'nodeoptions' bypasses the NODEOPTIONS denylist entry. An authenticated user who can configure a Custo...

5CVSS0.0024EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/06/28 1:32 a.m.44 views

CVE-2026-58057 Flowise - Custom MCP Environment Variable Denylist Bypass via Case Sensitivity

Flowise before 3.1.3 validates Custom MCP stdio environment variables against a denylist using a case-sensitive comparison, so on Windows, where environment names are case-insensitive, supplying 'nodeoptions' bypasses the NODEOPTIONS denylist entry. An authenticated user who can configure a Custo...

5CVSS0.0024EPSS
Exploits1References3
CVE
CVE
added 2026/06/28 1:32 a.m.27 views

CVE-2026-58057

Flowise before 3.1.3 is affected: a case-sensitive denylist for Custom MCP stdio environment variables allows bypass on Windows (case-insensitive env names). An authenticated user who can configure a Custom MCP node can inject NODE_OPTIONS --require to execute arbitrary code in the Flowise server...

5CVSS6.1AI score0.0024EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/06/28 12:30 a.m.9 views

EUVD-2026-39968

The Frontend File Manager Plugin plugin for WordPress is vulnerable to Authenticated Arbitrary File Deletion in versions up to and including 23.6. This is due to a case-sensitive bypass of the wpfmdirpath parameter sanitization in the wpfmfilemetaupdate AJAX handler, where supplying WPFMDIRPATH i...

8.1CVSS5.8AI score0.00417EPSS
Exploits0References4
NVD
NVD
added 2026/06/28 12:16 a.m.11 views

CVE-2026-8095

The Frontend File Manager Plugin plugin for WordPress is vulnerable to Authenticated Arbitrary File Deletion in versions up to and including 23.6. This is due to a case-sensitive bypass of the wpfmdirpath parameter sanitization in the wpfmfilemetaupdate AJAX handler, where supplying WPFMDIRPATH i...

8.1CVSS0.00417EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/28 12:0 a.m.14 views

PT-2026-53089

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.1.3 Description An authenticated user can execute arbitrary code in the server context by configuring a Custom MCP node. The issue occurs because environment variables are validated against a denylist using a...

5CVSS6.1AI score0.0024EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-13035

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code via a malicious peripheral...

8.8CVSS6.2AI score0.00215EPSS
Exploits0References2
CVE
CVE
added 2026/06/27 11:28 p.m.16 views

CVE-2026-8095

CVE-2026-8095 — The Frontend File Manager Plugin for WordPress (up to version 23.6) is vulnerable to Authenticated Arbitrary File Deletion. A case-sensitive bypass of the wpfm_dir_path parameter sanitization in the wpfm_file_meta_update AJAX handler allows an attacker to overwrite the stored file...

8.1CVSS5.8AI score0.00417EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/27 11:28 p.m.27 views

CVE-2026-8095 Frontend File Manager Plugin <= 23.6 - Authenticated (Subscriber+) Arbitrary File Deletion

The Frontend File Manager Plugin plugin for WordPress is vulnerable to Authenticated Arbitrary File Deletion in versions up to and including 23.6. This is due to a case-sensitive bypass of the wpfmdirpath parameter sanitization in the wpfmfilemetaupdate AJAX handler, where supplying WPFMDIRPATH i...

8.1CVSS0.00417EPSS
Exploits0References3
Circl
Circl
added 2026/06/27 5:58 a.m.9 views

CVE-2026-13331

creationtimestamp| type| source ---|---|--- 2026-06-27 05:58:23+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mparov4yk72s 2026-06-27 08:16:07+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mpazf6ojtj2g 2026-06-29 19:22:24+00:00| seen|...

6.5CVSS5.8AI score0.0028EPSS
Exploits0References3
Circl
Circl
added 2026/06/26 11:45 p.m.12 views

CVE-2026-52785

creationtimestamp| type| source ---|---|--- 2026-06-26 23:45:24+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpa4twxjql23 2026-06-28 19:00:54+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mpenuzqf3u2x...

9.9CVSS5.8AI score0.00221EPSS
Exploits0References2
Circl
Circl
added 2026/06/26 10:50 p.m.7 views

CVE-2026-54350

creationtimestamp| type| source ---|---|--- 2026-06-26 22:50:31+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mp7zrsqa4s2x 2026-06-27 20:01:01+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mpcarllaqs2c 2026-06-29 19:21:10+00:00| seen|...

10CVSS5.8AI score0.00538EPSS
Exploits1References4
EUVD
EUVD
added 2026/06/26 10:32 p.m.9 views

EUVD-2026-38083

Authelia has an Edge Case Access Control Rule Mismatch...

2.3CVSS5.8AI score0.00283EPSS
Exploits0References3
OSV
OSV
added 2026/06/26 10:10 p.m.3 views

GHSA-2FMJ-P74R-3WJM PhpWeasyPrint vulnerable to PHAR deserialization via output filename (CVE-2023-28115 case-insensitive bypass)

Summary pontedilana/php-weasyprint guarded the output filename against the phar:// stream wrapper with a case-sensitive blacklist: php if 0 === \strpos$filename, 'phar://' throw new \InvalidArgumentException'The output file cannot be a phar archive.'; PHP stream wrappers are case-insensitive, so...

8.1CVSS6.5AI score0.00555EPSS
Exploits0References6
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/26 5:3 p.m.3 views

Security Bulletin: Vulnerabilities in Spring Security, Handlebars, Apache MINA and Apache Tomcat might affect IBM Storage Defender Copy Data Management

Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Spring Security, Handlebars, Apache MINA and Apache Tomcat. Vulnerabilities include an authorization bypass, providing the power necessary to let users build semantic templates, allowing arbitrary code to be...

9.8CVSS6.5AI score0.0178EPSS
Exploits5Affected Software1
Debian CVE
Debian CVE
added 2026/06/26 1:14 a.m.7 views

CVE-2026-48930

A flaw in Node.js TLS hostname handling can cause Embedded-nul hostnames can lead to silent authority rebinding due to c-string truncation in resolver bindings. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

9.8CVSS6.5AI score0.00405EPSS
Exploits0
Rows per page
Query Builder