Lucene search
K

33949 matches found

Snyk
Snyk
added 2026/05/08 12:0 a.m.11 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the SimpleFunctionRegistry composition. An attacker can exhaust memory or trigger unbounded recursive function composition by supplying crafted function definitions that...

8.7CVSS5.8AI score0.00211EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/05/08 12:0 a.m.8 views

ch.sbb:spring-cloud-stream-binder-solace (>=8.0.0 <=9.0.2), cn.herodotus.dante:dante-authentication-autoconfigure (>=4.0.0.0-M2 <=4.0.0.0-M3) +157 more potentially affected by CVE-2026-40989 via org.springframework.cloud:spring-cloud-function-context (>=5.0.0-M1 <=5.0.1)

org.springframework.cloud:spring-cloud-function-context MAVEN version =5.0.0-M1, =8.0.0, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =6.0.0-beta.2, =6.0.0-beta.2, =6.0.0-beta.2, =6.0.0-beta.2, =6.0.0-beta.2, =6.0.0-beta.2, =1.0.0, =1.0.0, =2.0.0-RC1, =8.0.4 and more S...

6.5CVSS5.4AI score0.00211EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/08 12:0 a.m.8 views

ch.sbb:spring-cloud-stream-binder-solace (>=8.0.0 <=9.0.2), cn.herodotus.dante:dante-authentication-autoconfigure (>=4.0.0.0-M2 <=4.0.0.0-M3) +157 more potentially affected by CVE-2026-40990 via org.springframework.cloud:spring-cloud-function-context (>=5.0.0-M1 <=5.0.1)

org.springframework.cloud:spring-cloud-function-context MAVEN version =5.0.0-M1, =8.0.0, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =6.0.0-beta.2, =6.0.0-beta.2, =6.0.0-beta.2, =6.0.0-beta.2, =6.0.0-beta.2, =6.0.0-beta.2, =1.0.0, =1.0.0, =2.0.0-RC1, =8.0.4 and more S...

6.5CVSS5.4AI score0.00211EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/08 12:0 a.m.9 views

ch.admin.bit.jeap:jeap-spring-boot-config-starter (>=17.16.0 <=18.5.0), ch.sbb:spring-cloud-stream-binder-solace (>=4.0.0 <=7.4.5) +901 more potentially affected by CVE-2026-40989 via org.springframework.cloud:spring-cloud-function-context (>=4.0.0 <=4.3.2)

org.springframework.cloud:spring-cloud-function-context MAVEN version =4.0.0, =17.16.0, =4.0.0, =1.0.0, =1.0.1, =0.14.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0-RC2 and more Source cves: CVE-2026-40989 Source advisory:...

6.5CVSS5.4AI score0.00211EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/08 12:0 a.m.10 views

ch.admin.bit.jeap:jeap-spring-boot-config-starter (>=17.16.0 <=18.5.0), ch.sbb:spring-cloud-stream-binder-solace (>=4.0.0 <=7.4.5) +901 more potentially affected by CVE-2026-40990 via org.springframework.cloud:spring-cloud-function-context (>=4.0.0 <=4.3.2)

org.springframework.cloud:spring-cloud-function-context MAVEN version =4.0.0, =17.16.0, =4.0.0, =1.0.0, =1.0.1, =0.14.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0-RC2 and more Source cves: CVE-2026-40990 Source advisory:...

6.5CVSS5.4AI score0.00211EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.24 views

PT-2026-39208

Name of the Vulnerable Software and Affected Versions FastGPT versions prior to 4.14.11 Description The isInternalAddress function in packages/service/common/system/utils.ts fails to properly block cloud metadata endpoints. The function uses a fullUrl.startsWith check against a hardcoded list tha...

7.7CVSS5.8AI score0.00213EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.8 views

FilePress 注入漏洞

FilePress is a file-driven website building system developed by zyx0814. It supports cloud storage management and multi-mode file display. Versions of FilePress 2.2.0 and earlier had an injection vulnerability. This vulnerability stemmed from improper handling of the order parameter in the Shares...

7.5CVSS7.2AI score0.00272EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.16 views

PT-2026-38648

Name of the Vulnerable Software and Affected Versions electerm versions 3.x and earlier Description The getConstants IPC handler in src/app/lib/ipc-sync.js serializes the entire process.env object and sends it to the renderer, where it is stored as window.pre.env. This data is accessible to any...

6.5CVSS5.8AI score0.00103EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.8 views

FastGPT 代码问题漏洞

FastGPT is an open-source knowledge base question-answering system based on large language models developed by Labring. Versions of FastGPT 4.14.11 and earlier have code vulnerabilities. These vulnerabilities stem from the use of a hardcoded list in the isInternalAddress function for checking...

7.7CVSS5.9AI score0.00213EPSS
Exploits0References2
Veeam
Veeam
added 2026/05/08 12:0 a.m.17 views

Unstructured Data Backup from Google Cloud Storage fails with a Bad Request error

Challenge An Unstructured Data Backup of data from Google Cloud Storage added to Veeam Backup & Replication as an S3-Compatible Object Storage data source fails with the following error: Failed to perform object backup Error: Agent: Failed to process method NasMaster.ExecuteBackupProcessor: Faile...

5.8AI score
Exploits0Affected Software1
OSV
OSV
added 2026/05/07 10:32 p.m.5 views

GHSA-39J6-4867-GG4W utcp-http vulnerable to SSRF via attacker-controlled OpenAPI servers[0].url in HTTP communication protocol

Summary The utcp-http plugin is vulnerable to a blind Server-Side Request Forgery SSRF caused by a trust-boundary inconsistency between manual discovery and tool invocation. registermanual validates the discovery URL against an HTTPS / loopback allowlist, but calltool and calltoolstreaming reuse...

4.7CVSS5.9AI score0.00168EPSS
Exploits0References3
NVD
NVD
added 2026/05/07 10:16 p.m.19 views

CVE-2026-35428

Improper neutralization of special elements used in a command 'command injection' in Azure Cloud Shell allows an unauthorized attacker to perform spoofing over a network...

9.6CVSS0.00933EPSS
Exploits0References1
OSV
OSV
added 2026/05/07 9:28 p.m.4 views

GHSA-8MC6-XJPR-H98X Ech0 has Server-Side Request Forgery (SSRF) via Connect Handler fetchPeerConnectInfo

Summary The fetchPeerConnectInfo function in internal/service/connect/connect.go:214-239 uses httpUtil.SendRequest no SSRF protection instead of SendSafeRequest which has ValidatePublicHTTPURL with private IP blocking. This allows authenticated users to make the server request arbitrary URLs...

7.7CVSS5.9AI score
Exploits0References3
CVE
CVE
added 2026/05/07 8:58 p.m.20 views

CVE-2026-35428

CVE-2026-35428 affects Azure Cloud Shell and is described as improper neutralization of special elements used in a command (command injection) that allows an unauthorized attacker to perform spoofing over a network. The available references consistently attribute the issue to command injection wi...

9.6CVSS5.8AI score0.00933EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/05/07 8:58 p.m.43 views

CVE-2026-35428 Azure Cloud Shell Spoofing Vulnerability

...

9.6CVSS0.00933EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/07 8:58 p.m.9 views

CVE-2026-35428 Azure Cloud Shell Spoofing Vulnerability

...

9.6CVSS5.8AI score0.00933EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/07 8:58 p.m.6 views

CVE-2026-35428

Improper neutralization of special elements used in a command 'command injection' in Azure Cloud Shell allows an unauthorized attacker to perform spoofing over a network...

9.6CVSS5.8AI score0.00933EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/07 8:46 p.m.8 views

CVE-2026-42449 n8n-MCP: IPv4-mapped IPv6 addresses bypass SSRF protection in validateUrlSync(), enabling full SSRF for SDK embedders

n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. In versions 2.47.4 through 2.47.13, the SDK embedder path N8NDocumentationMCPServer constructor, getN8nApiClient, and validateInstanceContext, the synchronous URL validator in...

8.5CVSS5.8AI score0.00206EPSS
Exploits0References2
CVE
CVE
added 2026/05/07 6:8 p.m.15 views

CVE-2026-41905

FreeScout (PHP Laravel) before version 1.8.217 is affected by an SSRF issue in Helper::sanitizeRemoteUrl() where curlGetLastRedirectedUrl() returns the final destination URL but the code re-validates the original URL. This allows an attacker who can supply a URL passing the initial host check to ...

7.7CVSS5.8AI score0.00209EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2026/05/07 5:45 p.m.13 views

PCPJack Credential Stealer Exploits 5 CVEs to Spread Worm-Like Across Cloud Systems

Cybersecurity researchers have disclosed details of a new credential theft framework dubbed PCPJack that targets exposed cloud infrastructure and ousts any artifacts linked to TeamPCP from the environments. "The toolset harvests credentials from cloud, container, developer, productivity, and...

5.8AI score
Exploits0
Rows per page
Query Builder