Lucene search
K

33944 matches found

vulnersOsv
vulnersOsv
added 2026/05/06 12:0 a.m.9 views

org.apereo.cas:cas-server-support-configuration-cloud-amqp (>=8.0.0-RC1 <=8.0.0-RC4), org.apereo.cas:cas-server-webapp-init-config-server (>=8.0.0-RC1 <=8.0.0-RC4) +3 more potentially affected by CVE-2026-40981 via org.springframework.cloud:spring-cloud-config-server (>=5.0.0-M1 <=5.0.2)

org.springframework.cloud:spring-cloud-config-server MAVEN version =5.0.0-M1, =8.0.0-RC1, =8.0.0-RC1, =5.0.0, =5.0.0, =5.0.1 Source cves: CVE-2026-40981 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKCLOUD-16439020...

7.5CVSS5.8AI score0.00435EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/06 12:0 a.m.11 views

com.brihaspathee.artemis:config-server (>=0.0.1 <=1.0.2), com.brihaspathee.sapphire:config-server (>=1.0.0 <=1.0.7) +17 more potentially affected by CVE-2026-41004 via org.springframework.cloud:spring-cloud-config-server (>=4.0.0 <=4.3.2)

org.springframework.cloud:spring-cloud-config-server MAVEN version =4.0.0, =0.0.1, =1.0.0, =3.0.3, =0.5, =0.0.1, =0.1.41-Beta, =1.0.1, =1.2.1-rc1, =7.0.0, =7.0.0, =26.01.01, =26.06.01 - org.octopusden.cloud.config-server:config-server =2.0.4 and more Source cves: CVE-2026-41004 Source advisory:...

4.4CVSS5.7AI score0.00168EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/06 12:0 a.m.8 views

com.brihaspathee.artemis:config-server (>=0.0.1 <=1.0.2), com.brihaspathee.sapphire:config-server (>=1.0.0 <=1.0.7) +17 more potentially affected by CVE-2026-40982 via org.springframework.cloud:spring-cloud-config-server (>=4.0.0 <=4.3.2)

org.springframework.cloud:spring-cloud-config-server MAVEN version =4.0.0, =0.0.1, =1.0.0, =3.0.3, =0.5, =0.0.1, =0.1.41-Beta, =1.0.1, =1.2.1-rc1, =7.0.0, =7.0.0, =26.01.01, =26.06.01 - org.octopusden.cloud.config-server:config-server =2.0.4 and more Source cves: CVE-2026-40982 Source advisory:...

9.1CVSS5.7AI score0.00727EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/06 12:0 a.m.7 views

com.brihaspathee.artemis:config-server (>=0.0.1 <=1.0.2), com.brihaspathee.sapphire:config-server (>=1.0.0 <=1.0.7) +17 more potentially affected by CVE-2026-40981 via org.springframework.cloud:spring-cloud-config-server (>=4.0.0 <=4.3.2)

org.springframework.cloud:spring-cloud-config-server MAVEN version =4.0.0, =0.0.1, =1.0.0, =3.0.3, =0.5, =0.0.1, =0.1.41-Beta, =1.0.1, =1.2.1-rc1, =7.0.0, =7.0.0, =26.01.01, =26.06.01 - org.octopusden.cloud.config-server:config-server =2.0.4 and more Source cves: CVE-2026-40981 Source advisory:...

7.5CVSS5.7AI score0.00435EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/06 12:0 a.m.9 views

com.brihaspathee.artemis:config-server (>=0.0.1 <=1.0.2), com.brihaspathee.sapphire:config-server (>=1.0.0 <=1.0.7) +17 more potentially affected by CVE-2026-41002 via org.springframework.cloud:spring-cloud-config-server (>=4.0.0 <=4.3.2)

org.springframework.cloud:spring-cloud-config-server MAVEN version =4.0.0, =0.0.1, =1.0.0, =3.0.3, =0.5, =0.0.1, =0.1.41-Beta, =1.0.1, =1.2.1-rc1, =7.0.0, =7.0.0, =26.01.01, =26.06.01 - org.octopusden.cloud.config-server:config-server =2.0.4 and more Source cves: CVE-2026-41002 Source advisory:...

8.1CVSS5.7AI score0.0022EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2026/05/05 8:53 p.m.15 views

MagicMirror vulnerable to unauthenticated SSRF via /cors endpoint

Summary An unauthenticated Server-Side Request Forgery SSRF vulnerability in the /cors endpoint allows any remote attacker to force the MagicMirror² server to perform arbitrary HTTP requests to internal networks, cloud metadata services, and localhost services. The endpoint also expands environme...

9.2CVSS6AI score0.01623EPSS
Exploits1References4Affected Software1
Snyk
Snyk
added 2026/05/05 8:29 p.m.10 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the isSSRFSafeURL function. An attacker can access internal network resources and sensitive cloud metadata by submitting specially crafted URLs that use IPv4-mapped IPv6 notation, which bypasses the...

8.8CVSS5.8AI score0.00226EPSS
Exploits0References3
NVD
NVD
added 2026/05/05 8:16 p.m.8 views

CVE-2026-40280

Gotenberg is an API-based document conversion tool. In versions 8.30.1 and earlier, the default private-IP deny-lists for the --webhook-deny-list and --api-download-from-deny-list flags use a case-sensitive regular expression ^https?:// to match URL schemes. Because Go's net/url.Parse normalizes...

7.8CVSS0.00463EPSS
Exploits1References3
EUVD
EUVD
added 2026/05/05 7:19 p.m.9 views

EUVD-2026-27452

Twenty is an open source CRM built with NestJS Node.js. In versions 1.18.0 and earlier, the SSRF protection in twenty-server's SecureHttpClientService can be bypassed using IPv4-mapped IPv6 addresses in URL IP literals. Node.js's URL parser normalizes IPv4-mapped IPv6 addresses to compressed hex...

8.3CVSS5.8AI score0.0024EPSS
Exploits0References1
CVE
CVE
added 2026/05/05 7:19 p.m.16 views

CVE-2026-33975

CVE-2026-33975 affects Twenty-server SSRF protection in Twenty (NestJS) and can be bypassed in versions ≤ 1.18.0 by using IPv4-mapped IPv6 literals. The Node.js URL parser normalizes these to hex form (for example ::ffff:169.254.169.254 to ::ffff:a9fe:a9fe), while the isPrivateIp utility only rec...

8.3CVSS5.8AI score0.0024EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/05/05 6:33 p.m.11 views

arches (=8.0.0a1), avaintegration-metapackage (>=6.0.4.3 <=6.0.4.13) +38 more potentially affected by CVE-2026-35192 via django (>=6.0.0 <=6.0.4)

django PYPI version =6.0.0, =6.0.4.3, =2.0.0, =1.1.0, =0.1.0, =0.4.5 - django-ndr-core =0.70.2 - django-sb-simple-migrations =0.9.0 - django-tasks-aws =0.2.0b1 and more Source cves: CVE-2026-35192 Source advisory: OSV:GHSA-7H2M-M8VJ-598H...

6.5CVSS5.4AI score0.00544EPSS
Exploits0
Snyk
Snyk
added 2026/05/05 6:21 p.m.9 views

Server-side Request Forgery (SSRF)

Overview firefighter-incident is an Incident Management tool made for Slack using Django Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the CreateJiraBotView class. An attacker can access internal resources and exfiltrate sensitive data by submitting...

9.9CVSS5.9AI score0.00272EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/05/05 6:18 p.m.9 views

Important: Red Hat Security Advisory: multicluster engine for Kubernetes v2.11.0 General Availability

The multicluster engine for Kubernetes 2.11 General Availability release images, which add new features and enhancements, bug fixes, and updated container images. The multicluster engine for Kubernetes v2.11 images The multicluster engine for Kubernetes provides the foundational components that a...

9.8CVSS7.3AI score0.00978EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2026/05/05 5:30 p.m.13 views

arches (=8.0.0a1), avaintegration-metapackage (>=6.0.4.3 <=6.0.4.13) +38 more potentially affected by CVE-2026-6907 via django (>=6.0.0 <=6.0.4)

django PYPI version =6.0.0, =6.0.4.3, =2.0.0, =1.1.0, =0.1.0, =0.4.5 - django-ndr-core =0.70.2 - django-sb-simple-migrations =0.9.0 - django-tasks-aws =0.2.0b1 and more Source cves: CVE-2026-6907 Source advisory: SNYK:PYTHON-DJANGO-16425745...

5.3CVSS5.4AI score0.00358EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/05 5:30 p.m.9 views

arches (=8.0.0a1), avaintegration-metapackage (>=6.0.4.3 <=6.0.4.13) +38 more potentially affected by CVE-2026-5766 via django (>=6.0.0 <=6.0.4)

django PYPI version =6.0.0, =6.0.4.3, =2.0.0, =1.1.0, =0.1.0, =0.4.5 - django-ndr-core =0.70.2 - django-sb-simple-migrations =0.9.0 - django-tasks-aws =0.2.0b1 and more Source cves: CVE-2026-5766 Source advisory: SNYK:PYTHON-DJANGO-16425762...

6.3CVSS5.4AI score0.00423EPSS
Exploits0
NVD
NVD
added 2026/05/05 4:16 p.m.28 views

CVE-2026-7412

In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, the Operation Delegation feature fails to validate the destination URI of delegated requests. An unauthenticated remote attacker can exploit this design flaw to force the BaSyx server to execute blind HTTP POST requests to...

8.6CVSS0.00516EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/05 3:33 p.m.7 views

Malicious Package

Overview google-storage-cloud is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
GithubExploit
GithubExploit
added 2026/05/05 2:42 p.m.75 views

Exploit for Code Injection in Vmware Spring_Cloud_Function

No d...

9.8CVSS7.3AI score0.99939EPSS
Exploits36
The Hacker News
The Hacker News
added 2026/05/05 2:19 p.m.11 views

China-Linked UAT-8302 Targets Governments Using Shared APT Malware Across Regions

A sophisticated China-nexus advanced persistent threat APT group has been attributed to attacks targeting government entities in South America since at least late 2024 and government agencies in southeastern Europe in 2025. The activity is being tracked by Cisco Talos under the moniker UAT-8302 ,...

6AI score
Exploits0
Vulnrichment
Vulnrichment
added 2026/05/05 2:15 p.m.6 views

CVE-2026-7412

In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, the Operation Delegation feature fails to validate the destination URI of delegated requests. An unauthenticated remote attacker can exploit this design flaw to force the BaSyx server to execute blind HTTP POST requests to...

8.6CVSS6.1AI score0.00516EPSS
Exploits0References2
Rows per page
Query Builder