Lucene search
+L

1926 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/19 5:22 a.m.3 views

CVE-2026-27542

Incorrect Privilege Assignment vulnerability in Rymera Web Co Pty Ltd. Woocommerce Wholesale Lead Capture allows Privilege Escalation.This issue affects Woocommerce Wholesale Lead Capture: from n/a through 2.0.3.1...

9.8CVSS5.8AI score0.0054EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/17 12:46 p.m.5 views

Exposure of Resource to Wrong Sphere

Overview Affected versions of this package are vulnerable to Exposure of Resource to Wrong Sphere due to improper handling of the session token cookie path. An attacker can gain unauthorized access to user sessions by capturing valid session tokens through co-hosted applications operating under t...

9.3CVSS5.8AI score0.00677EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/17 10:15 a.m.33 views

CVE-2026-28779 Apache Airflow: Path of session token in cookie does not consider base_url - session hijacking via co-hosted applications

Apache Airflow versions 3.1.0 through 3.1.7 session token token in cookies is set to path=/ regardless of the configured webserver baseurl or api baseurl. This allows any application co-hosted under the same domain to capture valid Airflow session tokens from HTTP request headers, allowing full...

0.00677EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/17 10:15 a.m.2 views

CVE-2026-28779 Apache Airflow: Path of session token in cookie does not consider base_url - session hijacking via co-hosted applications

Apache Airflow versions 3.1.0 through 3.1.7 session token token in cookies is set to path=/ regardless of the configured webserver baseurl or api baseurl. This allows any application co-hosted under the same domain to capture valid Airflow session tokens from HTTP request headers, allowing full...

5.8AI score0.00677EPSS
Exploits0References2
CVE
CVE
added 2026/03/17 10:15 a.m.21 views

CVE-2026-28779

Apache Airflow 3.1.0–3.1.7 exposes a session-token cookie path (/), ignoring configured webserver/api base_url. This enables co-hosted applications on the same domain to capture tokens and take over sessions without exploiting Airflow itself. Public descriptions consistently recommend upgrading t...

7.5CVSS5.8AI score0.00677EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/17 10:15 a.m.6 views

CVE-2026-28779 Apache Airflow: Path of session token in cookie does not consider base_url - session hijacking via co-hosted applications

Apache Airflow versions 3.1.0 through 3.1.7 session token token in cookies is set to path=/ regardless of the configured webserver baseurl or api baseurl. This allows any application co-hosted under the same domain to capture valid Airflow session tokens from HTTP request headers, allowing full...

7.5CVSS7AI score0.00677EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/03/17 12:0 a.m.5 views

PT-2026-25887

Apache Airflow versions 3.1.0 through 3.1.7 session token token in cookies is set to path=/ regardless of the configured webserver base url or api base url. This allows any application co-hosted under the same domain to capture valid Airflow session tokens from HTTP request headers, allowing full...

7.5CVSS5.7AI score0.00677EPSS
Exploits0References13
Tenable Nessus
Tenable Nessus
added 2026/03/06 12:0 a.m.6 views

RHEL 8 : grafana-pcp (RHSA-2026:3815)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:3815 advisory. The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and...

7.5CVSS7.2AI score0.01945EPSS
Exploits2References6
RedHat Linux
RedHat Linux
added 2026/03/05 6:11 a.m.10 views

Important: Red Hat Security Advisory: grafana-pcp security update

An update for grafana-pcp is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

7.5CVSS6.7AI score0.01945EPSS
Exploits2References3
OSV
OSV
added 2026/02/26 8:43 p.m.5 views

RLSA-2026:3187 Important: grafana-pcp security update

The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards. Security Fixes: golang: net/url: Memory exhaustion in query parameter parsing in net/url...

7.5CVSS5.6AI score0.01945EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/02/24 12:0 a.m.5 views

RHEL 8 : grafana-pcp (RHSA-2026:3187)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:3187 advisory. The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and...

10CVSS5.8AI score0.01945EPSS
Exploits1References6
OSV
OSV
added 2026/02/24 12:0 a.m.8 views

ALSA-2026:3187 Important: grafana-pcp security update

The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards. Security Fixes: golang: net/url: Memory exhaustion in query parameter parsing in net/url...

10CVSS5.6AI score0.01945EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2026/02/23 2:14 a.m.16 views

Important: Red Hat Security Advisory: grafana-pcp security update

An update for grafana-pcp is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

10CVSS6.7AI score0.01945EPSS
Exploits3References4
Tenable Nessus
Tenable Nessus
added 2026/02/23 12:0 a.m.6 views

RHEL 10 : grafana-pcp (RHSA-2026:3035)

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:3035 advisory. The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and...

10CVSS5.8AI score0.01945EPSS
Exploits3References8
OSV
OSV
added 2026/02/23 12:0 a.m.7 views

ALSA-2026:3035 Important: grafana-pcp security update

The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards. Security Fixes: crypto/x509: golang: Denial of Service due to excessive resource consumption v...

10CVSS5.9AI score0.01945EPSS
Exploits3References8
AlmaLinux
AlmaLinux
added 2026/02/23 12:0 a.m.8 views

Important: grafana-pcp security update

The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards. Security Fixes: crypto/x509: golang: Denial of Service due to excessive resource consumption v...

10CVSS5.8AI score0.01945EPSS
Exploits3References8
OSV
OSV
added 2026/02/23 12:0 a.m.8 views

ALSA-2026:3040 Important: grafana-pcp security update

The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards. Security Fixes: crypto/x509: golang: Denial of Service due to excessive resource consumption v...

10CVSS7.2AI score0.01945EPSS
Exploits3References8
VulnCheck KEV
VulnCheck KEV
added 2026/02/20 12:0 a.m.6 views

VulnCheck KEV: CVE-2026-27540

Unrestricted Upload of File with Dangerous Type vulnerability in Rymera Web Co Pty Ltd. Woocommerce Wholesale Lead Capture allows Using Malicious Files.This issue affects Woocommerce Wholesale Lead Capture: from n/a through 2.0.3.1...

9CVSS5.8AI score0.0047EPSS
In wildExploits2References4
vulnersOsv
vulnersOsv
added 2026/02/19 5:24 p.m.5 views

agentiq-semantic-kernel (>=1.0.0 <=1.1.0a20250428), agixt (>=1.1.76b0 <=1.3.71) +9 more potentially affected by CVE-2026-26030 via semantic-kernel (>=0.2.9.dev0 <=1.35.3)

semantic-kernel PYPI version =0.2.9.dev0, =1.0.0, =1.1.76b0, =1.1.0, =0.1.1, =0.1.0, =0.3.0, =1.2.0, =0.2.0, =0.0.1, =1.0.0, =1.0.9 Source cves: CVE-2026-26030 Source advisory: OSV:PYSEC-2026-163...

9.9CVSS5.4AI score0.02914EPSS
Exploits2
vulnersOsv
vulnersOsv
added 2026/02/06 6:37 p.m.4 views

agentiq-semantic-kernel (>=1.0.0 <=1.1.0a20250428), agixt (>=1.1.76b0 <=1.3.71) +9 more potentially affected by CVE-2026-25592 via semantic-kernel (>=0.2.9.dev0 <=1.35.3)

semantic-kernel PYPI version =0.2.9.dev0, =1.0.0, =1.1.76b0, =1.1.0, =0.1.1, =0.1.0, =0.3.0, =1.2.0, =0.2.0, =0.0.1, =1.0.0, =1.0.9 Source cves: CVE-2026-25592 Source advisory: OSV:GHSA-2WW3-72RP-WPP4...

9.9CVSS5.4AI score0.0195EPSS
Exploits0
Rows per page
Query Builder