Lucene search
K

1086351 matches found

OSV
OSV
added 2026/06/18 1:52 p.m.4 views

GHSA-XQXV-4JC2-X56X ZITADEL: Missing client_id binding in OIDC authorization code exchange and refresh token flows (RFC 6749 Section 4.1.3 violation)

Summary Zitadel's OAuth2 / OIDC CodeExchange and RefreshToken implementations omit a critical validation step to ensure that the requesting client matches the client that originally initiated the authorization flow. This violates RFC 6749 Section 4.1.3, which mandates that the authorization serve...

7.4CVSS6AI score
Exploits0References5
OSV
OSV
added 2026/06/18 1:28 p.m.4 views

MINI-C6P5-QW5R-FM4X

Bulletin has no description...

9.8CVSS6.2AI score0.03571EPSS
Exploits1
Snyk
Snyk
added 2026/06/18 1:15 p.m.4 views

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write via the MagicYUV decoder process in the libavcodec library. An attacker can cause a denial of service or potentially execute arbitrary code by submitting a specially crafted file that triggers an odd sliceheight valu...

8.8CVSS6.2AI score0.00477EPSS
Exploits3References2
Patchstack
Patchstack
added 2026/06/18 1:5 p.m.6 views

NPM: piscina: Prototype Pollution Gadget → RCE via inherited options.filename

NPM: piscina: Prototype Pollution Gadget → RCE via inherited options.filename vulnerability discovered by ? in WordPress Npm piscina versions = 4.9.2...

8.1CVSS5.8AI score0.00296EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/18 1:5 p.m.3 views

GHSA-X9G3-XRWR-CWFG piscina: Prototype Pollution Gadget → RCE via inherited options.filename

Summary piscina's constructor and run paths read the filename option via plain member access: js // dist/index.js line 92 constructor const filename = options.filename ? 0, common1.maybeFileURLToPathoptions.filename : null; this.options = ...kDefaultOptions, ...options, filename, maxQueue: 0 ; //...

8.1CVSS5.5AI score0.00296EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/18 1:5 p.m.7 views

piscina: Prototype Pollution Gadget → RCE via inherited options.filename

Summary piscina's constructor and run paths read the filename option via plain member access: js // dist/index.js line 92 constructor const filename = options.filename ? 0, common1.maybeFileURLToPathoptions.filename : null; this.options = ...kDefaultOptions, ...options, filename, maxQueue: 0 ; //...

8.1CVSS5.4AI score0.00296EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/18 1:0 p.m.3 views

MINI-CP37-789X-W8FV

Bulletin has no description...

9.1CVSS5AI score0.01557EPSS
Exploits1
OSV
OSV
added 2026/06/18 12:59 p.m.6 views

MINI-RPX9-5MFC-WJ6X

Bulletin has no description...

9.1CVSS4.9AI score0.005EPSS
Exploits0
OSV
OSV
added 2026/06/18 12:58 p.m.4 views

MINI-8CV3-VQRM-38WR

Bulletin has no description...

9.1CVSS4.9AI score0.00338EPSS
Exploits0
OSV
OSV
added 2026/06/18 12:58 p.m.4 views

MINI-69FX-XVJW-73R4

Bulletin has no description...

9.6CVSS4.9AI score0.00478EPSS
Exploits0
CVE
CVE
added 2026/06/18 12:56 p.m.14 views

CVE-2026-54223

UBB.threads is vulnerable to path traversal that allows an attacker with template-edit privileges to read/write arbitrary files on the server, resulting in Remote Code Execution. The vulnerability is confirmed in version 7.7.5 and may affect other versions; no remediation details are provided in ...

8.6CVSS5.5AI score0.00628EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/18 12:56 p.m.7 views

CVE-2026-54223

UBB.threads is vulnerable to Path traversal, allowing attackers with privilege to edit templates to read and write any file on the application’s server that application has privileges to, what results in Remote Code Execution. Because vendor contact attempts were unsuccessful, the vulnerability...

8.6CVSS5.5AI score0.00628EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/18 12:56 p.m.7 views

EUVD-2026-37886

UBB.threads is vulnerable to Path traversal, allowing attackers with privilege to edit templates to read and write any file on the application’s server that application has privileges to, what results in Remote Code Execution. Because vendor contact attempts were unsuccessful, the vulnerability...

8.6CVSS5.5AI score0.00628EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/18 12:16 p.m.7 views

CVE-2026-40033

A flaw was found in FreeRDP.If a user connects to a malicious Remote Desktop RDP server, a security flaw in FreeRDP could cause the application to crash or allow the server to run unauthorized code on the user's system. Mitigation To mitigate this issue, users should avoid connecting to untrusted...

8.8CVSS5.4AI score0.00808EPSS
Exploits1References6
OSV
OSV
added 2026/06/18 12:6 p.m.3 views

MINI-G269-JFJP-8CM9

Bulletin has no description...

9.1CVSS4.9AI score0.00373EPSS
Exploits0
OSV
OSV
added 2026/06/18 12:5 p.m.3 views

MINI-4G82-6R3R-HRM6

Bulletin has no description...

9.1CVSS4.9AI score0.00457EPSS
Exploits0
OSV
OSV
added 2026/06/18 12:2 p.m.3 views

MINI-JC89-WP4R-6Q45

Bulletin has no description...

10CVSS5AI score0.6332EPSS
Exploits1
OSV
OSV
added 2026/06/18 11:51 a.m.3 views

MINI-W92W-459R-MMV6

Bulletin has no description...

9.1CVSS4.9AI score0.01557EPSS
Exploits1
OSV
OSV
added 2026/06/18 11:38 a.m.4 views

MINI-PWH4-Q2GH-8QGC

Bulletin has no description...

9.8CVSS4.9AI score0.00701EPSS
Exploits0
OSV
OSV
added 2026/06/18 11:29 a.m.3 views

MINI-WCC9-J593-JHW6

Bulletin has no description...

9.8CVSS5AI score0.00701EPSS
Exploits0
Rows per page
Query Builder