Lucene search
+L

1553 matches found

osv
osv
added 2026/06/20 6:56 a.m.2 views

SUSE-SU-2026:22197-1 Security update for tomcat10

This update for tomcat10 fixes the following issues Update to Tomcat 10.1.55: - CVE-2026-41284: Unbounded read in WebDAV LOCK and PROPFIND handling bsc1265162. - CVE-2026-41293: HTTP/2 request headers not validated bsc1265163. - CVE-2026-42498: WebSocket authentication header exposure bsc1265165....

9.8CVSS6.7AI score0.01339EPSS
Exploits2References15
euvd
euvd
added 2026/06/16 9:32 p.m.12 views

EUVD-2026-37199

The device has a webserver that exposes a REST API authenticated with a constant token. The unauthenticated API can be used by an attacker to get access to system settings, modify the configuration and execute some commands e.g. system reboot...

8.6CVSS5.4AI score0.00232EPSS
Exploits0References2
nvd
nvd
added 2026/06/16 8:16 p.m.16 views

CVE-2026-22312

The device has a webserver that exposes a REST API authenticated with a constant token. The unauthenticated API can be used by an attacker to get access to system settings, modify the configuration and execute some commands e.g. system reboot...

8.6CVSS0.00232EPSS
Exploits0References1
cve
cve
added 2026/06/16 6:19 p.m.18 views

CVE-2026-22312

CVE-2026-22312 affects Radiflow iSAP Smart Collector. The device exposes a webserver REST API authenticated with a constant token, enabling an unauthenticated client to access system settings, modify configuration, and execute commands (e.g., system reboot). CVSS 3.1 indicates NETWORK attack vect...

8.6CVSS5.5AI score0.00232EPSS
Exploits0References1
nvd
nvd
added 2026/06/15 9:17 p.m.12 views

CVE-2026-49106

Unauthenticated PHP Object Injection in Integration for Contact Form 7 and Constant Contact = 1.1.6 versions...

9.8CVSS0.00383EPSS
Exploits0References1
cve
cve
added 2026/06/15 8:19 p.m.19 views

CVE-2026-49106

The CVE-2026-49106 entry concerns the WordPress plugin “Integration for Contact Form 7 and Constant Contact” (versions ≤ 1.1.6). The vulnerability is an unauthenticated PHP Object Injection in that integration, enabling an attacker to potentially manipulate PHP objects without authentication. The...

9.8CVSS5.3AI score0.00383EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/15 8:19 p.m.31 views

CVE-2026-49106 WordPress Integration for Contact Form 7 and Constant Contact plugin <= 1.1.6 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Integration for Contact Form 7 and Constant Contact = 1.1.6 versions...

9.8CVSS0.00383EPSS
Exploits0References1
euvd
euvd
added 2026/06/15 8:19 p.m.10 views

EUVD-2026-36883

Unauthenticated PHP Object Injection in Integration for Contact Form 7 and Constant Contact = 1.1.6 versions...

9.8CVSS5.3AI score0.00383EPSS
Exploits0References1
osv
osv
added 2026/06/15 5:32 p.m.7 views

GHSA-RRJ9-5Q2J-4GVR Symfony: Mailomat Mailer Webhook Parser Reads the HMAC Algorithm from the Request: Signature Algorithm Downgrade

Description Symfony\Component\Mailer\Bridge\Mailomat\Webhook\MailomatRequestParser::validateSignature parses the X-MOM-Webhook-Signature request header as algo=signature and passes the wire-supplied $algo directly to hashhmac when verifying the request against the configured webhook secret. The...

6.3CVSS5.5AI score0.00197EPSS
Exploits0References6
github
github
added 2026/06/15 5:32 p.m.8 views

Symfony: Mailomat Mailer Webhook Parser Reads the HMAC Algorithm from the Request: Signature Algorithm Downgrade

Description Symfony\Component\Mailer\Bridge\Mailomat\Webhook\MailomatRequestParser::validateSignature parses the X-MOM-Webhook-Signature request header as algo=signature and passes the wire-supplied $algo directly to hashhmac when verifying the request against the configured webhook secret. The...

6.3CVSS5.5AI score0.00197EPSS
Exploits0References6Affected Software2
osv
osv
added 2026/06/15 1:52 p.m.2 views

OPENSUSE-SU-2026:20986-1 Security update for perl-Crypt-SaltedHash

This update for perl-Crypt-SaltedHash fixes the following issues: Changes in perl-Crypt-SaltedHash: updated to 0.110.0 0.11 0.11 2026-05-20 14:05:07+01:00 Europe/London - Fixed metadata - Moved author tests into xt 0.10 2026-05-19 - Maintenance taken over by Robert Rothenberg - Updated the Git...

9.1CVSS5.8AI score0.00397EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/06/15 12:0 a.m.12 views

PT-2026-49508

Unauthenticated PHP Object Injection in Integration for Contact Form 7 and Constant Contact = 1.1.6 versions...

9.8CVSS5.3AI score0.00383EPSS
Exploits0References2
redhatcve
redhatcve
added 2026/06/05 7:31 p.m.11 views

CVE-2026-6839

Improper validation of STRING tensor offsets could allows malformed string metadata to trigger out of bounds access during constant tensor import in Samsung Open Source ONE Affected version is prior to commit 1.30.0...

6.6CVSS5.4AI score0.00102EPSS
Exploits0References1
patchstack
patchstack
added 2026/06/04 12:38 p.m.12 views

WordPress Integration for Contact Form 7 and Constant Contact plugin <= 1.1.6 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Frissi0n in WordPress Plugin Integration for Contact Form 7 and Constant Contact versions = 1.1.6...

9.8CVSS5.5AI score0.00383EPSS
Exploits0Affected Software1
attackerkb
attackerkb
added 2026/06/01 7:26 p.m.11 views

CVE-2026-5419

A flaw was found in gnutls. The PKCS7 padding check, performed during decryption, was not constant-time. This timing side-channel could allow a remote attacker to potentially leak sensitive information about the padding bytes through observable timing differences. This vulnerability is a form of...

3.7CVSS5.8AI score0.00379EPSS
Exploits0References12
github
github
added 2026/05/28 5:33 p.m.20 views

Symfony's Mailtrap Mailer Webhook Parser Never Verifies the X-Mt-Signature HMAC — Unauthenticated Webhook Event Injection

Description The Mailtrap mailer bridge ships a webhook request parser used to authenticate and decode the event callbacks Mailtrap POSTs to an application's webhook endpoint. Its doParseRequest $request, \SensitiveParameter string $secret method receives the configured webhook secret but never...

6.9CVSS5.8AI score0.00238EPSS
Exploits0References6Affected Software2
github
github
added 2026/05/28 5:22 p.m.13 views

Symfony's Mailjet Mailer Webhook Parser Never Verifies the Configured Secret — Unauthenticated Webhook Event Injection

Description The Mailjet mailer bridge and the LOX24 SMS notifier bridge both ship webhook request parsers used to authenticate and decode the event callbacks each provider POSTs to an application's webhook endpoint. Their doParseRequest $request, \SensitiveParameter string $secret methods receive...

6.9CVSS5.7AI score0.00348EPSS
Exploits0References7Affected Software3
osv
osv
added 2026/05/28 2:2 p.m.12 views

CLSA-2026-1779968889 Fix of 7 CVEs

SECURITY UPDATE: Authentication Bypass in digest authentication - debian/patches/CVE-2026-43512.patch: reject digest authentication attempts for unknown users in getDigest - CVE-2026-43512 SECURITY UPDATE: Account lockout bypass in LockOutRealm via case variation of user names -...

9.8CVSS5.8AI score0.01339EPSS
Exploits2References1
osv
osv
added 2026/05/28 10:16 a.m.5 views

UBUNTU-CVE-2026-46123

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: virtiobt: clamp rx length before skbput virtbtrxwork calls skbputskb, len where len comes directly from virtqueuegetbuf with no validation against the buffer we posted to the device. The RX skb is allocated in...

7.7CVSS5.9AI score0.00142EPSS
Exploits0References8
susecve
susecve
added 2026/05/28 3:55 a.m.15 views

SUSE CVE-2026-45933

In the Linux kernel, the following vulnerability has been resolved: bpf: Preserve id of register in synclinkedregs synclinkedregs copies the id of knownreg to reg when propagating bounds of knownreg to reg using the off of knownreg, but when knownreg was linked to reg like: knownreg = reg ; both...

5.8AI score0.00172EPSS
Exploits0References3
Rows per page
Query Builder