Lucene search
K

54248 matches found

Snyk
Snyk
added 2026/07/02 10:17 p.m.6 views

HTTP Request Smuggling

Overview webrick is a HTTP server toolkit that can be configured as an HTTPS server, a proxy server, and a virtual-host server. Affected versions of this package are vulnerable to HTTP Request Smuggling in the request process. An attacker can bypass request boundaries and interfere with HTTP...

7.5CVSS6AI score0.00289EPSS
Exploits0References2
NVD
NVD
added 2026/07/02 9:16 p.m.5 views

CVE-2026-58460

react-native-receive-sharing-intent contains a path traversal vulnerability that allows a co-resident malicious application to write files outside the intended cache directory by supplying a crafted displayname value containing dot-dot path components through a malicious ContentProvider. Attacker...

7.7CVSS0.00138EPSS
Exploits0References2
OSV
OSV
added 2026/07/02 9:16 p.m.3 views

DEBIAN-CVE-2026-38969

ruby webrick through v1.9.2 WEBrick reparses trailer Content-Length into canonical request state, enabling request smuggling...

7.5CVSS5.9AI score0.00289EPSS
Exploits0References1
NVD
NVD
added 2026/07/02 9:16 p.m.6 views

CVE-2026-38969

ruby webrick through v1.9.2 WEBrick reparses trailer Content-Length into canonical request state, enabling request smuggling...

7.5CVSS0.00289EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/02 8:10 p.m.33 views

CVE-2026-58460 react-native-receive-sharing-intent Path Traversal via _display_name

react-native-receive-sharing-intent contains a path traversal vulnerability that allows a co-resident malicious application to write files outside the intended cache directory by supplying a crafted displayname value containing dot-dot path components through a malicious ContentProvider. Attacker...

7.7CVSS0.00138EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/02 8:10 p.m.7 views

EUVD-2026-41437

react-native-receive-sharing-intent contains a path traversal vulnerability that allows a co-resident malicious application to write files outside the intended cache directory by supplying a crafted displayname value containing dot-dot path components through a malicious ContentProvider. Attacker...

7.7CVSS5.9AI score0.00138EPSS
Exploits0References2
CVE
CVE
added 2026/07/02 8:10 p.m.13 views

CVE-2026-58460

CVE-2026-58460 affects the React Native package react-native-receive-sharing-intent. A path traversal vulnerability allows a co-resident malicious app to write files outside the intended cache directory by supplying a crafted _display_name with dot-dot path components via a malicious ContentProvi...

7.7CVSS5.9AI score0.00138EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/02 8:10 p.m.6 views

CVE-2026-58460

react-native-receive-sharing-intent contains a path traversal vulnerability that allows a co-resident malicious application to write files outside the intended cache directory by supplying a crafted displayname value containing dot-dot path components through a malicious ContentProvider. Attacker...

7.7CVSS5.9AI score0.00138EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/02 8:4 p.m.38 views

CVE-2026-58467 Cockpit CMS 2.14.0 - Path Traversal Local File Inclusion via index.php

Cockpit CMS through 2.14.0 contains a path traversal and local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files or execute PHP files by including unvalidated PATHINFO derived from REQUESTURI in filesystem path construction without containment checks...

8.2CVSS0.0042EPSS
Exploits0References2
OSV
OSV
added 2026/07/02 7:9 p.m.3 views

GHSA-3VCG-PV95-PQ54 SFTPGo has stored XSS via inline parameter on public shares and user file download

Summary The inline query parameter on the browsable-share file download and on the authenticated user file download suppressed Content-Disposition: attachment, so an HTML file stored in a share or home directory could be served as text/html and execute in SFTPGo's web origin stored XSS. Impact Lo...

3.7CVSS5.8AI score0.00028EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/07/02 7:1 p.m.5 views

WordPress Ad Inserter – Ad Manager & AdSense Ads plugin <= 2.8.16 - Insecure Direct Object Reference to Authenticated (Contributor+) Arbitrary Post Content Disclosure vulnerability

Insecure Direct Object Reference to Authenticated Contributor+ Arbitrary Post Content Disclosure vulnerability discovered by nightward in WordPress Plugin Ad Inserter versions = 2.8.16...

4.3CVSS5.9AI score0.00273EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/07/02 6:1 p.m.6 views

CVE-2026-48743

A flaw was found in Envoy, an open source edge and service proxy. This vulnerability occurs when Envoy translates an HTTP/3 request that is complete at the transport layer but still carries a nonzero Content-Length into an HTTP/1 request for an upstream server. If the upstream server responds...

7.5CVSS5.6AI score0.00298EPSS
Exploits1References4
CVE
CVE
added 2026/07/02 4:15 p.m.23 views

CVE-2026-50282

Craft CMS contains an authorization issue in AssetsController::actionMoveFolder where calling with force=true to move a folder into a destination with a conflicting name can overwrite and delete the destination folder without destination delete permission. Affected versions are 5.0.0-RC1 and abov...

7.1CVSS5.7AI score0.00207EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/02 4:2 p.m.7 views

EUVD-2026-41409

Craft CMS is a content management system CMS. Versions 5.7.0 and above, prior to 5.9.21 contain a mass-assignment flaw in the bulk-duplicate element action. An attacker who is only able to duplicate their own entires can submit an arbitrary id through the newAttributes request parameter. The...

7.1CVSS5.9AI score0.00253EPSS
Exploits0References2
NVD
NVD
added 2026/07/02 12:17 p.m.7 views

CVE-2026-57763

Contributor Cross Site Scripting XSS in Structured Content = 1.7.0 versions...

6.5CVSS0.00139EPSS
Exploits0References1
NVD
NVD
added 2026/07/02 12:16 p.m.3 views

CVE-2025-69134

Unauthenticated Arbitrary Content Deletion in OpenAI Chatbot for WordPress – Helper = 1.1.4 versions...

7.5CVSS0.003EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/02 11:16 a.m.33 views

CVE-2026-57763 WordPress Structured Content plugin <= 1.7.0 - Cross Site Scripting (XSS) vulnerability

Contributor Cross Site Scripting XSS in Structured Content = 1.7.0 versions...

6.5CVSS0.00139EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/02 11:16 a.m.11 views

CVE-2026-57763

Contributor Cross Site Scripting XSS in Structured Content = 1.7.0 versions...

6.5CVSS5.8AI score0.00139EPSS
Exploits0References2
CVE
CVE
added 2026/07/02 11:16 a.m.17 views

CVE-2026-57763

CVE-2026-57763 affects the WordPress Structured Content plugin (versions ≤ 1.7.0). The description notes a Contributor Cross Site Scripting (XSS) vulnerability; the provided documents do not specify the exact root cause, impacted file(s), or remediation steps.

6.5CVSS5.8AI score0.00139EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/02 11:14 a.m.6 views

CVE-2025-69134

Unauthenticated Arbitrary Content Deletion in OpenAI Chatbot for WordPress – Helper = 1.1.4 versions...

7.5CVSS5.8AI score0.003EPSS
Exploits0References2
Rows per page
Query Builder