Lucene search
K

306228 matches found

EUVD
EUVD
added 2 hours ago4 views

EUVD-2026-43637

In versions up to and including 4.5.29 4.x branch and 5.1.4 5.x branch, the WebClientSession component of Eclipse Vert.x Web Client does not validate that the Domain attribute of a Set-Cookie response header matches the originating server's domain, in violation of RFC 6265 section 5.3. An attacke...

8.2CVSS6.1AI score
Exploits0References2
EUVD
EUVD
added 2 hours ago4 views

EUVD-2026-43634

In Eclipse KUKSA Databroker version 0.6.1, the kuksa.val.v2.VAL/PublishValue gRPC handler fails to validate the existence of the optional datapoint field in PublishValueRequest. When a request contains a valid signalid but omits datapoint, the server directly calls unwrap on request.datapoint,...

4.3CVSS6.1AI score
Exploits0References2
CVE
CVE
added 3 hours ago9 views

CVE-2026-15076

Vulnerability context: CVE-2026-15076 affects Eclipse Vert.x Web Client’s WebClientSession (versions up to 4.5.29 and 5.1.4). The issue is that the Domain attribute of a Set-Cookie header is not validated against the originating server’s domain. Root cause: WebClientSession stores cookies without...

8.2CVSS6.1AI score
Exploits0References1
CVE
CVE
added 3 hours ago8 views

CVE-2026-13699

CVE-2026-13699 affects Eclipse KUKSA Databroker 0.6.1. The gRPC handler kuksa.val.v2.VAL/PublishValue fails to validate the optional data_point in PublishValueRequest; if signal_id is valid but data_point is omitted, the code dereferences request.data_point (unwrap) and panics in the Tokio worker...

4.3CVSS6.1AI score
Exploits0References1
CVE
CVE
added 8 hours ago10 views

CVE-2026-15628

The CVE-2026-15628 affects zhayujie chatgpt-on-wechat CowAgent ≤ 2.1.1, specifically the Vision Tool’s Vision._download_to_data_url function. A manipulation of the image argument enables server-side request forgery, allowing remote initiation of attacks. Exploitation is supported by public disclo...

6.5CVSS6.3AI score
Exploits0References8
EUVD
EUVD
added 11 hours ago5 views

EUVD-2026-43597

setThemeRoot failed to enforce the sap-allowed-theme-origins allowlist. An attacker-controlled absolute cross-origin URL could be stored and used directly to construct a element, even when no tag was present in the document. The same bypass was reachable via the ?sap-themeRoot URL...

6.1CVSS6.2AI score
Exploits0References2
Cvelist
Cvelist
added 11 hours ago9 views

CVE-2026-44767 Allowlist Bypass in setThemeRoot() Enables Cross-Origin CSS Injection

setThemeRoot failed to enforce the sap-allowed-theme-origins allowlist. An attacker-controlled absolute cross-origin URL could be stored and used directly to construct a element, even when no tag was present in the document. The same bypass was reachable via the ?sap-themeRoot URL...

6.1CVSS
Exploits0References2
EUVD
EUVD
added 11 hours ago6 views

EUVD-2026-43595

SAP S/4HANA Draft operation does not perform necessary authorization checks for an authenticated user, a restricted user could access information within the entity resulting in escalation of privileges. This results in low impact on confidentiality, with no impact on integrity and availability of...

4.3CVSS6.1AI score
Exploits0References2
EUVD
EUVD
added 11 hours ago6 views

EUVD-2026-43591

SAP Commerce Cloud could retain a sample OAuth2 client with publicly documented sample credentials originating from sample configuration provided in SAP Help Portal documentation. If left unchanged, an unauthenticated attacker could use these well-known credentials to obtain a valid access token...

9.1CVSS6.1AI score
Exploits0References2
EUVD
EUVD
added 11 hours ago5 views

EUVD-2026-43587

SAP NetWeaver Application Server Java allows an unauthenticated attacker to inject malicious JavaScript through crafted URLs. When a victim accesses such a URL, the script executes in the user's browser, allowing the attacker to access sensitive session information and modify non-sensitive data...

8.2CVSS6.1AI score
Exploits0References2
EUVD
EUVD
added 11 hours ago5 views

EUVD-2026-43586

SAP NetWeaver Application Server ABAP allows an authenticated attacker to leverage logical errors in memory management to cause a memory corruption that could lead to unauthorized data access, modification, or system unavailability. This has high impact on confidentiality, integrity, and...

9.9CVSS6.1AI score
Exploits0References2
BDU FSTEC
BDU FSTEC
added yesterday15 views

The vulnerability of the Directum HR Pro system, which exists due to insufficient verification of input data, allows a perpetrator to disclose protected information.

The vulnerability of the Directum HR Pro system exists due to insufficient verification of input data. Exploiting this vulnerability can allow a malicious actor to disclose protected information by sending a specially crafted POST request...

7.7CVSS5.7AI score
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added yesterday14 views

The vulnerability of the Directum RX ECM system, related to deficiencies in access control, allows a perpetrator to compromise data integrity.

The vulnerability of the Directum RX ECM system is related to deficiencies in access control. Exploiting this vulnerability could allow a remote attacker to compromise data integrity...

5CVSS5.8AI score
Exploits0Affected Software1
Circl
Circl
added yesterday4 views

CVE-2026-4253

creationtimestamp| type| source ---|---|--- 2026-07-13 22:00:18+00:00| seen| https://t.me/GithubRedTeam/90566 2026-07-14 00:00:34+00:00| seen| https://t.me/GithubRedTeam/90566...

7.2CVSS6.1AI score0.06532EPSS
Exploits2References1
CVE
CVE
added yesterday7 views

CVE-2026-58500

CVE-2026-58500について、MCP Appium のcreateLocatorGeneratorUI が、バージョン1.85.10以前で、攻撃者が制御する要素属性(テキスト、content-desc、resource-id、ロケータ選択子)をHTMLテンプレートリテラルに直接埋め込み、HTML/JavaScript文脈のエスケープを行わないことが根本原因の未エスケープデータXSS を引き起こすコントリビューションです。被害者が対象アプリのUIをレンダリングすると、埋め込まれたスクリプトが実行され、window.parent.postMessageを介して任意のMCPツールの実行...

8.2CVSS6.2AI score
Exploits0References2
The Hacker News
The Hacker News
added yesterday10 views

CrashStealer macOS Malware Uses Notarized Dropper to Pass Gatekeeper Checks

Cybersecurity researchers have flagged a new macOS information stealer called CrashStealer that's capable of harvesting sensitive data from compromised systems. Unlike other information stealers that are built on AppleScript droppers or Objective-C-based wrappers, CrashStealer is implemented in...

6.2AI score
Exploits0
NVD
NVD
added yesterday5 views

CVE-2026-13221

Perl versions through 5.43.9 produce silently incorrect regular expression matches when an alternation of more than 65535 fixed string branches is compiled into a trie in Perlstudychunk. When such branches are combined into a trie, the delta between the first branch and the shared tail is stored ...

Exploits0References3
RedHat Linux
RedHat Linux
added yesterday3 views

Important: Red Hat Security Advisory: compat-openssl11 security update

An update for compat-openssl11 is now available for Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity ratin...

8.8CVSS6.1AI score0.02719EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added yesterday3 views

openssl: Heap Use-After-Free in OpenSSL PKCS7_verify()

A flaw was found in OpenSSL. When processing a specially crafted PKCS7 or S/MIME Secure/Multipurpose Internet Mail Extensions signed message, a heap use-after-free vulnerability in the PKCS7verify function can be triggered. This occurs if the SignedData digestAlgorithms field is present as an emp...

8.8CVSS6.2AI score0.02719EPSS
Exploits0References4
OSV
OSV
added yesterday3 views

PYSEC-2026-2946 PraisonAI: Coarse-Grained Tool Approval Cache Bypasses Per-Invocation Consent for Shell Commands

Summary The approval system in PraisonAI Agents caches tool approval decisions by tool name only, not by invocation arguments. Once a user approves executecommand for any command e.g., ls -la, all subsequent executecommand calls in that execution context bypass the approval prompt entirely...

5.5CVSS6.3AI score0.00116EPSS
Exploits0References7
Rows per page
Query Builder