Lucene search
K

908607 matches found

Cvelist
Cvelist
added 9 minutes ago1 views

CVE-2026-59149 Mockoon: Path traversal in templated `filePath` lets a request escape the served directory (prefix-only base check)

Mockoon provides way to design and run mock APIs. Prior to 9.7.0, a FILE response whose filePath embeds request data is confined by getSafeFilePath in packages/commons-server/src/libs/server/server.ts with resolvedPath.startsWithstaticBaseDir. That prefix test has no path-separator boundary, so a...

6.5CVSS
Exploits0References5
NVD
NVD
added 21 minutes ago1 views

CVE-2026-59720

Hoppscotch is an open source API development ecosystem. Prior to 2026.6.0, mock server creation in mock-server.service.ts does not persist the isPublic input field while schema.prisma defaults isPublic to true, causing mock servers linked to private collections to be publicly accessible without...

7.5CVSS
Exploits0References4
NVD
NVD
added 21 minutes ago2 views

CVE-2026-59817

Ghost is a Node.js content management system. From 6.27.0 before 6.44.0, Ghost's public donation checkout flow allowed an unauthenticated attacker to control donation checkout metadata and obtain full paid gift memberships for a minimal payment without exposing customer or member data or stealing...

5.3CVSS
Exploits0References5
The Hacker News
The Hacker News
added 30 minutes ago1 views

New GigaWiper Windows Backdoor Bundles Disk Wiping, Fake Ransomware, and Spyware

Microsoft has taken apart a destructive Windows backdoor it calls GigaWiper. What stands out is how it is built: not one tool but three older destructive programs bolted into one, offered as commands the operator can choose from. Each is a different way to break a machine: wipe the whole disk,...

6AI score
Exploits0
RedHat Linux
RedHat Linux
added 54 minutes ago0 views

net-imap: ruby: Net::IMAP: Information disclosure via man-in-the-middle attack bypassing TLS

A flaw was found in the Ruby net-imap library. When upgrading a cleartext IMAP connection to TLS using the Net::IMAPstarttls method, the library improperly handles certain responses received during STARTTLS negotiation. A man-in-the-middle MITM attacker can inject a predicted tagged OK response...

7.6CVSS0.00324EPSS
Exploits0References12
CVE
CVE
added 57 minutes ago4 views

CVE-2026-59817

Ghost is a Node.js content management system. From 6.27.0 before 6.44.0, Ghost's public donation checkout flow allowed an unauthenticated attacker to control donation checkout metadata and obtain full paid gift memberships for a minimal payment without exposing customer or member data or stealing...

5.3CVSS5.8AI score
Exploits0References5
Cvelist
Cvelist
added 57 minutes ago3 views

CVE-2026-59817 Ghost: Paid gift memberships obtainable at minimal cost via the donations feature

Ghost is a Node.js content management system. From 6.27.0 before 6.44.0, Ghost's public donation checkout flow allowed an unauthenticated attacker to control donation checkout metadata and obtain full paid gift memberships for a minimal payment without exposing customer or member data or stealing...

5.3CVSS
Exploits0References5
CVE
CVE
added 1 hour ago3 views

CVE-2026-59720

Hoppscotch is an open source API development ecosystem. Prior to 2026.6.0, mock server creation in mock-server.service.ts does not persist the isPublic input field while schema.prisma defaults isPublic to true, causing mock servers linked to private collections to be publicly accessible without...

7.5CVSS5.9AI score
Exploits0References4
Cvelist
Cvelist
added 1 hour ago4 views

CVE-2026-59720 Hoppscotch: Insecure Default Configuration Allows Public Exposure of Private Collection Data via Mock Server

Hoppscotch is an open source API development ecosystem. Prior to 2026.6.0, mock server creation in mock-server.service.ts does not persist the isPublic input field while schema.prisma defaults isPublic to true, causing mock servers linked to private collections to be publicly accessible without...

7.5CVSS
Exploits0References4
NVD
NVD
added 1 hour ago3 views

CVE-2026-59209

n8n is an open source workflow automation platform. Prior to 1.123.61, 2.27.4, and, 2.28.1, an authenticated member with use-only editor access to a shared workflow could read credential-populated headers exposed via the $request object inside an HTTP Request node's pagination expression and...

7.1CVSS
Exploits0References3
NVD
NVD
added 1 hour ago3 views

CVE-2026-51599

An insufficient input validation vulnerability in the RTSP service of MERCURY MIPC252W v1.0.5 Build 230306 Rel.79931n allows an unauthenticated remote attacker to render an individual TCP connection temporarily unusable via sending an RTSP request with a Content-Length header but no corresponding...

Exploits0References1
NVD
NVD
added 1 hour ago3 views

CVE-2026-15308

The incremental HTML parser html.parser.HTMLParser allows for CPU denial-of-service through repeated unterminated markup declarations when processing uncontrolled data...

10CVSS
Exploits0References7
NVD
NVD
added 1 hour ago2 views

CVE-2026-13462

PayRange Android app, version 7.0.7 and below, contains an SSL bypass vulnerability that allows invalid certificates to be accepted in application webviews. A remote and unauthenticated attacker can steal information that the user sends...

Exploits0References2
NVD
NVD
added 1 hour ago5 views

CVE-2026-13461

When coupled with the SSL bypass vulnerability, JavaScript can be injected into a WebView in the PayRange version 7.0.7 app. The injection of specific JavaScript function calls allows the attacker to escape the WebView sandbox and perform a number of dangerous actions on the user's device...

Exploits0References2
ATTACKERKB
ATTACKERKB
added 1 hour ago2 views

CVE-2026-15308

The incremental HTML parser html.parser.HTMLParser allows for CPU denial-of-service through repeated unterminated markup declarations when processing uncontrolled data...

10CVSS5.9AI score
Exploits0References4
Vulnrichment
Vulnrichment
added 1 hour ago2 views

CVE-2026-15308 Incremental HTMLParser feed() allows CPU-exhaustion DoS via repeated unterminated markup declarations

The incremental HTML parser html.parser.HTMLParser allows for CPU denial-of-service through repeated unterminated markup declarations when processing uncontrolled data...

10CVSS5.9AI score
Exploits0References7
EUVD
EUVD
added 1 hour ago2 views

EUVD-2026-42638

The incremental HTML parser html.parser.HTMLParser allows for CPU denial-of-service through repeated unterminated markup declarations when processing uncontrolled data...

10CVSS5.9AI score
Exploits0References3
CVE
CVE
added 1 hour ago5 views

CVE-2026-15308

CVE-2026-15308 affects the incremental HTML parser in Python’s html.parser.HTMLParser. The issue allows a CPU denial-of-service by processing uncontrolled data with repeated unterminated markup declarations, as described in public CVE entries. The CVSS 4.0 vector assigns a base score of 10.0 (CRI...

10CVSS5.9AI score
Exploits0References7
Cvelist
Cvelist
added 1 hour ago5 views

CVE-2026-15308 Incremental HTMLParser feed() allows CPU-exhaustion DoS via repeated unterminated markup declarations

The incremental HTML parser html.parser.HTMLParser allows for CPU denial-of-service through repeated unterminated markup declarations when processing uncontrolled data...

10CVSS
Exploits0References7
Cvelist
Cvelist
added 1 hour ago6 views

CVE-2026-13462 PayRange for Android, version 7.0.7, contains an SSL bypass vulnerability

PayRange Android app, version 7.0.7 and below, contains an SSL bypass vulnerability that allows invalid certificates to be accepted in application webviews. A remote and unauthenticated attacker can steal information that the user sends...

Exploits0References2
Rows per page
Query Builder