Lucene search
+L

4 matches found

Cvelist
Cvelist
added 2026/06/26 7:26 a.m.45 views

CVE-2026-2053 Unauthenticated Server-Side Request Forgery via WS-Addressing in WSO2 API Manager

The WSO2 API Manager's message flow component, when processing WS-Addressing headers, does not sufficiently validate or restrict user-controlled input within these headers. This omission allows an attacker to manipulate WS-Addressing headers to specify arbitrary destinations for server-initiated...

8.3CVSS0.00222EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:47 p.m.11 views

CVE-2026-6799

A security flaw has been discovered in Comfast CF-N1-S 2.6.0.1. Affected by this issue is some unknown functionality of the file /cgi-bin/mbox-config?method=SET=pingconfig of the component Endpoint. Performing a manipulation of the argument destination results in command injection. The attack can...

6.5CVSS6.3AI score0.01181EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/21 9:0 p.m.2 views

CVE-2026-6799

A security flaw has been discovered in Comfast CF-N1-S 2.6.0.1. Affected by this issue is some unknown functionality of the file /cgi-bin/mbox-config?method=SET&section=pingconfig of the component Endpoint. Performing a manipulation of the argument destination results in command injection. The...

6.5CVSS5.5AI score0.01181EPSS
Exploits0References4Affected Software1
AlpineLinux
AlpineLinux
added 2025/01/14 5:57 p.m.14 views

CVE-2024-12087

A path traversal vulnerability exists in rsync. It stems from behavior enabled by the --inc-recursive option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the --inc-recursive option, a lack of proper...

7.5CVSS7.3AI score0.02224EPSS
Exploits1
Rows per page
Query Builder