Lucene search
K

74168 matches found

NVD
NVD
added 10 minutes ago1 views

CVE-2026-38979

ajenti through v2.2.13 has a clickjacking weakness in the browser-facing login and administrative UI. In ajenti-core/aj/http.py, the core HTTP response path initializes an empty header list, forwards handler-added headers verbatim, and finalizes responses through WSGI startresponse without adding...

Exploits0References2
Github Security Blog
Github Security Blog
added 1 hour ago7 views

Dragonfly scheduler v1 gRPC unauthenticated SSRF via attacker-controlled PeerHost in DownloadTinyFile

Summary The Dragonfly scheduler's v1 gRPC service contains an unauthenticated Server-Side Request Forgery SSRF. When a peer reports a successful download of a TINY task, the scheduler calls Peer.DownloadTinyFile and issues an HTTP GET to a host and port taken verbatim from the attacker-controlled...

6.3AI score
Exploits0References9Affected Software1
NVD
NVD
added 2 hours ago2 views

CVE-2026-50134

Hugo is a static site generator. From 0.91.0 until 0.162.0, resources.GetRemote enforces security.http.urls on the URL it is called with, but it did not re-validate intermediate URLs on HTTP 3xx redirects. An allowed server or an attacker controlling its DNS or response could therefore redirect t...

6.3CVSS0.00024EPSS
Exploits0References3
NVD
NVD
added 2 hours ago2 views

CVE-2026-41514

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 4.5.0 and prior to version 4.11.0, the RSA-OAEP decryption implementation in the Hisilicon HPRE crypto driver uses...

2.5CVSS
Exploits0References1
Cvelist
Cvelist
added 2 hours ago4 views

CVE-2026-50134 Hugo: security.http.urls allow-list bypass via HTTP redirects

Hugo is a static site generator. From 0.91.0 until 0.162.0, resources.GetRemote enforces security.http.urls on the URL it is called with, but it did not re-validate intermediate URLs on HTTP 3xx redirects. An allowed server or an attacker controlling its DNS or response could therefore redirect t...

6.3CVSS0.00024EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2 hours ago3 views

CVE-2026-50134

Hugo is a static site generator. From 0.91.0 until 0.162.0, resources.GetRemote enforces security.http.urls on the URL it is called with, but it did not re-validate intermediate URLs on HTTP 3xx redirects. An allowed server or an attacker controlling its DNS or response could therefore redirect t...

6.3CVSS5.9AI score0.00024EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2 hours ago12 views

CVE-2026-50134

CVE-2026-50134 (Hugo) affects Hugo versions 0.91.0 through 0.161.1, where resources.GetRemote did not re-validate intermediate URLs on HTTP 3xx redirects despite enforcing security.http.urls on the initial URL. This allowed a redirect to an allowed host (or an attacker-controlled DNS/response) th...

6.3CVSS5.9AI score0.00024EPSS
Exploits0References3
EUVD
EUVD
added 2 hours ago2 views

EUVD-2026-41916

Hugo is a static site generator. From 0.91.0 until 0.162.0, resources.GetRemote enforces security.http.urls on the URL it is called with, but it did not re-validate intermediate URLs on HTTP 3xx redirects. An allowed server or an attacker controlling its DNS or response could therefore redirect t...

6.3CVSS5.9AI score0.00024EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 3 hours ago2 views

CVE-2026-9547

A flaw was found in curl. When a libcurl-based application uses SCP:// or SFTP:// for transfers and employs the CURLOPTSSHKEYFUNCTION callback, it may silently accept an untrusted server. This occurs if the server's host key type differs from the one stored in the knownhosts file. The callback...

7.4CVSS5.8AI score0.00187EPSS
Exploits0References6
Cvelist
Cvelist
added 3 hours ago3 views

CVE-2026-41514 OP-TEE: RSA-OAEP padding oracle in Hisilicon HPRE driver enables plaintext recovery

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 4.5.0 and prior to version 4.11.0, the RSA-OAEP decryption implementation in the Hisilicon HPRE crypto driver uses...

2.5CVSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 3 hours ago2 views

CVE-2026-41514

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 4.5.0 and prior to version 4.11.0, the RSA-OAEP decryption implementation in the Hisilicon HPRE crypto driver uses...

2.5CVSS6AI score
Exploits0References2Affected Software1
CVE
CVE
added 3 hours ago4 views

CVE-2026-41514

OP-TEE affects Cortex-A TrustZone, with RSA-OAEP decryption in the Hisilicon HPRE driver vulnerable from v4.5.0 up to v4.11.0 due to non-constant-time memcmp() in label hash verification and multiple distinct error paths. This creates a padding oracle allowing plaintext recovery on ~1,000–2,000 a...

2.5CVSS6AI score
Exploits0References1
EUVD
EUVD
added 3 hours ago3 views

EUVD-2026-41917

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 4.5.0 and prior to version 4.11.0, the RSA-OAEP decryption implementation in the Hisilicon HPRE crypto driver uses...

2.5CVSS6AI score
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 6 hours ago2 views

Security Bulletin: Due to the use of OpenSSL, IBM EntireX is vulnerable to multiple vulnerabilities

Summary Due to the use of OpenSSL, IBM EntireX is vulnerable to multiple vulnerabilities CVE-2026-7383, CVE-2026-9076, CVE-2026-34180, CVE-2026-34181, CVE-2026-34182, CVE-2026-34183, CVE-2026-42764, CVE-2026-42766, CVE-2026-42767, CVE-2026-42768, CVE-2026-42769, CVE-2026-42770, CVE-2026-45445,...

9.1CVSS6.9AI score0.02719EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 8 hours ago2 views

Security Bulletin: IBM SPSS Modeler is affected by multiple vulnerabilities in DataView

Summary IBM SPSS Modeler is affected by multiple vulnerabilities in DataView. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2019-16869 DESCRIPTION: Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers such as a "Transfer-Encoding :...

9.1CVSS6.9AI score0.18891EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 8 hours ago2 views

Security Bulletin: IBM Engineering Requirements Management DOORS and DOORS Web Access is affected by multiple vulnerabilities

Summary This release addresses multiple security vulnerabilities across various components of IBM Engineering Requirements Management DOORS and DOORS Web Access product. Many vulnerabilities are rated Critical CVSS ≥ 9.0,including Tomcat CLIENTCERT Improper Authentication CVE-2026-29145,...

9.8CVSS7.3AI score0.66537EPSS
Exploits9Affected Software2
The Hacker News
The Hacker News
added 9 hours ago6 views

⚡ Weekly Recap: Proxy Botnets, Browser Ransomware, AI Agent Tricks, Fake PoC Malware and More

A streaming box should not need a threat model. Neither should a username field, a demo repo, a reset flow, or a browser permission prompt. That is the irritating part this week: the risky pieces were ordinary. Home devices became a routing cover. Clean code pulled dirt from a dependency. Identit...

6.4AI score
Exploits0
GithubExploit
GithubExploit
added 9 hours ago26 views

Exploit for Path Traversal in Adobe Coldfusion

CVE-2026-48282-POC CVE-2026-48282 is a path traversal...

10CVSS6.4AI score0.01021EPSS
Exploits2
IBM Security Bulletins
IBM Security Bulletins
added 9 hours ago2 views

Security Bulletin: Eclipse IDE versions 2023-09 (4.29) is vulnerable to external attack

Summary A vulnerability in Eclipse IDE version 2023-09 4.29 was found. The IBM Enterprise Records configuration manager tool was using Eclipse IDE to help present the user interface for customers to configure their software. Vulnerability Details CVEID:CVE-2023-4218 DESCRIPTION: In Eclipse IDE...

5CVSS5.9AI score0.00386EPSS
Exploits1Affected Software1
GithubExploit
GithubExploit
added 9 hours ago23 views

Exploit for Improperly Controlled Modification of Dynamically-Determined Object Attributes in Apache Camel

camel-coap Header Injection → RCE Vulnerability Reproducer CV...

10CVSS6.3AI score0.06157EPSS
Exploits2
Rows per page
Query Builder