Lucene search
+L

12665 matches found

osv
osv
added 2026/07/01 12:21 p.m.15 views

MAL-2026-6722 Malicious code in date-fns-lite (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4694a079d83e33dcee7f87140c41737009d9f0b19f351c23f2ae3dbce9a47a51 [email protected] presents as a lightweight date-formatting utility but ships a malicious postinstall.js that runs automatically on npm install. T...

5.9AI score
Exploits0References13
nvd
nvd
added 2026/07/01 11:16 a.m.12 views

CVE-2026-14258

A flaw was found in dhcpcd's IPv6 Neighbor Discovery Router Advertisement processing. A specially crafted IPv6 Router Advertisement containing a zero-length Neighbor Discovery option can bypass validation during packet storage and later be reparsed without adequate validation, causing the parser ...

6.5CVSS0.00248EPSS
Exploits0References4
osv
osv
added 2026/07/01 11:16 a.m.4 views

DEBIAN-CVE-2026-14258

A flaw was found in dhcpcd's IPv6 Neighbor Discovery Router Advertisement processing. A specially crafted IPv6 Router Advertisement containing a zero-length Neighbor Discovery option can bypass validation during packet storage and later be reparsed without adequate validation, causing the parser ...

6.5CVSS5.7AI score0.00248EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/07/01 9:24 a.m.8 views

CVE-2026-14258

A flaw was found in dhcpcd's IPv6 Neighbor Discovery Router Advertisement processing. A specially crafted IPv6 Router Advertisement containing a zero-length Neighbor Discovery option can bypass validation during packet storage and later be reparsed without adequate validation, causing the parser ...

6.5CVSS5.7AI score0.00248EPSS
Exploits0References5
cve
cve
added 2026/07/01 9:24 a.m.27 views

CVE-2026-14258

CVE-2026-14258 affects dhcpcd’s IPv6 Neighbor Discovery Router Advertisement processing. A specially crafted IPv6 Router Advertisement with a zero-length ND option bypasses validation during packet storage and is reparsed with inadequate validation, causing the parser to enter a non-advancing loo...

6.5CVSS5.7AI score0.00248EPSS
Exploits0References4
debiancve
debiancve
added 2026/07/01 9:24 a.m.6 views

CVE-2026-14258

A flaw was found in dhcpcd's IPv6 Neighbor Discovery Router Advertisement processing. A specially crafted IPv6 Router Advertisement containing a zero-length Neighbor Discovery option can bypass validation during packet storage and later be reparsed without adequate validation, causing the parser ...

6.5CVSS5.7AI score0.00248EPSS
Exploits0
osv
osv
added 2026/07/01 9:24 a.m.6 views

CVE-2026-14258 Dhcpcd: dhcpcd infinite loop and out-of-bounds read via zero-length ipv6 nd option in router advertisement handling

A flaw was found in dhcpcd's IPv6 Neighbor Discovery Router Advertisement processing. A specially crafted IPv6 Router Advertisement containing a zero-length Neighbor Discovery option can bypass validation during packet storage and later be reparsed without adequate validation, causing the parser ...

6.5CVSS5.8AI score0.00248EPSS
Exploits0References7
circl
circl
added 2026/07/01 2:48 a.m.10 views

CVE-2026-53218

creationtimestamp| type| source ---|---|--- 2026-07-01 02:48:48+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0812 2026-07-03 15:50:35+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpqvleegfg2u 2026-07-06 06:51:02+00:00| seen|...

5.5CVSS5.9AI score0.00128EPSS
Exploits0References3
nvd
nvd
added 2026/06/30 8:17 p.m.6 views

CVE-2026-11714

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.7 is affected by a server-side request forgery vulnerability with the apiDiscovery-1.0 feature enabled...

9.8CVSS0.00203EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/30 7:44 p.m.36 views

CVE-2026-11714 IBM WebSphere Application Server Liberty is affected by an authorization bypass vulnerability

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.7 is affected by a server-side request forgery vulnerability with the apiDiscovery-1.0 feature enabled...

8.5CVSS0.00203EPSS
Exploits0References1
euvd
euvd
added 2026/06/30 7:44 p.m.7 views

EUVD-2026-40395

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.7 is affected by a server-side request forgery vulnerability with the apiDiscovery-1.0 feature enabled...

8.5CVSS5.8AI score0.00203EPSS
Exploits0References1
cve
cve
added 2026/06/30 7:44 p.m.20 views

CVE-2026-11714

IBM WebSphere Application Server Liberty versions 17.0.0.3 through 26.0.0.7 are affected by a server-side request forgery (SSRF) vulnerability in the apiDiscovery-1.0 feature. The issue is identified as CVE-2026-11714; IBM’s bulletin reports CVSS v3.1 base score 8.5 (PR:L, S:C, C:H/I:L/A:N). The ...

9.8CVSS5.8AI score0.00203EPSS
Exploits0References1Affected Software1
osv
osv
added 2026/06/30 6:38 p.m.8 views

GHSA-F5MR-Q85P-6HH6 Fulcio has OIDC Discovery Redirect Following Allows SSRF and JWKS Substitution for Meta-Issuer Paths, with Kubernetes Service-Account Token Leakage

Impact Three security vulnerabilities were identified in the OIDC Discovery client: 1. Blind Server-Side Request Forgery SSRF via Cross-Host Redirects: Fulcio uses an HTTP client to fetch OIDC discovery metadata /.well-known/openid-configuration. Prior to this fix, if a configured issuer returned...

8.7CVSS5.5AI score
Exploits0References2
circl
circl
added 2026/06/30 5:52 p.m.11 views

CVE-2026-58171

creationtimestamp| type| source ---|---|--- 2026-06-30 17:52:54+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpjkzcp3tf2u 2026-07-02 05:55:05+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpndtlgxfx26...

4.2CVSS5.8AI score0.00253EPSS
Exploits0References2
mssecure
mssecure
added 2026/06/30 4:0 p.m.21 views

​​What’s new in Microsoft Security: June 2026

As organizations scale AI and agents across environments, security teams need protection that covers every surface. The Microsoft vision is simple: security should be ambient and autonomous, just like the AI it protects. This month’s updates help security and IT teams strengthen identity and...

6AI score
Exploits0
patchstack
patchstack
added 2026/06/30 11:11 a.m.6 views

WordPress Kirki plugin <= 6.0.11 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by VanTastic in WordPress Plugin Kirki versions = 6.0.11...

6.5CVSS5.8AI score0.00253EPSS
Exploits0Affected Software1
circl
circl
added 2026/06/30 9:59 a.m.8 views

EDB-49596

creationtimestamp| type| source ---|---|--- 2026-06-30 09:59:19+00:00| exploited| https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/d427f850-ca73-47b1-a197-076356bb3659...

5.8AI score
Exploits0References1
patchstack
patchstack
added 2026/06/30 9:4 a.m.10 views

WordPress Export User Data plugin <= 2.2.6 - Authenticated (Subscriber+) PHP Object Injection to Arbitrary File Deletion vulnerability

Authenticated Subscriber+ PHP Object Injection to Arbitrary File Deletion vulnerability discovered by Webbernaut in WordPress Plugin Export User Data versions = 2.2.6...

8CVSS5.8AI score0.00341EPSS
Exploits0References1Affected Software1
ptsecurity
ptsecurity
added 2026/06/30 12:0 a.m.6 views

PT-2026-54443

Name of the Vulnerable Software and Affected Versions Fulcio versions prior to 1.8.6 Description Three security issues were identified in the OIDC Discovery client. First, a blind Server-Side Request Forgery SSRF occurs because the HTTP client used to fetch OIDC discovery metadata from the...

8.7CVSS5.8AI score
Exploits0References5
attackerkb
attackerkb
added 2026/06/29 10:9 p.m.12 views

CVE-2026-7656

The IPv6 Neighbor Discovery handlers in subsys/net/ip/ipv6nbr.c handlerainput, handlensinput, handlenainput used an incorrect boolean expression that combined the RFC 4861 validity checks with the ICMPv6 code check using the wrong operator precedence: the form was 'length/hop/source/target checks...

8.1CVSS6.2AI score0.00205EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder