Lucene search
K

31648 matches found

Cvelist
Cvelist
added 9 hours ago8 views

CVE-2026-15076

In versions up to and including 4.5.29 4.x branch and 5.1.4 5.x branch, the WebClientSession component of Eclipse Vert.x Web Client does not validate that the Domain attribute of a Set-Cookie response header matches the originating server's domain, in violation of RFC 6265 section 5.3. An attacke...

8.2CVSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 9 hours ago4 views

CVE-2026-15076

In versions up to and including 4.5.29 4.x branch and 5.1.4 5.x branch, the WebClientSession component of Eclipse Vert.x Web Client does not validate that the Domain attribute of a Set-Cookie response header matches the originating server's domain, in violation of RFC 6265 section 5.3. An attacke...

8.2CVSS6.1AI score
Exploits0References2Affected Software1
EUVD
EUVD
added 9 hours ago5 views

EUVD-2026-43637

In versions up to and including 4.5.29 4.x branch and 5.1.4 5.x branch, the WebClientSession component of Eclipse Vert.x Web Client does not validate that the Domain attribute of a Set-Cookie response header matches the originating server's domain, in violation of RFC 6265 section 5.3. An attacke...

8.2CVSS6.1AI score
Exploits0References1
CVE
CVE
added 9 hours ago10 views

CVE-2026-15076

Vulnerability context: CVE-2026-15076 affects Eclipse Vert.x Web Client’s WebClientSession (versions up to 4.5.29 and 5.1.4). The issue is that the Domain attribute of a Set-Cookie header is not validated against the originating server’s domain. Root cause: WebClientSession stores cookies without...

8.2CVSS6.1AI score
Exploits0References1
EUVD
EUVD
added 17 hours ago5 views

EUVD-2026-43555

CrewAI before 1.15.1 contains a server-side request forgery vulnerability in the validateurl function that performs one-shot DNS resolution and blocklist checks before returning the original URL unchanged. Attackers can bypass the security filter by supplying URLs that redirect to internal...

8.3CVSS6.1AI score
Exploits0References6
CVE
CVE
added yesterday6 views

CVE-2026-62240

CVE-2026-62240 overview : CrewAI before 1.15.1 is affected by a server-side request forgery in the validate_url function, which performs one-shot DNS resolution and blocklist checks before returning the original URL unchanged. An attacker can bypass the security filter by providing URLs that redi...

8.3CVSS6.1AI score
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added yesterday6 views

Security Bulletin: Vulnerability in follow-redirects bundled with IBM Fusion and IBM Fusion HCI

Summary IBM Fusion and IBM Fusion HCI include the follow-redirects library, which is affected by an information exposure vulnerability. CVE-2026-40895 Vulnerability Details CVEID:CVE-2026-40895 DESCRIPTION: follow-redirects is an open source, drop-in replacement for Node's http and https modules...

7.5CVSS7AI score0.00486EPSS
Exploits0Affected Software2
Circl
Circl
added yesterday5 views

CVE-2026-12275

creationtimestamp| type| source ---|---|--- 2026-07-13 07:43:13+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqj6z3gyqz22 2026-07-14 00:00:15+00:00| seen| https://bsky.app/profile/pulse-wp.com/post/3mqkvm5egav2z 2026-07-14 03:16:08+00:00| seen|...

7.1CVSS6.1AI score0.00132EPSS
Exploits0References3
Circl
Circl
added yesterday5 views

CVE-2026-15527

creationtimestamp| type| source ---|---|--- 2026-07-13 07:17:55+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqj5ltowjg26 2026-07-13 08:15:14+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-15527...

5.3CVSS6.2AI score0.0014EPSS
Exploits0References2
NVD
NVD
added 2 days ago9 views

CVE-2026-56336

Capgo before 12.128.2 contains an information disclosure vulnerability in the unauthenticated /private/sso/check-domain endpoint that returns internal orgid and providerid values. Attackers can enumerate email domains to build mappings of domains to organization UUIDs and SSO provider identifiers...

6.9CVSS0.00205EPSS
Exploits0References2
OSV
OSV
added 2 days ago3 views

CVE-2026-56336 Capgo - Information Disclosure via Unauthenticated SSO check-domain Endpoint

Capgo before 12.128.2 contains an information disclosure vulnerability in the unauthenticated /private/sso/check-domain endpoint that returns internal orgid and providerid values. Attackers can enumerate email domains to build mappings of domains to organization UUIDs and SSO provider identifiers...

6.9CVSS6.1AI score0.00205EPSS
Exploits0References4
EUVD
EUVD
added 2 days ago7 views

EUVD-2026-43232

Capgo before 12.128.2 contains an information disclosure vulnerability in the unauthenticated /private/sso/check-domain endpoint that returns internal orgid and providerid values. Attackers can enumerate email domains to build mappings of domains to organization UUIDs and SSO provider identifiers...

6.9CVSS6.1AI score0.00205EPSS
Exploits0References2
CVE
CVE
added 2 days ago17 views

CVE-2026-56336

Capgo before 12.128.2 contains an information-disclosure vulnerability in the unauthenticated /private/sso/check-domain endpoint that returns internal org_id and provider_id values. Attackers can enumerate email domains to map domains to organization UUIDs and SSO provider identifiers, enabling r...

6.9CVSS6.1AI score0.00205EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago33 views

CVE-2026-15485 TRENDnet TEW-821DAP DNS Lookup tools_nslookup sub_43F2C4 os command injection

A flaw has been found in TRENDnet TEW-821DAP 1.11B03. The impacted element is the function sub43F2C4 of the file /goform/toolsnslookup of the component DNS Lookup Handler. This manipulation of the argument nslookuptarget/dnsserver causes os command injection. The attack can be initiated remotely...

6.5CVSS0.0105EPSS
Exploits0References5
EUVD
EUVD
added 2 days ago9 views

EUVD-2026-43207

A flaw has been found in TRENDnet TEW-821DAP 1.11B03. The impacted element is the function sub43F2C4 of the file /goform/toolsnslookup of the component DNS Lookup Handler. This manipulation of the argument nslookuptarget/dnsserver causes os command injection. The attack can be initiated remotely...

6.5CVSS6.5AI score0.0105EPSS
Exploits0References5
Circl
Circl
added 2 days ago9 views

CVE-2026-15479

creationtimestamp| type| source ---|---|--- 2026-07-12 06:51:34+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqglnsnr7y2f 2026-07-12 07:54:11+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqgp5rf2tg2q...

7.5CVSS7AI score0.00278EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago9 views

EUVD-2026-43178

PraisonAI versions before 1.6.78 contain a server-side request forgery vulnerability in the Crawl4AI/Chromium backend that allows attackers to bypass SSRF validation by exploiting DNS rebinding and HTTP redirects. Attackers can craft URLs that resolve to internal services after the initial...

8.5CVSS6.1AI score0.00221EPSS
Exploits0References2
NVD
NVD
added 3 days ago7 views

CVE-2026-3367

The Lockme OAuth2 calendars integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'App ID' setting in all versions up to, and including, 2.11.0. This is due to insufficient input sanitization and output escaping. The registersetting call on line 197 lacks a sanitiz...

4.4CVSS0.00256EPSS
Exploits0References14
Circl
Circl
added 3 days ago7 views

CVE-2026-49394

creationtimestamp| type| source ---|---|--- 2026-07-11 02:54:46+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqdnxgp6ki2c...

7.1CVSS6.1AI score0.00307EPSS
Exploits0References1
CVE
CVE
added 3 days ago10 views

CVE-2026-3367

The CVE-2026-3367 entry concerns the WordPress plugin Lockme Cal­endars Integration (

4.4CVSS6.2AI score0.00256EPSS
Exploits0References14
Rows per page
Query Builder