31648 matches found
CVE-2026-15076
In versions up to and including 4.5.29 4.x branch and 5.1.4 5.x branch, the WebClientSession component of Eclipse Vert.x Web Client does not validate that the Domain attribute of a Set-Cookie response header matches the originating server's domain, in violation of RFC 6265 section 5.3. An attacke...
CVE-2026-15076
In versions up to and including 4.5.29 4.x branch and 5.1.4 5.x branch, the WebClientSession component of Eclipse Vert.x Web Client does not validate that the Domain attribute of a Set-Cookie response header matches the originating server's domain, in violation of RFC 6265 section 5.3. An attacke...
CVE-2026-15076
Vulnerability context: CVE-2026-15076 affects Eclipse Vert.x Web Client’s WebClientSession (versions up to 4.5.29 and 5.1.4). The issue is that the Domain attribute of a Set-Cookie header is not validated against the originating server’s domain. Root cause: WebClientSession stores cookies without...
EUVD-2026-43637
In versions up to and including 4.5.29 4.x branch and 5.1.4 5.x branch, the WebClientSession component of Eclipse Vert.x Web Client does not validate that the Domain attribute of a Set-Cookie response header matches the originating server's domain, in violation of RFC 6265 section 5.3. An attacke...
EUVD-2026-43555
CrewAI before 1.15.1 contains a server-side request forgery vulnerability in the validateurl function that performs one-shot DNS resolution and blocklist checks before returning the original URL unchanged. Attackers can bypass the security filter by supplying URLs that redirect to internal...
CVE-2026-62240
CVE-2026-62240 overview : CrewAI before 1.15.1 is affected by a server-side request forgery in the validate_url function, which performs one-shot DNS resolution and blocklist checks before returning the original URL unchanged. An attacker can bypass the security filter by providing URLs that redi...
Security Bulletin: Vulnerability in follow-redirects bundled with IBM Fusion and IBM Fusion HCI
Summary IBM Fusion and IBM Fusion HCI include the follow-redirects library, which is affected by an information exposure vulnerability. CVE-2026-40895 Vulnerability Details CVEID:CVE-2026-40895 DESCRIPTION: follow-redirects is an open source, drop-in replacement for Node's http and https modules...
CVE-2026-12275
creationtimestamp| type| source ---|---|--- 2026-07-13 07:43:13+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqj6z3gyqz22 2026-07-14 00:00:15+00:00| seen| https://bsky.app/profile/pulse-wp.com/post/3mqkvm5egav2z 2026-07-14 03:16:08+00:00| seen|...
CVE-2026-15527
creationtimestamp| type| source ---|---|--- 2026-07-13 07:17:55+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqj5ltowjg26 2026-07-13 08:15:14+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-15527...
CVE-2026-56336
Capgo before 12.128.2 contains an information disclosure vulnerability in the unauthenticated /private/sso/check-domain endpoint that returns internal orgid and providerid values. Attackers can enumerate email domains to build mappings of domains to organization UUIDs and SSO provider identifiers...
CVE-2026-56336 Capgo - Information Disclosure via Unauthenticated SSO check-domain Endpoint
Capgo before 12.128.2 contains an information disclosure vulnerability in the unauthenticated /private/sso/check-domain endpoint that returns internal orgid and providerid values. Attackers can enumerate email domains to build mappings of domains to organization UUIDs and SSO provider identifiers...
EUVD-2026-43232
Capgo before 12.128.2 contains an information disclosure vulnerability in the unauthenticated /private/sso/check-domain endpoint that returns internal orgid and providerid values. Attackers can enumerate email domains to build mappings of domains to organization UUIDs and SSO provider identifiers...
CVE-2026-56336
Capgo before 12.128.2 contains an information-disclosure vulnerability in the unauthenticated /private/sso/check-domain endpoint that returns internal org_id and provider_id values. Attackers can enumerate email domains to map domains to organization UUIDs and SSO provider identifiers, enabling r...
CVE-2026-15485 TRENDnet TEW-821DAP DNS Lookup tools_nslookup sub_43F2C4 os command injection
A flaw has been found in TRENDnet TEW-821DAP 1.11B03. The impacted element is the function sub43F2C4 of the file /goform/toolsnslookup of the component DNS Lookup Handler. This manipulation of the argument nslookuptarget/dnsserver causes os command injection. The attack can be initiated remotely...
EUVD-2026-43207
A flaw has been found in TRENDnet TEW-821DAP 1.11B03. The impacted element is the function sub43F2C4 of the file /goform/toolsnslookup of the component DNS Lookup Handler. This manipulation of the argument nslookuptarget/dnsserver causes os command injection. The attack can be initiated remotely...
CVE-2026-15479
creationtimestamp| type| source ---|---|--- 2026-07-12 06:51:34+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqglnsnr7y2f 2026-07-12 07:54:11+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqgp5rf2tg2q...
EUVD-2026-43178
PraisonAI versions before 1.6.78 contain a server-side request forgery vulnerability in the Crawl4AI/Chromium backend that allows attackers to bypass SSRF validation by exploiting DNS rebinding and HTTP redirects. Attackers can craft URLs that resolve to internal services after the initial...
CVE-2026-3367
The Lockme OAuth2 calendars integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'App ID' setting in all versions up to, and including, 2.11.0. This is due to insufficient input sanitization and output escaping. The registersetting call on line 197 lacks a sanitiz...
CVE-2026-49394
creationtimestamp| type| source ---|---|--- 2026-07-11 02:54:46+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqdnxgp6ki2c...
CVE-2026-3367
The CVE-2026-3367 entry concerns the WordPress plugin Lockme Calendars Integration (