Lucene search
K

57 matches found

CNNVD
CNNVD
added 2026/06/10 12:0 a.m.14 views

Splunk Enterprise 输入验证错误漏洞

Splunk Cloud Platform and Splunk Enterprise are both products of the American company Splunk. Splunk Cloud Platform is a powerful service for data collection, processing, and analysis. Splunk Enterprise is a suite of software for data collection and analysis. There is an input validation...

5.7CVSS5.9AI score0.00247EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.10 views

Splunk Enterprise 服务端请求伪造漏洞

Splunk Cloud Platform and Splunk Enterprise are both products of the American company Splunk. Splunk Cloud Platform is a powerful service for data collection, processing, and analysis. Splunk Enterprise is a suite of software for data collection and analysis. There are code vulnerabilities in...

7.6CVSS6AI score0.00255EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.15 views

CVE-2026-45108

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 2.0.0 to before 3.1.5 and 2.3.11, Himmelblau contained an authentication bypass vulnerability in the Device Authorization Grant DAG flow that allowed a user within the same Entra ID domain to obtain a local Unix...

8.4CVSS5.5AI score0.00246EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.10 views

Hackney 安全漏洞

Hackney is a program library from Hackney, Inc. A security vulnerability exists in hackney versions prior to 3.1.1 through 4.0.1, which stems from a failure to perform cross-domain checks in the HTTP/3 redirect handler, potentially leading to the disclosure of sensitive data...

6.1CVSS5.8AI score0.00348EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/05/18 12:0 a.m.8 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-tornado (UTSA-2026-021488)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021488 advisory. In Tornado before 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments to .RequestHandler.setcookie were not checked for...

7.2CVSS5.8AI score0.00237EPSS
Exploits0References4
NVD
NVD
added 2026/04/24 6:16 p.m.4 views

CVE-2026-41321

@astrojs/cloudflare is an SSR adapter for use with Cloudflare Workers targets. Prior to 13.1.10, the fetch call for remote images in packages/integrations/cloudflare/src/utils/image-binding-transform.ts uses the default redirect: 'follow' behavior. This allows the Cloudflare Worker to follow HTTP...

2.2CVSS0.00199EPSS
Exploits0References1
NVD
NVD
added 2026/04/23 7:17 p.m.5 views

CVE-2026-41259

Mastodon is a free, open-source social network server based on ActivityPub. Prior to v4.5.9, v4.4.16, and v4.3.22, Mastodon allows restricting new user sign-up based on e-mail domain names, and performs basic validation on e-mail addresses, but fails to restrict characters that are interpreted...

8.2CVSS0.00213EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/21 7:11 p.m.6 views

Incorrect Authorization

Overview github.com/oauth2-proxy/oauth2-proxy is a reverse proxy that provides authentication with Google, Github or other providers. Affected versions of this package are vulnerable to Incorrect Authorization in the email domain validation. An attacker can gain unauthorized access by submitting ...

7.6CVSS5.5AI score0.00209EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/21 4:32 p.m.3 views

CVE-2026-40574 OAuth2 Proxy has an Authorization Bypass in Email Domain Validation via Malformed Multi-@ Email Claims

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Prior to 7.15.2, an authorization bypass exists in OAuth2 Proxy as part of the emaildomain enforcement option. An attacker may be able to authenticate with an email claim such as [email protected]@company.com and...

6.8CVSS5.7AI score0.00209EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.9 views

OAuth2 Proxy 安全漏洞

OAuth2 Proxy is a product offered by OAuth2 Proxy organizations that can provide a reverse proxy for authentication with Google, Github, or other providers. Versions of OAuth2 Proxy prior to 7.15.2 had security vulnerabilities. These vulnerabilities stemmed from the emaildomain enforcement option...

6.8CVSS5.8AI score0.00209EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/15 12:0 a.m.5 views

PT-2026-33223

Name of the Vulnerable Software and Affected Versions OAuth2 Proxy versions prior to 7.15.2 Description An authorization bypass exists within the email domain enforcement option. An attacker can authenticate using a malformed email claim, such as [email protected]@company.com, to satisfy an allow...

6.8CVSS5.8AI score0.00209EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/02/25 12:0 a.m.9 views

PT-2026-22062

Name of the Vulnerable Software and Affected Versions Astro versions 9.0.0 through 9.5.3 Description Astro’s image pipeline contains a flaw that allows bypassing image.domains / image.remotePatterns restrictions, enabling the server to fetch content from unauthorized remote hosts. The inferSize...

6.5CVSS5.6AI score0.00281EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.9 views

Claude Code 输入验证错误漏洞

Claude Code is an open-source proxy encoding tool developed by Anthropic. Versions of Claude Code prior to 1.0.111 contained a vulnerability related to input validation errors. This vulnerability stemmed from the insufficient URL validation in the trusted domain verification mechanism of WebFetch...

7.4CVSS5.8AI score0.00338EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/11/13 12:0 a.m.7 views

Siemens SIMATIC S7-1500 and Ruggedcom ROX Devices Improper Input Validation (CVE-2023-46218)

This flaw allows a malicious HTTP server to set super cookies in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by exploiting a mix...

6.5CVSS6.2AI score0.01685EPSS
Exploits1References7
AstraLinux
AstraLinux
added 2025/11/01 10:54 a.m.4 views

Astra Linux – Vulnerability in Firefox and Thunderbird

Firefox may have incorrectly parsed a URL and reverted it to the youtube.com domain during parsing of the URL specified in an embed tag. This could have bypassed website security checks that restrict which domains users are allowed to embed. This vulnerability was fixed in Firefox 140, Firefox ES...

6.5CVSS6.6AI score0.00285EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/10/07 12:0 a.m.3 views

Unity Linux 20.1070a Security Update: firefox (UTSA-2025-987436)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987436 advisory. Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an embed tag. This could have bypassed websi...

6.5CVSS7.1AI score0.00285EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-12102

Malicious code in bioql PyPI...

7.5CVSS6.8AI score0.00745EPSS
Exploits0References7
Cvelist
Cvelist
added 2025/09/30 12:0 a.m.7 views

CVE-2025-56200

A URL validation bypass vulnerability exists in validator.js through version 13.15.15. The isURL function uses '://' as a delimiter to parse protocols, while browsers use ':' as the delimiter. This parsing difference allows attackers to bypass protocol and domain validation by crafting URLs leadi...

0.00309EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2025/09/04 7:24 p.m.9 views

Server-Side Request Forgery via /_image endpoint in Astro Cloudflare adapter

Summary When using Astro's Cloudflare adapter @astrojs/cloudflare configured with output: 'server' while using the default imageService: 'compile', the generated image optimization endpoint doesn't check the URLs it receives, allowing content from unauthorized third-party domains to be served...

7.2CVSS6AI score0.00773EPSS
Exploits1References4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/01 2:52 p.m.6 views

Security Bulletin: A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, which affects IBM watsonx.data

Summary A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. These can affect watsonx.data. Vulnerability Details CVEID:CVE-2025-27820 DESCRIPTION: A bug in PSL validation...

7.5CVSS6.7AI score0.00745EPSS
Exploits0Affected Software1
Rows per page
Query Builder