Lucene search
K

17 matches found

NVD
NVD
added 2026/05/08 2:16 p.m.8 views

CVE-2026-41423

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.21, 20.3.19, 21.2.9, and 22.0.0-next.8, a Server-Side Request Forgery SSRF vulnerability exists in @angular/platform-server due to improper...

8.7CVSS0.00256EPSS
Exploits0References3
Wiz blog
Wiz blog
added 2026/04/14 1:0 p.m.10 views

Securing the AI Edge: Wiz and Cloudflare Integrate for End-to-End AI Protection

Gain a unified view of AI application endpoints and DNS exposure across your environment, including which are protected by Cloudflare and which need to be secured...

5.8AI score
Exploits0
CNVD
CNVD
added 2026/04/10 12:0 a.m.9 views

IBM DataPower Gateway Information Disclosure Vulnerability (CNVD-2026-19179)

IBM DataPower Gateway is a suite of International Business Machines IBM security and integration platforms designed specifically for mobile, cloud, application programming interfaces APIs, web, service-oriented architecture SOA, B2B and cloud workloads. The platform protects, integrates and...

6.8CVSS5.8AI score0.00252EPSS
Exploits0
Cvelist
Cvelist
added 2025/12/13 8:16 a.m.24 views

CVE-2025-36753 SWD Interface Open on Growatt ShineLan-X

The SWD debug interface on the Growatt ShineLan-X communication dongle is available by default, allowing an attacker to attain debug access to the device and to extracting secrets or domains from within the device...

8.6CVSS0.00274EPSS
Exploits0References1
OSV
OSV
added 2025/10/31 12:15 p.m.1 views

UBUNTU-CVE-2025-58149

When passing through PCI devices, the detach logic in libxl won't remove access permissions to any 64bit memory BARs the device might have. As a result a domain can still have access any 64bit memory BAR when such device is no longer assigned to the domain. For PV domains the permission leak allo...

7.5CVSS5.8AI score0.004EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/10/31 12:0 a.m.3 views

PT-2025-44620

Name of the Vulnerable Software and Affected Versions libxl affected versions not specified Description The detach logic in libxl does not remove access permissions to 64-bit memory BARs when passing through PCI devices. This can allow a domain to retain access to these memory BARs even after the...

8.8CVSS6.4AI score0.004EPSS
Exploits0References27
Tenable Nessus
Tenable Nessus
added 2025/08/15 12:0 a.m.5 views

Ollama <= 0.9.6 Cross-Domain Token Exposure

The version of Ollama installed on the remote host is 0.9.6 or earlier. It is, therefore, affected by a vulnerability. Cross-Domain Token Exposure in server.auth.getAuthorizationToken in Ollama 0.9.6 allows remote attackers to steal authentication tokens and bypass access controls via a malicious...

6.9CVSS7.5AI score0.03837EPSS
Exploits2References2
PyPA
PyPA
added 2025/07/22 7:15 p.m.13 views

PYSEC-2025-147

Cross-Domain Token Exposure in server.auth.getAuthorizationToken in Ollama 0.6.7 allows remote attackers to steal authentication tokens and bypass access controls via a malicious realm value in a WWW-Authenticate header returned by the /api/pull endpoint...

6.9CVSS6.5AI score0.03837EPSS
Exploits2References4Affected Software1
OSV
OSV
added 2025/07/22 7:15 p.m.3 views

CVE-2025-51471

Cross-Domain Token Exposure in server.auth.getAuthorizationToken in Ollama 0.6.7 allows remote attackers to steal authentication tokens and bypass access controls via a malicious realm value in a WWW-Authenticate header returned by the /api/pull endpoint...

6.9CVSS7.2AI score0.03837EPSS
Exploits2References4
Positive Technologies
Positive Technologies
added 2025/07/22 12:0 a.m.3 views

PT-2025-30449

Name of the Vulnerable Software and Affected Versions Ollama version 0.6.7 Description A cross-domain token exposure exists in the server.auth.getAuthorizationToken function. This allows remote attackers to steal authentication tokens and bypass access controls by exploiting a malicious realm val...

6.9CVSS7.9AI score0.03837EPSS
Exploits2References18
Pen Test Partners Blog
Pen Test Partners Blog
added 2025/03/04 6:24 a.m.10 views

DNSSEC NSEC. The accidental treasure map to your subdomains

TL;DR: DNSSEC secures DNS but may unintentionally expose domain structures via NSEC/NSEC3 records, enabling zone walking to enumerate subdomains. NSEC openly lists domain names, making enumeration easy. NSEC3 hashes names, making enumeration harder, but attackers can still crack weak...

6.9AI score
Exploits0
CNNVD
CNNVD
added 2024/05/16 12:0 a.m.2 views

Intel Dynamic Tuning Technology 安全漏洞

Intel Dynamic Tuning Technology is a technology from Intel Corporation that enables smarter and more efficient performance management by dynamically tuning processor and system performance parameters. A security vulnerability exists in Intel Dynamic Tuning Technology, which arises from an issue...

7.9CVSS6.4AI score0.00187EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/07/25 12:0 a.m.2 views

Apache InLong 安全漏洞

Apache InLong is the U.S. Apache Apache Foundation's one-stop massive data integration framework. It provides automated, secure, and reliable data transfer capabilities. Apache Software Foundation A security vulnerability exists in Apache InLong versions 1.4.0 through 1.7.0, which stems from a...

6.5CVSS6.4AI score0.00933EPSS
Exploits0References3
OSV
OSV
added 2022/11/01 1:52 p.m.5 views

USN-5709-1 firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. CVE-2022-42927, CVE-2022-42928,...

8.8CVSS6.9AI score0.0083EPSS
Exploits0References7
CNNVD
CNNVD
added 2022/10/10 12:0 a.m.10 views

Fortinet FortiManager和FortiAnalyzer 安全漏洞

Fortinet FortiManager and Fortinet FortiAnalyzer, both from Fortinet, are a centralized network security management platform. Fortinet FortiAnalyzer is a centralized network security reporting solution. The product is mainly used to collect network log data and analyze, report and archive...

5.3CVSS6.4AI score0.00728EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/01/03 12:0 a.m.7 views

PT-2022-9168 · Manageengine · Zoho Manageengine Adselfservice Plus

Name of the Vulnerable Software and Affected Versions: ManageEngine ADSelfService Plus versions prior to build 6116 Description: The issue allows a user from one domain to obtain the password policy for another domain by authenticating to the service and sending a request specifying the password...

4.3CVSS4.6AI score0.01116EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/01/03 12:0 a.m.5 views

ZOHO ManageEngine ADSelfService Plus 信息泄露漏洞

A security vulnerability exists in ZOHO ManageEngine ADSelfService Plus, ZOHO's integrated self-service password management and single sign-on solution for Active Directory and cloud applications. The vulnerability is caused by ManageEngine ADSelfService Plus under build 6116 storing the password...

4.3CVSS5.6AI score0.01116EPSS
Exploits1References3
Rows per page
Query Builder