Lucene search
K

2609 matches found

Nuclei
Nuclei
added 6 hours ago78 views

DomainMOD 4.13.0 - Cross-Site Scripting

DomainMOD 4.13.0 is vulnerable to cross-site scripting via reporting/domains/cost-by-owner.php in the "or Expiring Between" parameter. id: CVE-2020-20988 info: name: DomainMOD 4.13.0 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.13.0 is vulnerable to...

5.4CVSS6.1AI score0.01331EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 5 days ago4 views

io.netty/netty-resolver-dns: Netty has Insufficient Bailiwick Validation for NS Records

A flaw was found in Netty's DnsResolveContext. An attacker controlling an authoritative name server for a subdomain can exploit this vulnerability by providing crafted NS records that are insufficiently validated. This allows the attacker to poison the DNS cache for parent domains, bypassing...

10CVSS5.9AI score0.00292EPSS
Exploits0References7
Cvelist
Cvelist
added 5 days ago32 views

CVE-2026-59207 n8n: "Allowed HTTP Request Domains" Restriction Bypass via AI Agents MCP Connector

n8n is an open source workflow automation platform. Prior to 2.27.4 and 2.28.1, the AI Agents feature did not enforce the Allowed HTTP Request Domains restriction configured on credentials when an MCP tool was pointed at an arbitrary URL, allowing a member-level user with use-only access to a...

7.1CVSS0.00263EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 5 days ago8 views

CVE-2026-59207

n8n is an open source workflow automation platform. Prior to 2.27.4 and 2.28.1, the AI Agents feature did not enforce the Allowed HTTP Request Domains restriction configured on credentials when an MCP tool was pointed at an arbitrary URL, allowing a member-level user with use-only access to a...

7.1CVSS6.1AI score0.00263EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42609

n8n is an open source workflow automation platform. Prior to 2.27.4 and 2.28.1, the AI Agents feature did not enforce the Allowed HTTP Request Domains restriction configured on credentials when an MCP tool was pointed at an arbitrary URL, allowing a member-level user with use-only access to a...

7.1CVSS6.1AI score0.00263EPSS
Exploits0References3
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-42603

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. XAPI can configure different users with different roles, using Role Based Access Control. For more details, see:...

9.4CVSS7.3AI score0.0014EPSS
Exploits0References1
NVD
NVD
added 5 days ago9 views

CVE-2026-56458

HCL DevOps Deploy uses Cross-Origin Resource Sharing CORS which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains...

7.5CVSS0.00248EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42552

HCL DevOps Deploy uses Cross-Origin Resource Sharing CORS which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains...

5.4CVSS5.9AI score0.00248EPSS
Exploits0References1
CVE
CVE
added 5 days ago11 views

CVE-2026-56458

Technical details about CVE-2026-56458 are not publicly available in the provided documents. No affected versions, root cause specifics, exploits, or mitigations are disclosed here. Monitor for updates from vendors or CVE pages.

7.5CVSS5.9AI score0.00248EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 5 days ago35 views

CVE-2026-56458 HCL DevOps Deploy is susceptible to a Permissive Cross-domain Security Policy with Untrusted Domains

HCL DevOps Deploy uses Cross-Origin Resource Sharing CORS which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains...

5.4CVSS0.00248EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 5 days ago7 views

CVE-2026-56458

HCL DevOps Deploy uses Cross-Origin Resource Sharing CORS which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains...

5.4CVSS5.9AI score0.00248EPSS
Exploits0References2
The Hacker News
The Hacker News
added 5 days ago13 views

Fake 7-Zip Installers Turn Devices Into Residential Proxy Nodes

Cybersecurity researchers have disclosed details of a new threat actor dubbed Lurking Lizard that has been operating an end-to-end malicious residential proxy business using an infrastructure comprising more than 230 lookalike domains. The activity dates back to at least August 2022, according to...

6.1AI score
Exploits0
CVE
CVE
added 6 days ago14 views

CVE-2026-59883

CVE-2026-59883 – Guzzle: CookieJar domain-matching flaw in the PHP HTTP client allowed cookies scoped to IP-address or bare-numeric domains (e.g., 192.168.0.1, ::1) to be accepted by non-origin hosts due to SetCookie::matchesDomain() applying ordinary suffix matching. Affects versions prior to 7....

6.1CVSS6AI score0.00115EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 6 days ago35 views

CVE-2026-59883 Guzzle: Cookie Disclosure and Injection via IP-Address Domains

Guzzle is an extensible PHP HTTP client. Prior to 7.12.3, CookieJar did not restrict cookies scoped to IP-address or bare-numeric Domain values to the exact host that set them, because SetCookie::matchesDomain applied ordinary suffix matching to domains such as 192.168.0.1, ::1, or 1, allowing...

4.7CVSS0.00115EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 6 days ago3 views

crypto/x509: Incorrect enforcement of email constraints in crypto/x509

A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly...

7.5CVSS7AI score0.00606EPSS
Exploits0References8
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago10 views

Malicious code in domains-billing-types (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4860726efc056e319a24e46ac4e179809cc294267679a9b8122c5205b49369f1 [email protected] executes node index.js from its postinstall lifecycle script. On install, index.js reads os.hostname and...

6AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 6 days ago3 views

CVE-2026-55688

A flaw was found in the AsyncHttpClient AHC library. The ThreadSafeCookieStore component did not properly verify the domain attribute of cookies, allowing a malicious host to set a cookie for an unrelated domain. This cookie would then be sent by the client in subsequent requests to the targeted...

4CVSS5.8AI score0.00179EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 6 days ago7 views

PT-2026-56285

Name of the Vulnerable Software and Affected Versions WebPros Plesk versions prior to 18.0.78.4 Description Incorrect authorization in the XML-RPC API allows a low-privileged authenticated customer to look up domains they do not own. This occurs because ownership is enforced only for specific...

9.9CVSS6AI score0.00364EPSS
Exploits0References10
NVD
NVD
added last week8 views

CVE-2026-53878

An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. DomainNameValidator does not prohibit newlines in domain names unless used via a form field, since CharField strips newlines. If an application uses values with newlines in an HTTP response, header injection can occur. Djan...

6.1CVSS0.00217EPSS
Exploits0References3
OSV
OSV
added 2026/07/06 5:55 a.m.3 views

BIT-MASTODON-2026-50128 Mastodon: Spoofing of attribution domains

Mastodon is a free, open-source social network server based on ActivityPub. From 4.3.0 until 4.5.11 and 4.4.18, Mastodon has a feature to let websites credit authors of their articles. To prevent false attribution claims, Mastodon uses the attributionDomains JSON-LD term, however, an error in how...

5.3CVSS6AI score0.00129EPSS
Exploits0References3
Rows per page
Query Builder