Lucene search
+L

37 matches found

Cvelist
Cvelist
added 2026/07/10 5:17 p.m.32 views

CVE-2026-55671 ZITADEL: Server-Side Request Forgery (SSRF) and Denylist Bypass in Outgoing HTTP Components

ZITADEL is an open source identity management platform. From 4.0.0-rc.1 through 4.15.1, ZITADEL's HTTP notification channels, OIDC BackChannel Logout, and SAML metadata URL fetches do not consistently validate user-defined URLs against protected denylist handling, allowing server-side requests to...

2.3CVSS0.00252EPSS
Exploits0References3
OSV
OSV
added 2026/07/10 5:17 p.m.5 views

CVE-2026-55671 ZITADEL: Server-Side Request Forgery (SSRF) and Denylist Bypass in Outgoing HTTP Components

ZITADEL is an open source identity management platform. From 4.0.0-rc.1 through 4.15.1, ZITADEL's HTTP notification channels, OIDC BackChannel Logout, and SAML metadata URL fetches do not consistently validate user-defined URLs against protected denylist handling, allowing server-side requests to...

2.3CVSS6.1AI score0.00252EPSS
Exploits0References5
CVE
CVE
added 2026/07/06 9:52 a.m.24 views

CVE-2026-44937

Summary: An unauthenticated webhook vulnerability in SUSE Rancher Fleet (versions prior to 0.15.2, 0.14 prior to 0.14.6, 0.13 prior to 0.13.11, 0.12 prior to 0.12.15) allows forging webhook requests via regex-based injection from unsanitized repository URL components, potentially enabling DoS or ...

8.3CVSS6AI score0.00506EPSS
Exploits0References1Affected Software1
Snyk
Snyk
added 2026/07/01 8:44 p.m.4 views

Insufficient Verification of Data Authenticity

Overview Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity via unsanitized repository URL components in the webhook endpoint when no secret is configured. An attacker can trigger continuous repository re-cloning, increasing network traffic and...

8.3CVSS6AI score0.00506EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/18 1:1 p.m.3 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the processing of user-supplied URLs in outgoing HTTP components, including notification channels, OIDC backchannel logout, and SAML metadata fetches. An attacker can access internal network resources...

4.2CVSS6AI score0.00252EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/18 1:1 p.m.6 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the processing of user-supplied URLs in outgoing HTTP components, including notification channels, OIDC backchannel logout, and SAML metadata fetches. An attacker can access internal network resources...

4.2CVSS6AI score0.00252EPSS
Exploits0References2
OSV
OSV
added 2026/06/18 1:1 p.m.9 views

GHSA-29JH-8CFQ-RR8X ZITADEL: Server-Side Request Forgery (SSRF) and Denylist Bypass in Outgoing HTTP Components

Summary A Server-Side Request Forgery SSRF vulnerability was discovered in Zitadel affecting: HTTP Notification Channels: Used as an alternative to SMTP/Twilio configurations, sending payloads to user-defined URLs via HTTP POST webhooks. OIDC BackChannel Logout: Terminates sessions across differe...

2.3CVSS6.2AI score0.00252EPSS
Exploits0References4
NVD
NVD
added 2026/04/07 5:16 p.m.8 views

CVE-2025-14821

A flaw was found in libssh. This vulnerability allows local man-in-the-middle attacks, security downgrades of SSH Secure Shell connections, and manipulation of trusted host information, posing a significant risk to the confidentiality, integrity, and availability of SSH communications via an...

7.8CVSS0.00129EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2026/04/07 4:34 p.m.3 views

CVE-2025-14821

A flaw was found in libssh. This vulnerability allows local man-in-the-middle attacks, security downgrades of SSH Secure Shell connections, and manipulation of trusted host information, posing a significant risk to the confidentiality, integrity, and availability of SSH communications via an...

7.8CVSS6.5AI score0.00129EPSS
Exploits0
Cvelist
Cvelist
added 2026/04/07 4:34 p.m.24 views

CVE-2025-14821 Libssh: libssh: insecure default configuration leads to local man-in-the-middle attacks on windows

A flaw was found in libssh. This vulnerability allows local man-in-the-middle attacks, security downgrades of SSH Secure Shell connections, and manipulation of trusted host information, posing a significant risk to the confidentiality, integrity, and availability of SSH communications via an...

7.8CVSS0.00129EPSS
Exploits0References4
OSV
OSV
added 2026/04/07 4:34 p.m.2 views

CVE-2025-14821 Libssh: libssh: insecure default configuration leads to local man-in-the-middle attacks on windows

A flaw was found in libssh. This vulnerability allows local man-in-the-middle attacks, security downgrades of SSH Secure Shell connections, and manipulation of trusted host information, posing a significant risk to the confidentiality, integrity, and availability of SSH communications via an...

7.8CVSS6.7AI score0.00129EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.4 views

PT-2026-30900

Name of the Vulnerable Software and Affected Versions libssh affected versions not specified Description A flaw exists in libssh that allows local man-in-the-middle attacks, security downgrades of SSH Secure Shell connections, and manipulation of trusted host information. This poses a risk to the...

7.8CVSS6.2AI score0.00129EPSS
Exploits0References15
CNNVD
CNNVD
added 2026/03/16 12:0 a.m.8 views

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost 10.11.10 and earlier, including 10.11.x, have a security vulnerability. This vulnerability stems from improper validation of permission requirements at the team member role API...

3.8CVSS5.8AI score0.00159EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/10 7:15 p.m.6 views

CVE-2025-14821

A flaw was found in libssh. This vulnerability allows local man-in-the-middle attacks, security downgrades of SSH Secure Shell connections, and manipulation of trusted host information, posing a significant risk to the confidentiality, integrity, and availability of SSH communications via an...

7.8CVSS5AI score0.00129EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/10 12:0 a.m.6 views

AMD Processors 安全漏洞

AMD Processors are a series of processors developed by American semiconductor company AMD. There are security vulnerabilities in AMD Processors, which stem from improper lockpick protection measures. These vulnerabilities may lead to firmware downgrades and loss of integrity. The following produc...

6.7CVSS5.8AI score0.00136EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/02 6:30 p.m.5 views

EUVD-2025-200286

The BigFix SaaS's HTTP responses were missing some security headers. The absence of these headers weakens the application's client-side security posture, making it more vulnerable to common web attacks that these headers are designed to mitigate, such as Cross-Site Scripting XSS, Clickjacking, an...

5.4CVSS5.8AI score0.00155EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-32272

Malicious code in bioql PyPI...

7.7CVSS7.6AI score0.00312EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/08/25 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2017-9269

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In libzypp before August 2018 GPG keys attached to YUM repositories were not correctly pinned, allowing malicious repository mirrors to silently downgrade to...

9.8CVSS7.8AI score0.0229EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/21 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2017-5120

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate use of www mismatch redirects in browser navigation in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for...

6.5CVSS6.8AI score0.01127EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 4:9 p.m.12 views

CVE-2020-11209

Improper authorization in DSP process could allow unauthorized users to downgrade the library versions in SD820, SD821, SD820, QCS603, QCS605, SDA855, SA6155P, SA6145P, SA6155, SA6155P, SD855, SD 675, SD660, SD429, SD439...

5.5CVSS7AI score0.01568EPSS
Exploits1References1
Rows per page
Query Builder