Lucene search
K

16096 matches found

EUVD
EUVD
added 2026/06/22 9:4 p.m.6 views

EUVD-2026-38376

n8n before 2.20.0 contains a credential exfiltration vulnerability in the POST /rest/dynamic-node-parameters/options endpoint that allows authenticated users to bypass Allowed HTTP Request Domains restrictions. Attackers with credential access can cause the n8n server to issue HTTP requests with...

9.1CVSS5.9AI score0.00262EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/22 9:4 p.m.25 views

CVE-2026-56348 n8n - Credential Exfiltration via Allowed HTTP Request Domains Bypass in Dynamic Node Parameters Endpoint

n8n before 2.20.0 contains a credential exfiltration vulnerability in the POST /rest/dynamic-node-parameters/options endpoint that allows authenticated users to bypass Allowed HTTP Request Domains restrictions. Attackers with credential access can cause the n8n server to issue HTTP requests with...

9.1CVSS0.00262EPSS
Exploits0References2
NVD
NVD
added 2026/06/22 4:16 p.m.10 views

CVE-2026-52725

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23, an issue in the @angular/core package allows bypassing script-execution restrictions during dynamic component...

6.1CVSS0.00238EPSS
Exploits0References3
CVE
CVE
added 2026/06/22 3:18 p.m.16 views

CVE-2026-52725

Angular CVE-2026-52725 concerns an issue in the @angular/core dynamic component creation flow. The vulnerability allows bypassing script-execution restrictions by mounting a dynamic component directly onto a [removed] tag or namespaced script element when a user-controlled host/selector is suppli...

6.1CVSS6AI score0.00238EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/06/22 3:18 p.m.6 views

EUVD-2026-38261

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23, an issue in the @angular/core package allows bypassing script-execution restrictions during dynamic component...

5.3CVSS6AI score0.00238EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/22 3:18 p.m.39 views

CVE-2026-52725 Angular Template and Dynamic Component Namespace Bypass leading to Cross-Site Scripting (XSS)

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23, an issue in the @angular/core package allows bypassing script-execution restrictions during dynamic component...

5.3CVSS0.00238EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/06/22 3:18 p.m.5 views

CVE-2026-52725

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23, an issue in the @angular/core package allows bypassing script-execution restrictions during dynamic component...

6.1CVSS6AI score0.00238EPSS
Exploits0
OSV
OSV
added 2026/06/22 10:55 a.m.9 views

SUSE-SU-2026:2481-1 Security update for openvswitch

This update for openvswitch fixes the following issues - CVE-2026-5265: heap over-read in ICMP error response generation bsc1262498. - CVE-2026-5367: heap over-read in OVN DHCPv6 client ID processing bsc1262499...

8.6CVSS5.8AI score0.00868EPSS
Exploits0References5
OSV
OSV
added 2026/06/22 8:24 a.m.2 views

SUSE-SU-2026:2476-1 Security update for openvswitch3

This update for openvswitch3 fixes the following issues - CVE-2026-5265: heap over-read in ICMP error response generation bsc1262498. - CVE-2026-5367: heap over-read in OVN DHCPv6 client ID processing bsc1262499...

8.6CVSS5.8AI score0.00868EPSS
Exploits0References5
OSV
OSV
added 2026/06/22 8:23 a.m.4 views

SUSE-SU-2026:2475-1 Security update for openvswitch

This update for openvswitch fixes the following issues - CVE-2026-5265: heap over-read in ICMP error response generation bsc1262498. - CVE-2026-5367: heap over-read in OVN DHCPv6 client ID processing bsc1262499...

8.6CVSS5.8AI score0.00868EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.10 views

PT-2026-51371

Name of the Vulnerable Software and Affected Versions TP-Link routers affected versions not specified Description Insufficient validation of externally supplied DHCP option data in the DHCP option processing logic allows an adjacent, unauthenticated attacker to execute arbitrary commands with...

8.7CVSS6.2AI score0.00409EPSS
Exploits1References13
Redos
Redos
added 2026/06/22 12:0 a.m.5 views

ROS-20260622-73-0041

The vulnerability of the ngxhttpdavmodule module in NGINX Plus and NGINX Open Source servers is related to buffer overflow in dynamic memory. Exploiting this vulnerability can allow a malicious actor to cause service failures...

8.8CVSS6.2AI score0.21621EPSS
Exploits0
NVD
NVD
added 2026/06/21 6:16 a.m.9 views

CVE-2026-12779

A vulnerability was found in AOMEI Dynamic Disk Manager up to 10.10.1. This issue affects some unknown processing in the library ddmdrv.sys of the component Kernel Driver. Performing a manipulation results in improper access controls. The attack must be initiated from a local position. The exploi...

8.5CVSS0.00113EPSS
Exploits0References5
CVE
CVE
added 2026/06/21 5:15 a.m.18 views

CVE-2026-12779

CVE-2026-12779 affects AOMEI Dynamic Disk Manager up to version 10.10.1, specifically its Kernel Driver component ddmdrv.sys. The issue arises from improper access controls in a local-processing path within the ddmdrv.sys library. The vulnerability is locally exploitable, with an exploit publicly...

8.5CVSS6.5AI score0.00113EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/21 5:15 a.m.33 views

CVE-2026-12779 AOMEI Dynamic Disk Manager Kernel Driver ddmdrv.sys access control

A vulnerability was found in AOMEI Dynamic Disk Manager up to 10.10.1. This issue affects some unknown processing in the library ddmdrv.sys of the component Kernel Driver. Performing a manipulation results in improper access controls. The attack must be initiated from a local position. The exploi...

8.5CVSS0.00113EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/21 5:15 a.m.3 views

CVE-2026-12779

A vulnerability was found in AOMEI Dynamic Disk Manager up to 10.10.1. This issue affects some unknown processing in the library ddmdrv.sys of the component Kernel Driver. Performing a manipulation results in improper access controls. The attack must be initiated from a local position. The exploi...

8.5CVSS5.3AI score0.00113EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/06/20 3:24 p.m.30 views

CVE-2026-56294 capacitor-native-biometric - Authentication Bypass via Unvalidated CryptoObject in onAuthenticationSucceeded

capacitor-native-biometric before 12.128.2 contains an authentication bypass vulnerability where the onAuthenticationSucceeded method fails to validate CryptoObject parameters. Attackers can hook the onAuthenticationSucceeded function using dynamic instrumentation to bypass biometric authenticati...

4.8CVSS0.00165EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/20 3:24 p.m.9 views

EUVD-2026-38121

capacitor-native-biometric before 12.128.2 contains an authentication bypass vulnerability where the onAuthenticationSucceeded method fails to validate CryptoObject parameters. Attackers can hook the onAuthenticationSucceeded function using dynamic instrumentation to bypass biometric authenticati...

4.8CVSS5.9AI score0.00165EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/06/20 2:28 a.m.10 views

SUSE CVE-2026-55204

HAProxy through 3.4.0, fixed in commit 9a6d1fe, contains a null pointer dereference vulnerability in hpackdhtinsert within src/hpack-tbl.c that fails to validate the return value of hpackdhtdefrag when the memory pool is exhausted. An attacker can trigger HPACK dynamic table insertions under memo...

7.5CVSS5.9AI score0.00431EPSS
Exploits0References5
Snyk
Snyk
added 2026/06/19 7:35 p.m.6 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the propagation of unvalidated LABEL values from image configuration to container labels. An attacker can execute arbitrary commands on the host by...

9.4CVSS6.2AI score0.00203EPSS
Exploits0References2
Rows per page
Query Builder