Lucene search
K

11476 matches found

CVE
CVE
added 5 hours ago8 views

CVE-2026-57736

Insertion of Sensitive Information Into Sent Data vulnerability in HubSpot allows Retrieve Embedded Sensitive Data. This issue affects HubSpot: from n/a through 11.3.51...

7.4CVSS5.8AI score
Exploits0References1
EUVD
EUVD
added 5 hours ago4 views

EUVD-2026-41104

Insertion of Sensitive Information Into Sent Data vulnerability in HubSpot allows Retrieve Embedded Sensitive Data. This issue affects HubSpot: from n/a through 11.3.51...

7.4CVSS5.8AI score
Exploits0References1
Nuclei
Nuclei
added 19 hours ago79 views

CData API Server < 23.4.8844 - Path Traversal

A path traversal vulnerability exists in the Java version of CData API Server 23.4.8844 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain complete administrative access to the application. id: CVE-2024-31848 info: name: CData API Server...

9.8CVSS7.4AI score0.08151EPSS
Exploits1References5
Nuclei
Nuclei
added 19 hours ago33 views

CData Sync < 23.4.8843 - Path Traversal

A path traversal vulnerability exists in the Java version of CData Sync CData - Sync' - r...

8.6CVSS7.3AI score0.02909EPSS
Exploits0References2
OSV
OSV
added 4 days ago8 views

MAL-2026-6549 Malicious code in discord-token-generator (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ebd016cfcb52b59c0141268099b96c1336a15ca1d0afce46f367c7fe376f57de discordtokengenerator/init.py imports tokens.py, which instantiates TokenManager at module load. The constructor calls notin, which concatenates eigh...

5.9AI score
Exploits0References6
RedhatCVE
RedhatCVE
added 5 days ago8 views

CVE-2026-48930

A flaw was found in Node.js. This vulnerability in the TLS Transport Layer Security hostname handling allows embedded null characters in hostnames. This can lead to silent authority rebinding, potentially enabling an attacker to redirect network traffic to an unintended server and disclose...

9.8CVSS6AI score0.0038EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 5 days ago7 views

CVE-2026-48615

A flaw was found in Node.js. When proxy credentials are embedded in a proxy URL, an issue in the proxy tunnel error handling can lead to the exposure of these credentials. This information disclosure vulnerability allows an attacker to potentially capture sensitive proxy credentials through logs,...

7.5CVSS6.1AI score0.00392EPSS
Exploits0References4
CVE
CVE
added 5 days ago18 views

CVE-2026-47778

Envoy CVE-2026-47778 describes a TLS DNS SAN truncation flaw in DefaultCertValidator::verifySubjectAltName. Before 1.35.11, 1.36.7, 1.37.3, and 1.38.1, an embedded NUL in a dNSName SAN can be partially preserved by generalNameAsString but truncated when converted to a C-style string via .c_str(),...

4.4CVSS5.8AI score0.00212EPSS
Exploits1References1Affected Software1
OSV
OSV
added 5 days ago3 views

ALPINE-CVE-2026-48930

A flaw in Node.js TLS hostname handling can cause Embedded-nul hostnames can lead to silent authority rebinding due to c-string truncation in resolver bindings. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

9.8CVSS6.2AI score0.0038EPSS
Exploits0References1
NVD
NVD
added 5 days ago9 views

CVE-2026-48930

A flaw in Node.js TLS hostname handling can cause Embedded-nul hostnames can lead to silent authority rebinding due to c-string truncation in resolver bindings. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

9.8CVSS0.0038EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago8 views

EUVD-2026-39614

A flaw in Node.js TLS hostname handling can cause Embedded-nul hostnames can lead to silent authority rebinding due to c-string truncation in resolver bindings. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

9.8CVSS6.6AI score0.0038EPSS
Exploits0References1
CVE
CVE
added 5 days ago52 views

CVE-2026-48930

CVE-2026-48930 affects Node.js 22.x, 24.x, and 26.x due to a flaw in TLS hostname handling where embedded-nul hostnames cause silent authority rebinding from c-string truncation in resolver bindings. Affected components are within Node.js TLS hostname resolution/verification paths. The vulnerabil...

9.8CVSS6.6AI score0.0038EPSS
Exploits0References1Affected Software1
Debian CVE
Debian CVE
added 5 days ago6 views

CVE-2026-48930

A flaw in Node.js TLS hostname handling can cause Embedded-nul hostnames can lead to silent authority rebinding due to c-string truncation in resolver bindings. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

9.8CVSS6.5AI score0.0038EPSS
Exploits0
Cvelist
Cvelist
added 5 days ago39 views

CVE-2026-48930

A flaw in Node.js TLS hostname handling can cause Embedded-nul hostnames can lead to silent authority rebinding due to c-string truncation in resolver bindings. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

5.6CVSS0.0038EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 5 days ago8 views

CVE-2026-48930

A flaw in Node.js TLS hostname handling can cause Embedded-nul hostnames can lead to silent authority rebinding due to c-string truncation in resolver bindings. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

9.8CVSS6.6AI score0.0038EPSS
Exploits0
RedhatCVE
RedhatCVE
added 6 days ago5 views

CVE-2026-53224

A flaw was found in the Linux kernel's Stream Control Transmission Protocol SCTP implementation. Specifically, improper validation of embedded INIT chunk and address list lengths in SCTP cookies could allow a remote attacker to trigger out-of-bounds reads. This could lead to information disclosur...

9.1CVSS5.9AI score0.00547EPSS
Exploits0References4
EUVD
EUVD
added 6 days ago4 views

EUVD-2026-39393

Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal APIExperts Square for WooCommerce allows Retrieve Embedded Sensitive Data. This issue affects APIExperts Square for WooCommerce: from n/a through 4.7.3...

8.3CVSS5.8AI score0.00182EPSS
Exploits0References1
OSV
OSV
added 6 days ago2 views

UBUNTU-CVE-2026-53224

In the Linux kernel, the following vulnerability has been resolved: sctp: validate embedded INIT chunk and address list lengths in cookie sctpunpackcookie only checked that the embedded INIT chunk length did not exceed the remaining cookie payload, but did not ensure that the INIT chunk is large...

9.1CVSS5.7AI score0.00547EPSS
Exploits0References6
Cvelist
Cvelist
added 6 days ago25 views

CVE-2026-53224 sctp: validate embedded INIT chunk and address list lengths in cookie

In the Linux kernel, the following vulnerability has been resolved: sctp: validate embedded INIT chunk and address list lengths in cookie sctpunpackcookie only checked that the embedded INIT chunk length did not exceed the remaining cookie payload, but did not ensure that the INIT chunk is large...

9.1CVSS0.00547EPSS
Exploits0References3
OSV
OSV
added 6 days ago3 views

BIT-PYTHON-MIN-2026-6019 BaseCookie.js_output() does not neutralize embedded characters

http.cookies.Morsel.jsoutput returns an inline snippet and only escapes " for JavaScript string context. It does not neutralize the HTML parser-sensitive sequence inside the generated script element. Mitigation base64-encodes the cookie value to disallow escaping using cookie value...

6.1CVSS5.2AI score0.00229EPSS
Exploits1References7
Rows per page
Query Builder