Lucene search
K

7834 matches found

ATTACKERKB
ATTACKERKB
added 4 days ago4 views

CVE-2026-13753

A missing authorization vulnerability exists in the embedded webserver of HP Deskjet 2800 Series Printers running firmware version =TBP1CN2612AR. An unauthenticated attacker with network access can send GET requests to multiple exposed administrative API endpoints and retrieve sensitive...

7.5CVSS6AI score0.00271EPSS
Exploits0References2
EUVD
EUVD
added 4 days ago4 views

EUVD-2026-41895

A missing authorization vulnerability exists in the embedded webserver of HP Deskjet 2800 Series Printers running firmware version =TBP1CN2612AR. An unauthenticated attacker with network access can send GET requests to multiple exposed administrative API endpoints and retrieve sensitive...

7.5CVSS6AI score0.00271EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 4 days ago11 views

CVE-2026-13753 CVE-2026-13753

A missing authorization vulnerability exists in the embedded webserver of HP Deskjet 2800 Series Printers running firmware version =TBP1CN2612AR. An unauthenticated attacker with network access can send GET requests to multiple exposed administrative API endpoints and retrieve sensitive...

6AI score0.00271EPSS
Exploits0References1
CVE
CVE
added 4 days ago34 views

CVE-2026-13753

HP Deskjet 2800 Series printers (firmware

7.5CVSS6AI score0.00271EPSS
Exploits0References2
OSV
OSV
added 4 days ago4 views

GHSA-3FCV-JVFP-M4Q9 Cilium vulnerable to sensitive information disclosure and cluster disruption via local Envoy admin socket access

Impact When Cilium L7 functionality is enabled on a cluster, the Envoy instance supporting this functionality creates a world-accessible socket on cluster nodes. A local attacker would be able to access Envoy admin endpoints. Depending on deployment configuration, this can expose sensitive...

9.2CVSS5.9AI score0.00017EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 4 days ago5 views

CVE-2026-14620

A flaw was found in webpack-dev-server. This vulnerability allows a remote attacker to exploit exposed internal developer endpoints, /webpack-dev-server/open-editor and /webpack-dev-server/invalidate, through cross-origin requests. By visiting a malicious website while the development server is...

4.7CVSS6AI score0.00116EPSS
Exploits0References5
OSV
OSV
added 4 days ago3 views

MAL-2026-6795 Malicious code in zod-pino444 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 560c3d47344d4da5dffac230236b5248d2f1856c221ffac7ff72d4e3b197957b Package [email protected] is a credential/secret harvester disguised behind a benign-sounding name. scripts/postinstall-agent.mjs is a...

6AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 4 days ago8 views

PT-2026-55961

Name of the Vulnerable Software and Affected Versions HP Deskjet 2800 Series Printers versions prior to TBP1CN2612AR Description A missing authorization flaw exists in the embedded webserver. An unauthenticated attacker with network access can bypass administrative controls by sending GET request...

7.5CVSS6AI score0.00271EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 4 days ago4 views

PT-2026-56037

Name of the Vulnerable Software and Affected Versions FOSSBilling versions 0.5.3 through 0.7.2 Description Authenticated clients can read and reset API key service secrets for orders that are not in an active state, such as suspended or canceled. This occurs due to missing order-state validation ...

8.6CVSS6AI score0.00251EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 4 days ago9 views

PT-2026-56051

Name of the Vulnerable Software and Affected Versions Cilium versions 1.19.0 through 1.19.1 Cilium versions 1.18.0 through 1.18.7 Cilium versions prior to 1.17.14 Description When L7 functionality is enabled, the Envoy instance creates a world-accessible socket on cluster nodes. A local attacker...

9.2CVSS5.9AI score0.00017EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 4 days ago8 views

PT-2026-56078

Name of the Vulnerable Software and Affected Versions Coder versions 2.33.0 through 2.33.7 Coder versions 2.34.0 through 2.34.1 Description AI Bridge provider handlers read request bodies using io.ReadAll without enforcing a maximum size. An authenticated user with AI Bridge access can send an...

6.5CVSS6AI score0.00552EPSS
Exploits0References11
Snyk
Snyk
added last week4 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the repository feed endpoints. An attacker can access private repository commit data by using API tokens that lack the required repository scope. Remediation Upgrade github.com/go-gitea/gitea/services/convert...

5.3CVSS7.2AI score0.00367EPSS
Exploits0References2
Snyk
Snyk
added last week5 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the repository feed endpoints. An attacker can access private repository commit data by using API tokens that lack the required repository scope. Remediation Upgrade github.com/go-gitea/gitea/routers/web/feed...

5.3CVSS7.2AI score0.00367EPSS
Exploits0References2
Snyk
Snyk
added last week5 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the repository feed endpoints. An attacker can access private repository commit data by using API tokens that lack the required repository scope. Remediation Upgrade github.com/go-gitea/gitea/modules/git to...

5.3CVSS7.2AI score0.00367EPSS
Exploits0References2
NVD
NVD
added last week4 views

CVE-2026-27783

Gitea versions up to and including 1.26.1 do not enforce repository-unit authorization on issue-template API endpoints...

4.3CVSS0.00283EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added last week5 views

CVE-2026-27783

Gitea versions up to and including 1.26.1 do not enforce repository-unit authorization on issue-template API endpoints...

4.3CVSS5.9AI score0.00283EPSS
Exploits0References6
Snyk
Snyk
added last week5 views

Cross-site Request Forgery (CSRF)

Overview webpack-dev-server is an Uses webpack with a development server that provides live reloading. It should be used for development only. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the open-editor and invalidate endpoints. An attacker can open...

5.3CVSS6AI score0.00116EPSS
Exploits0References2
Cvelist
Cvelist
added last week41 views

CVE-2026-14620 webpack-dev-server vulnerable to cross-site request forgery via internal developer endpoints

webpack-dev-server versions 5.2.5 and earlier expose two internal developer endpoints, /webpack-dev-server/open-editor and /webpack-dev-server/invalidate, that perform state-changing actions on any GET request without verifying that the request originated from the dev server's own page. Any websi...

4.7CVSS0.00116EPSS
Exploits0References2
CVE
CVE
added last week27 views

CVE-2026-14620

webpack-dev-server prior to 5.2.6 exposes two internal endpoints (/webpack-dev-server/open-editor and /webpack-dev-server/invalidate) that perform state-changing actions on any GET request without origin verification. This enables cross-origin interactions when a user visits any website while the...

4.7CVSS6.1AI score0.00116EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/07/03 12:17 p.m.4 views

Missing Origin Validation in WebSockets

Overview @theia/terminal is a Theia - Terminal Extension Affected versions of this package are vulnerable to Missing Origin Validation in WebSockets via the shell-terminal and terminals/:id WebSocket endpoints when origin validation is bypassed due to missing or manipulated headers. An attacker c...

8.8CVSS6.2AI score0.00159EPSS
Exploits0References2
Rows per page
Query Builder