Lucene search
+L

329 matches found

OSV
OSV
added 2026/02/24 4:26 p.m.9 views

CVE-2026-27587 Caddy: MatchPath %xx (escaped-path) branch skips case normalization, enabling path-based route/auth bypass

Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, Caddy's HTTP path request matcher is intended to be case-insensitive, but when the match pattern contains percent-escape sequences %xx it compares against the request's escaped path without lowercasing. An...

8.7CVSS5.6AI score0.0037EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/02/24 12:0 a.m.6 views

PT-2026-21820

Name of the Vulnerable Software and Affected Versions FreeBSD affected versions not specified Description A critical flaw exists in FreeBSD that allows a jailed process to escape its confinement. Successful exploitation of this issue can lead to full filesystem access, effectively breaking the...

6AI score0.00111EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/02/24 12:0 a.m.12 views

Caddy 安全漏洞

Caddy is an open-source, cross-platform HTTP/Web server developed by the Caddy company. Versions of Caddy prior to 2.11.1 contained security vulnerabilities. These vulnerabilities stemmed from the HTTP path request matcher’s sensitivity to case differences when processing patterns that included...

9.1CVSS5.8AI score0.0037EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/02/24 12:0 a.m.5 views

PT-2026-21819

By default, jailed processes cannot mount filesystems, including nullfs4. However, the allow.mount.nullfs option enables mounting nullfs filesystems, subject to privilege checks. If a privileged user within a jail is able to nullfs-mount directories, a limitation of the kernel's path lookup logic...

7.5AI score0.00112EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/02/20 7:29 p.m.5 views

CVE-2026-2472 Stored Cross-Site Scripting (XSS) in Vertex AI Python SDK Visualization

Stored Cross-Site Scripting XSS in the genai/evalsvisualization component of Google Cloud Vertex AI SDK google-cloud-aiplatform versions from 1.98.0 up to but not including 1.131.0 allows an unauthenticated remote attacker to execute arbitrary JavaScript in a victim's Jupyter or Colab environment...

8.6CVSS5.8AI score0.00529EPSS
Exploits2References1
Amazon
Amazon
added 2026/02/19 12:0 a.m.8 views

Important: firefox

Issue Overview: Spoofing issue in the Downloads Panel component. This vulnerability affects Firefox 146. CVE-2025-14327 Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox 147, Firefox ESR 115.32, and Firefox ESR 140.7. CVE-2026-0877 Sandbox escape due to incorrec...

9.8CVSS6.1AI score0.0057EPSS
Exploits0
Amazon
Amazon
added 2026/02/19 12:0 a.m.6 views

Important: thunderbird

Issue Overview: Spoofing issue in the Downloads Panel component. This vulnerability affects Firefox 146. CVE-2025-14327 CSS-based exfiltration of the content from partially encrypted emails when allowing remote content. This vulnerability affects Thunderbird 147.0.1 and Thunderbird 140.7.1...

9.8CVSS6.1AI score0.0057EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/02/13 12:0 a.m.6 views

AlmaLinux 8 : firefox (ALSA-2026:0667)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2026:0667 advisory. firefox: Spoofing issue in the Downloads Panel component CVE-2025-14327 firefox: Use-after-free in the JavaScript: GC component CVE-2026-0885 firefox:...

9.8CVSS5.7AI score0.0057EPSS
Exploits0References15
OSV
OSV
added 2026/02/09 12:0 a.m.7 views

ALSA-2026:2286 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: Spoofing issue in the Downloads Panel component CVE-2025-14327 firefox: Use-after-free in the JavaScript: GC component CVE-2026-0885 firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.7,...

9.8CVSS5.5AI score0.0057EPSS
Exploits0References28
Tenable Nessus
Tenable Nessus
added 2026/02/09 12:0 a.m.4 views

RHEL 10 : thunderbird (RHSA-2026:2286)

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:2286 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: Spoofing issue in the Downloads Panel component...

9.8CVSS5.8AI score0.0057EPSS
Exploits0References28
EUVD
EUVD
added 2026/02/06 7:54 p.m.9 views

EUVD-2026-5592

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, a sandbox escape is possible by shadowing hasOwnProperty on a sandbox object, which disables prototype whitelist enforcement in the property-access path. This permits direct access to proto and other blocked prototype properties,...

10CVSS5.4AI score0.00636EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/01/28 12:0 a.m.6 views

SandboxJS security vulnerability

SandboxJS is a security assessment tool developed by nyariv. Versions of SandboxJS prior to 0.8.26 contained security vulnerabilities. These vulnerabilities stemmed from the lack of isolation of AsyncFunctions within SandboxFunctions, which could lead to sandbox escapes and remote code execution...

10CVSS6.2AI score0.01122EPSS
Exploits1References2
Wired Threat Level
Wired Threat Level
added 2026/01/27 11:0 a.m.4 views

He Leaked the Secrets of a Southeast Asian Scam Compound. Then He Had to Get Out Alive

A source trapped inside an industrial-scale scamming operation contacted me, determined to expose his captors’ crimes—and then escape. This is his story...

5.9AI score
Exploits0
RedHat Linux
RedHat Linux
added 2026/01/22 6:53 p.m.16 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.17.47 packages and security update

Red Hat OpenShift Container Platform release 4.17.47 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.17. Red Hat Product Security has rated this update as having a...

8.4CVSS7.1AI score0.0067EPSS
Exploits4References4
Mageia
Mageia
added 2026/01/20 3:25 a.m.9 views

Updated nss & firefox packages fix security vulnerabilities

Mitigation bypass in the DOM: Security component. CVE-2026-0877 Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. CVE-2026-0878 Sandbox escape due to incorrect boundary conditions in the Graphics component. CVE-2026-0879 Sandbox escape due to integer...

9.8CVSS5.6AI score0.0057EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.3 views

MiracleLinux 8 : postgresql:10 (AXSA:2021-1514:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1514:01 advisory. postgresql: Reconnection can downgrade connection security settings CVE-2020-25694 postgresql: Multiple features escape security restricted operatio...

8.8CVSS5.6AI score0.4644EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.2 views

RockyLinux 9 : firefox (RLSA-2026:0694)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:0694 advisory. firefox: Spoofing issue in the Downloads Panel component CVE-2025-14327 firefox: Use-after-free in the JavaScript: GC component CVE-2026-0885 firefox:...

9.8CVSS5.7AI score0.0057EPSS
Exploits0References27
RedHat Linux
RedHat Linux
added 2026/01/15 7:11 p.m.6 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.18.31 packages and security update

Red Hat OpenShift Container Platform release 4.18.31 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.18. Red Hat Product Security has rated this update as having a...

8.4CVSS7.1AI score0.0067EPSS
Exploits4References4
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.1 views

Mozilla Thunderbird < 140.7

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 140.7. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-05 advisory. - Spoofing issue in the Downloads Panel component. This vulnerability affects Firefox 146, Thunderbird 146...

9.8CVSS5.7AI score0.0057EPSS
Exploits0References14
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.2 views

Mozilla Thunderbird < 147.0

The version of Thunderbird installed on the remote Windows host is prior to 147.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-04 advisory. - Memory safety bugs present in Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory...

10CVSS9AI score0.0057EPSS
Exploits1References17
Rows per page
Query Builder