Lucene search
K

49 matches found

NVD
NVD
added 2026/07/02 12:17 p.m.4 views

CVE-2026-49779

Customer Path Traversal in Tax Exempt for WooCommerce = 1.9.3 versions...

6.5CVSS0.00343EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/02 11:15 a.m.30 views

CVE-2026-49779 WordPress Tax Exempt for WooCommerce plugin <= 1.9.3 - Path Traversal vulnerability

Customer Path Traversal in Tax Exempt for WooCommerce = 1.9.3 versions...

6.5CVSS0.00343EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.15 views

PT-2026-54985

Customer Path Traversal in Tax Exempt for WooCommerce = 1.9.3 versions...

6.5CVSS5.8AI score0.00343EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/25 7:30 p.m.38 views

CVE-2026-55964 Chain intermediate CA:TRUE without keyCertSign accepted as a signing CA (temporary CA exemption)

Chain intermediate CA:TRUE without keyCertSign accepted as a signing CA. Intermediate CA certificates are required to have the keyCertSign key usage when a Key Usage extension is present, but chain-supplied temporary CAs WOLFSSLTEMPCA added while building a certificate path were previously exempt...

6.3CVSS0.00118EPSS
Exploits0References2
OSV
OSV
added 2026/06/12 8:26 p.m.3 views

CVE-2026-47264 Discourse: Don't leak restricted tag group names via tag info

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, DetailedTagSerializertaggroupnames returned every tag group a tag belonged to without filtering against the requesting...

5.3CVSS5.9AI score0.00216EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.18 views

PT-2026-48476

Affected: @hulumi/policies 1.4.0 — Fixed in: 1.4.0 — Severity: High — CWE-284 Improper Access Control Summary HULUMI-H1 forbids raw aws:s3:Bucket outside of Hulumi's SecureBucket component, with one exemption: a raw bucket that's a child of a SecureBucket is allowed because the component is...

8.5CVSS5.4AI score0.00039EPSS
Exploits0References5
PyPA
PyPA
added 2026/06/02 9:16 a.m.4 views

PYSEC-2026-2261

In version 3.6.19 of prefecthq/prefect, an authentication bypass vulnerability exists due to the improper handling of URL path exemptions for health check probes. Specifically, the authentication middleware exempts any URL path ending with 'health' or 'ready' from authentication checks. This allo...

7.5CVSS7AI score0.00476EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/06/02 7:28 a.m.38 views

CVE-2026-3514

The CVE-2026-3514 entry describes an authentication bypass in prefecthq/prefect v3.6.19 caused by the authentication middleware exempting URL paths ending with “health” or “ready” from authentication checks. This bypass enables unauthorized access to resources via name-based endpoints for variabl...

7.5CVSS7.1AI score0.00476EPSS
Exploits1References2Affected Software1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Firefox

If an attacker needed a user to load an insecure http: page and knew that the user had enabled HTTPS-only mode, the attacker could trick the user into clicking to grant an HTTPS-only exception, provided they could get the user to participate in a clicking game. This vulnerability affects Firefox...

6.5CVSS6.6AI score0.0049EPSS
Exploits0References2
OSV
OSV
added 2026/05/19 12:16 p.m.9 views

UBUNTU-CVE-2026-43491

In the Linux kernel, the following vulnerability has been resolved: net: qrtr: ns: Limit the maximum server registration per node Current code does no bound checking on the number of servers added per node. A malicious client can flood NEWSERVER messages and exhaust memory. Fix this issue by...

6.8CVSS5.7AI score0.00144EPSS
Exploits0References12
OSV
OSV
added 2026/05/13 6:57 p.m.3 views

CVE-2026-41255 CKAN: CSRF exemption primed by anonymous requests

CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, Access to the views via tokens or unauthenticated requests marked the endpoint as not requiring CSRF protection. The marking was a member variable in flask-wtf.csrf.CSRFProtect,...

6.1CVSS6AI score0.00124EPSS
Exploits0References4
OSV
OSV
added 2026/05/07 1:15 a.m.3 views

GHSA-G924-CJX7-2RJW Gotenberg allows Chromium URL conversion routes to read arbitrary files under /tmp via file:// scheme

Summary The /forms/chromium/convert/url and /forms/chromium/screenshot/url routes accept url=file:///tmp/... from anonymous callers. The default Chromium deny-list intentionally exempts file:///tmp/ so HTML/Markdown routes can load their own request-local assets, and those routes apply a...

5.9CVSS5.9AI score0.00251EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/05/04 9:30 p.m.10 views

ArchiveBox Vulnerable to RCE via unvalidated per-crawl config overrides in AddView

The /add/ endpoint AddView in core/views.py accepts a config JSON field that gets merged into the crawl config without validation. This config is exported as environment variables when archive plugins run, allowing injection of arbitrary tool arguments to achieve RCE. When PUBLICADDVIEW=True comm...

9.8CVSS6.6AI score0.00404EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/04/29 8:36 p.m.4 views

GHSA-MCVF-JXCW-VJ73 CKAN has CSRF exemption primed by anonymous requests

Views can be marked as exempt from CSRF protection Access to the views via tokens or unauthenticated requests marked the endpoint as not requiring CSRF protection. The marking was a member variable in flask-wtf.csrf.CSRFProtect, which was stored as a module level variable in the flaskapp...

6.1CVSS5.8AI score0.00124EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/03/28 12:24 a.m.8 views

SUSE CVE-2026-33621

PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab v0.7.7 through v0.8.4 contain incomplete request-throttling protections for auth-checkable endpoints. In v0.7.7 through v0.8.3, a fully implemented RateLimitMiddleware existed in...

4.8CVSS5.8AI score0.00308EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/26 8:42 p.m.1 views

CVE-2026-33621

PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab v0.7.7 through v0.8.4 contain incomplete request-throttling protections for auth-checkable endpoints. In v0.7.7 through v0.8.3, a fully implemented RateLimitMiddleware existed in...

4.8CVSS5.8AI score0.00308EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/26 8:42 p.m.1 views

CVE-2026-33621 PinchTab: Unapplied Rate Limiting Middleware Allows Unbounded Brute-Force of API Token

PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab v0.7.7 through v0.8.4 contain incomplete request-throttling protections for auth-checkable endpoints. In v0.7.7 through v0.8.3, a fully implemented RateLimitMiddleware existed in...

4.8CVSS5.8AI score0.00308EPSS
Exploits1References3
CVE
CVE
added 2026/03/26 8:42 p.m.9 views

CVE-2026-33621

CVE-2026-33621 concerns PinchTab, a local HTTP server that exposes auth-checkable endpoints to AI agents. Public documents describe a history of incomplete request-throttling protections in versions 0.7.7–0.8.4: the RateLimitMiddleware existed but was not wired into the production handler chain, ...

6.5CVSS5.8AI score0.00308EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/03/26 8:42 p.m.7 views

CVE-2026-33621 PinchTab: Unapplied Rate Limiting Middleware Allows Unbounded Brute-Force of API Token

PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab v0.7.7 through v0.8.4 contain incomplete request-throttling protections for auth-checkable endpoints. In v0.7.7 through v0.8.3, a fully implemented RateLimitMiddleware existed in...

4.8CVSS6.3AI score0.00308EPSS
Exploits1References5
The Hacker News
The Hacker News
added 2026/03/25 7:11 a.m.12 views

FCC Bans New Foreign-Made Routers Over Supply Chain and Cyber Risk Concerns

The U.S. Federal Communications Commission FCC said on Monday that it was banning the import of new, foreign-made consumer routers, citing "unacceptable" risks to cyber and national security. The action was designed to safeguard Americans and the underlying communications networks the country...

5.9AI score
Exploits0
Rows per page
Query Builder