Lucene search
+L

13820 matches found

ATTACKERKB
ATTACKERKB
added 2026/07/03 8:35 p.m.7 views

CVE-2026-57991

Improper link resolution before file access 'link following' in Microsoft Edge Chromium-based allows an unauthorized attacker to disclose information over a network...

7.4CVSS5.9AI score0.00745EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/07/03 6:16 p.m.5 views

Cross-site Request Forgery (CSRF)

Overview webpack-dev-server is an Uses webpack with a development server that provides live reloading. It should be used for development only. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the open-editor and invalidate endpoints. An attacker can open...

5.3CVSS6AI score0.00116EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/03 5:0 p.m.44 views

CVE-2026-14620 webpack-dev-server vulnerable to cross-site request forgery via internal developer endpoints

webpack-dev-server versions 5.2.5 and earlier expose two internal developer endpoints, /webpack-dev-server/open-editor and /webpack-dev-server/invalidate, that perform state-changing actions on any GET request without verifying that the request originated from the dev server's own page. Any websi...

4.7CVSS0.00116EPSS
Exploits0References2
CVE
CVE
added 2026/07/03 5:0 p.m.45 views

CVE-2026-14620

webpack-dev-server prior to 5.2.6 exposes two internal endpoints (/webpack-dev-server/open-editor and /webpack-dev-server/invalidate) that perform state-changing actions on any GET request without origin verification. This enables cross-origin interactions when a user visits any website while the...

4.7CVSS6.1AI score0.00116EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/07/03 5:0 p.m.4 views

CVE-2026-14620 webpack-dev-server vulnerable to cross-site request forgery via internal developer endpoints

webpack-dev-server versions 5.2.5 and earlier expose two internal developer endpoints, /webpack-dev-server/open-editor and /webpack-dev-server/invalidate, that perform state-changing actions on any GET request without verifying that the request originated from the dev server's own page. Any websi...

4.7CVSS6.1AI score0.00116EPSS
Exploits0References4
NVD
NVD
added 2026/07/03 1:17 p.m.6 views

CVE-2026-46468

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper link resolution before file access 'Link following' vulnerabilit...

4.4CVSS0.00133EPSS
Exploits0References1
OSV
OSV
added 2026/07/02 9:14 p.m.5 views

GHSA-RH62-J648-G5QC Recce server has unauthenticated SQL execution that allows local file read/write through DuckDB

Impact Recce OSS server deployments that expose the server to an untrusted network without authentication are vulnerable to unauthenticated SQL execution through the query run API. When Recce is configured with a DuckDB-backed project, an attacker can use DuckDB filesystem primitives to read and...

7.8CVSS5.9AI score
Exploits0References3
OSV
OSV
added 2026/07/02 2:13 p.m.9 views

PYSEC-2026-740 Improper Restriction of XML External Entity Reference in trytond and proteus

An XXE issue was discovered in Tryton Application Platform Server 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform Command Line Client proteus 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. An authenticated user...

6.5CVSS6.1AI score0.01374EPSS
Exploits1References10
Microsoft CVE
Microsoft CVE
added 2026/07/02 2:0 p.m.9 views

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

Improper link resolution before file access 'link following' in Microsoft Edge Chromium-based allows an unauthorized attacker to disclose information over a network...

7.4CVSS5.9AI score0.00745EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/07/02 5:30 a.m.13 views

CVE-2026-47214

A flaw was found in Docling, a document processing tool. Its HTML backend contained vulnerabilities related to unsafe handling of Uniform Resource Identifiers URIs and file paths. This could allow an attacker to access local files, navigate outside of intended directories path traversal, and...

7.1CVSS5.8AI score0.00217EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.13 views

PT-2026-55458

Name of the Vulnerable Software and Affected Versions Recce versions prior to 1.50.0 Description Recce OSS server deployments exposed to untrusted networks without authentication allow unauthenticated SQL execution via the query run API endpoint. When configured with a DuckDB-backed project, an...

7.8CVSS6.2AI score
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.11 views

PT-2026-55623

Name of the Vulnerable Software and Affected Versions Microsoft Edge Chromium-based affected versions not specified Description Improper link resolution before file access, also known as link following, allows an unauthorized attacker to disclose information over a network. Recommendations At the...

7.4CVSS5.8AI score0.00745EPSS
Exploits0References7
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/01 9:30 p.m.11 views

Security Bulletin: Nomad vulnerable to arbitrary file read/write on client host through symlink attack

Summary HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink attack. This vulnerability CVE-2026-6959 is fixed in Nomad 2.0.1, 1.11.5 and 1.10.11. Vulnerability Details CVEID:CVE-2026-695...

6CVSS5.9AI score0.00169EPSS
Exploits0Affected Software1
Snyk
Snyk
added 2026/07/01 7:1 p.m.6 views

Unprotected Alternate Channel

Overview repomix is an A tool to pack repository contents to single file for AI consumption Affected versions of this package are vulnerable to Unprotected Alternate Channel through the attachpackedoutput process. An attacker can access sensitive information from arbitrary local .json, .txt, .md,...

6.9CVSS6AI score0.00169EPSS
Exploits0References2
OSV
OSV
added 2026/07/01 6:10 p.m.3 views

CVE-2026-53489 containerd: Arbitrary host CRI log file read via symlink following in CRI checkpoint restore

containerd is an open-source container runtime. Versions prior to 2.3.2, 2.2.5 and 2.1.9 contain a bug where the CRI plugin restores container.log from a checkpoint image without validating a symlinked path. This could result in reading an arbitrary file on the host via kubectl logs. This issue h...

8.2CVSS6AI score0.00208EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/01 6:10 p.m.8 views

CVE-2026-53489

containerd is an open-source container runtime. Versions prior to 2.3.2, 2.2.5 and 2.1.9 contain a bug where the CRI plugin restores container.log from a checkpoint image without validating a symlinked path. This could result in reading an arbitrary file on the host via kubectl logs. This issue h...

8.2CVSS5.9AI score0.00208EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/07/01 6:10 p.m.59 views

CVE-2026-53489

CVE-2026-53489 affects containerd CRI: when checkpoint restore occurs, the CRI plugin may read a host file by following a symlink for container.log. Vulnerable versions are prior to 2.3.2, 2.2.5 and 2.1.9. Impact described as arbitrary host file read via kubectl logs, with LOCAL attack potential ...

8.2CVSS5.9AI score0.00208EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/07/01 6:10 p.m.40 views

CVE-2026-53489 containerd: Arbitrary host CRI log file read via symlink following in CRI checkpoint restore

containerd is an open-source container runtime. Versions prior to 2.3.2, 2.2.5 and 2.1.9 contain a bug where the CRI plugin restores container.log from a checkpoint image without validating a symlinked path. This could result in reading an arbitrary file on the host via kubectl logs. This issue h...

8.2CVSS0.00208EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/07/01 6:10 p.m.10 views

CVE-2026-53489

containerd is an open-source container runtime. Versions prior to 2.3.2, 2.2.5 and 2.1.9 contain a bug where the CRI plugin restores container.log from a checkpoint image without validating a symlinked path. This could result in reading an arbitrary file on the host via kubectl logs. This issue h...

8.2CVSS5.9AI score0.00208EPSS
Exploits0
EUVD
EUVD
added 2026/07/01 4:53 p.m.10 views

EUVD-2026-41090

Keras versions up to and including 3.13.2 are vulnerable to an arbitrary HDF5 file read due to an incomplete fix for CVE-2026-1669. The vulnerability resides in the H5IOStore.verifydataset and fileeditor.py methods, which fail to check the dataset.isvirtual property of HDF5 datasets. This allows ...

7.5CVSS6.2AI score0.00298EPSS
Exploits0References2
Rows per page
Query Builder