Lucene search
K

3078 matches found

EUVD
EUVD
added 7 hours ago3 views

EUVD-2026-43645

In Eclipse Jetty, a first HTTP/1.1 request with trailers causes the server to retain the trailers in subsequent requests performed over the same connection. Subsequent request that do not have trailers report the trailers of the first request. Subsequent request that do have trailers report the...

6.9CVSS6.1AI score
Exploits0References1
Cvelist
Cvelist
added 7 hours ago4 views

CVE-2026-10051

In Eclipse Jetty, a first HTTP/1.1 request with trailers causes the server to retain the trailers in subsequent requests performed over the same connection. Subsequent request that do not have trailers report the trailers of the first request. Subsequent request that do have trailers report the...

6.9CVSS
Exploits0References1
The Hacker News
The Hacker News
added 8 hours ago10 views

U.S. Sanctions First VPN Service and Malware Cryptor Seller Over Ransomware Support

The U.S. Treasury Department's Office of Foreign Assets Control OFAC has designated two individuals and a VPN service provider for enabling ransomware actors' and other cybercriminals' malicious activities, including ransomware attacks against Americans. The VPN, named First VPN Service 1VPNS, ha...

6.1AI score
Exploits0
EUVD
EUVD
added 15 hours ago5 views

EUVD-2026-43563

luci-app-banip contains a log parsing vulnerability where the awk-based parser extracts the first IPv4 address from log lines regardless of field position, allowing attackers to inject arbitrary IPs via attacker-controlled fields like usernames. An unauthenticated remote attacker can inject an IP...

8.7CVSS6.2AI score
Exploits0References4
Cvelist
Cvelist
added yesterday27 views

CVE-2026-15547 Shibby Tomato CIFS Mount sub_2D048 os command injection

A weakness has been identified in Shibby Tomato up to 1.28.0000. This affects the function sub2D048 of the component CIFS Mount Handler. Executing a manipulation of the argument cifs1/cifs2 can lead to os command injection. The attack can be executed remotely. The exploit has been made available ...

6.5CVSS0.0105EPSS
Exploits0References5
OSV
OSV
added yesterday2 views

MAL-2026-10403 Malicious code in @iana-rzms/bff-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b7adbad0c719aec3345c5aa16b3435e8621f4a81b5a0e0cf0e0d979509e5d21f Package published to the public @iana-rzms scope as a dependency-confusion squat targeting an internal ICANN namespace. The preinstall lifecycle scri...

6.1AI score
Exploits0References1
Nuclei
Nuclei
added yesterday46 views

Webmin < 1.920 - Authenticated Remote Code Execution

rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialisevariable makes an eval call. NOTE: the WebminServersIndex documentation states "RPC can be used to run any command or modify any file on a server, which is why access to it must...

8.8CVSS7.1AI score0.38038EPSS
Exploits4References5
Positive Technologies
Positive Technologies
added yesterday4 views

PT-2026-57886

Name of the Vulnerable Software and Affected Versions luci-app-banip versions 0 through 0.11.1 Description A log parsing flaw exists where the awk-based parser extracts the first IPv4 address from log lines regardless of its field position. This allows an unauthenticated remote attacker to inject...

8.7CVSS6.2AI score
Exploits0References5
NVD
NVD
added 4 days ago4 views

CVE-2026-55881

OpenReplay is a self-hosted session replay suite. From 1.22.0 before 1.27.0, getFirstMob returned 15-second presigned S3 download URLs for a session's DOM-replay recording based solely on the session path parameter, while validateProjectAccess checked only that the project belonged to the...

7.1CVSS0.00246EPSS
Exploits0References4
CVE
CVE
added 4 days ago7 views

CVE-2026-55881

OpenReplay (self-hosted session replay) versions affected: 1.22.0 – 1.27.0. The vulnerability arises in getFirstMob where 15-second presigned S3 download URLs for a session’s DOM-replay recording were generated based only on the session path, while validateProjectAccess only checked tenant owners...

7.1CVSS6.1AI score0.00246EPSS
Exploits0References4
OSV
OSV
added 4 days ago3 views

CVE-2026-55881 OpenReplay: Cross-tenant session replay disclosure via missing session ownership check in first-mob endpoint

OpenReplay is a self-hosted session replay suite. From 1.22.0 before 1.27.0, getFirstMob returned 15-second presigned S3 download URLs for a session's DOM-replay recording based solely on the session path parameter, while validateProjectAccess checked only that the project belonged to the...

7.1CVSS6.1AI score0.00246EPSS
Exploits0References6
Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-55881 OpenReplay: Cross-tenant session replay disclosure via missing session ownership check in first-mob endpoint

OpenReplay is a self-hosted session replay suite. From 1.22.0 before 1.27.0, getFirstMob returned 15-second presigned S3 download URLs for a session's DOM-replay recording based solely on the session path parameter, while validateProjectAccess checked only that the project belonged to the...

7.1CVSS0.00246EPSS
Exploits0References4
NVD
NVD
added 5 days ago7 views

CVE-2026-54003

Kirby is an open-source content management system. Prior to 4.9.4 and from 5.4.4, Kirby sites with no configured user accounts that run on publicly accessible servers behind a reverse proxy setting the Forwarded, X-Client-IP, or X-Real-IP request header could allow remote attackers to install the...

9.1CVSS0.00545EPSS
Exploits0References8
Cvelist
Cvelist
added 5 days ago35 views

CVE-2026-54003 Kirby: External Initialization of the Panel on reverse proxy setups with the `Forwarded` header

Kirby is an open-source content management system. Prior to 4.9.4 and from 5.4.4, Kirby sites with no configured user accounts that run on publicly accessible servers behind a reverse proxy setting the Forwarded, X-Client-IP, or X-Real-IP request header could allow remote attackers to install the...

9.1CVSS0.00545EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 5 days ago6 views

CVE-2026-54003

Kirby is an open-source content management system. Prior to 4.9.4 and from 5.4.4, Kirby sites with no configured user accounts that run on publicly accessible servers behind a reverse proxy setting the Forwarded, X-Client-IP, or X-Real-IP request header could allow remote attackers to install the...

9.1CVSS6AI score0.00545EPSS
Exploits0References9Affected Software1
CVE
CVE
added 5 days ago21 views

CVE-2026-54003

Summary of CVE-2026-54003 (Kirby CMS) : Affected Kirby installations with no configured user accounts, running behind a reverse proxy that sets Forwarded, X-Client-IP, or X-Real-IP headers could allow remote attackers to install the Panel and create the first admin user. This occurs on releases p...

9.1CVSS6AI score0.00545EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 6 days ago4 views

CVE-2026-59997

A flaw was found in OpenSSH. The internal-sftp component within sshd incorrectly processes command-line arguments, recognizing only the first nine. This limitation can prevent the application of intended security configurations for SFTP SSH File Transfer Protocol connections, potentially leading ...

5.4CVSS5.9AI score0.00177EPSS
Exploits0References6
EUVD
EUVD
added 6 days ago6 views

EUVD-2026-42175

The Bulk Order Update for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 1.6. This is due to the bouwfetchcsvdata AJAX handler being registered on the wpajaxnopriv hook with no capability or nonce check, and passing the attacker-supplied...

5.3CVSS6.1AI score0.00333EPSS
Exploits0References4
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-42139

internal-sftp in sshd in OpenSSH before 10.4 recognizes only the first 9 command-line arguments, which can be important if a later command-line argument would have helped to ensure the intended security properties of an SFTP connection...

4.2CVSS6AI score0.00177EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.9 views

PT-2026-56065

Name of the Vulnerable Software and Affected Versions Coder versions prior to 2.34.2 Coder versions prior to 2.33.8 Coder versions prior to 2.32.7 Coder versions prior to 2.29.17 Description Two flaws in the OIDC login process allow for account takeover. The first issue occurs when email-based us...

7.4CVSS6AI score0.00479EPSS
Exploits0References14
Rows per page
Query Builder