Lucene search
+L

3438 matches found

Nuclei
Nuclei
added yesterday22 views

Adminer 4.6.2 - 5.4.1 Unauthenticated Persistent DoS

Adminer = 5.4.1 contains a denial of service caused by lack of origin validation in version check endpoint, letting attackers trigger server errors via crafted POST requests, exploit requires no special privileges. id: CVE-2026-25892 info: name: Adminer 4.6.2 - 5.4.1 Unauthenticated Persistent Do...

7.5CVSS5.2AI score0.01586EPSS
Exploits1References2
NVD
NVD
added 4 days ago3 views

CVE-2026-15738

Incorrect behavior order in the Gateway API listener-rule generation in Amazon AWS Load Balancer Controller before 3.4.2 might allow an authenticated remote user to intercept, spoof, or deny another namespace's gRPC traffic on a shared Gateway via a crafted HTTPRoute resource. To mitigate this...

8.5CVSS0.00373EPSS
Exploits0References2
OSV
OSV
added 4 days ago4 views

CVE-2026-15738 Cross-namespace traffic interception via incorrect route precedence ordering in AWS Load Balancer Controller

Incorrect behavior order in the Gateway API listener-rule generation in Amazon AWS Load Balancer Controller before 3.4.2 might allow an authenticated remote user to intercept, spoof, or deny another namespace's gRPC traffic on a shared Gateway via a crafted HTTPRoute resource. To mitigate this...

5.8CVSS6.2AI score0.00373EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 4 days ago10 views

CVE-2026-50722

A flaw was found in Libreswan's implementation of IKEv2 authentication when processing signatures utilizing the RSASSA-PKCS1-v15 scheme. The RSAauthenticatehashsignaturepkcs115rsa function does not correctly validate the DER encoding of the ASN.1 digest. A remote, unauthenticated attacker could...

8.1CVSS6.1AI score0.00352EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 4 days ago7 views

PT-2026-58291

Name of the Vulnerable Software and Affected Versions SonicWall SMA1000 affected versions not specified Description A Server-side request forgery SSRF issue exists in the Work Place interface. This allows a remote unauthenticated attacker to force the appliance to make requests to unintended...

10CVSS7.2AI score0.01266EPSS
Exploits4References81
Cvelist
Cvelist
added 5 days ago36 views

CVE-2026-59245 Apache Airflow FAB provider: FAB auth manager: a DAG named "DAGs" hijacks the global all-DAGs permission (access_control privilege escalation via resource_name() collision)

In the Apache Airflow FAB auth manager, a DAG whose dagid is DAGs collided with the global all-DAGs permission resource name produced by resourcename, so a user granted per-DAG accesscontrol on that one DAG was silently granted the global all-DAGs permission privilege escalation. The escalation...

0.0036EPSS
Exploits0References2
NVD
NVD
added 5 days ago7 views

CVE-2026-15522

A security flaw has been discovered in tugcantopaloglu godot-mcp 2.0.0. Affected by this vulnerability is the function validatePath of the file build/index.js of the component runproject. The manipulation of the argument projectPath results in path traversal. Attacking locally is a requirement. T...

5.3CVSS0.00137EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/07/10 9:29 p.m.6 views

CVE-2026-47261

A flaw was found in Wasmtime, a runtime for WebAssembly. This vulnerability allows an attacker to bypass intended access controls when a filesystem preopen is configured with read-only file permissions but also allows directory mutations. By using specific open flags, an attacker can truncate fil...

7.5CVSS6AI score0.00357EPSS
Exploits0References8
OSV
OSV
added 2026/07/09 12:54 p.m.3 views

OESA-2026-2949 tomcat security update

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Security Fixes: Improper Neutralization of...

9.1CVSS6AI score0.02569EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2026/07/09 6:47 a.m.6 views

CVE-2026-15163

A flaw was found in Wireshark. A local user could trigger multiple protocol dissector infinite loops by providing specially crafted network traffic for analysis. This could lead to a Denial of Service DoS condition, making the application unresponsive. Mitigation To mitigate this issue, users...

7.5CVSS5.9AI score0.00187EPSS
Exploits0References8
Snyk
Snyk
added 2026/07/08 10:38 p.m.5 views

Injection

Overview github.com/nats-io/nats-server/v2/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Injection in the MQTT SUBSCRIBE handling, which forwards protocol control characters from...

7.1CVSS6.2AI score0.00441EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.10 views

PT-2026-56668

Name of the Vulnerable Software and Affected Versions Drupal Commerce guest registration affected versions not specified Description A security issue exists in the guest registration process of Drupal Commerce. Recommendations At the moment, there is no information about a newer version that...

6.1AI score0.00508EPSS
Exploits0References4
OSV
OSV
added 2026/07/07 11:45 a.m.3 views

PYSEC-2026-1516 Server-Side Request Forgery in langchain-community.retrievers.web_research.WebResearchRetriever

A Server-Side Request Forgery SSRF vulnerability exists in the Web Research Retriever component in langchain-community langchain-community.retrievers.webresearch.WebResearchRetriever. The vulnerability arises because the Web Research Retriever does not restrict requests to remote internet...

4.8CVSS6.7AI score0.00691EPSS
Exploits1References8
HPE Security Bulletins
HPE Security Bulletins
added 2026/07/07 12:0 a.m.6 views

HPESBNW05038 rev.1 - HPE Networking Instant On Switch Remote Unauthenticated Disclosure of Cryptographic Secrets

Potential Security Impact: Local: Access Restriction Bypass SUPPORTED SOFTWARE VERSIONS: ONLY impacted versions are listed. Aruba Instant On 1930 Switch Series - Please refer to the Vulnerability Summary for Affected Version Information Affected Products HPE Networking Instant On 1830, 1930, and...

6.5CVSS6.1AI score0.00277EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.7 views

PT-2026-56301

Name of the Vulnerable Software and Affected Versions @better-auth/oauth-provider versions 1.6.0 through 1.6.10 better-auth versions 1.4.8-beta.7 through 1.5.x Description The @better-auth/oauth-provider POST /oauth2/token endpoint is susceptible to a race condition during the refresh token grant...

8.1CVSS6.1AI score0.00413EPSS
Exploits0References7
OSV
OSV
added 2026/07/06 4:18 p.m.5 views

BIT-TOMCAT-2026-55957 Apache Tomcat: Authentication bypass with JNDIRealm and GSSAPI authenticated bind

Missing Critical Step in Authentication vulnerability in Apache Tomcat when the JNDIRealm was configured to authenticate binds using GSSAPI allowed attackers to authenticate without provided the correct password. This issue affects Apache Tomcat: from 11.0.0 through 11.0.4, from 10.1.0 through...

7.3CVSS6AI score0.00462EPSS
Exploits0References3
OSV
OSV
added 2026/07/06 4:18 p.m.5 views

BIT-TOMCAT-2026-55956 Apache Tomcat: Security constraints for default servlet ignored method

Improper Authorization vulnerability in Apache Tomcat leads to security constraints specified for the default servlet ignoring any method or method omission configured as part of the constraint. This issue affects Apache Tomcat: from 11.0.0 through 11.0.22, from 10.1.0 through 10.1.55, from 9.0.0...

6.5CVSS5.9AI score0.0041EPSS
Exploits0References3
OSV
OSV
added 2026/07/06 4:18 p.m.5 views

BIT-TOMCAT-2026-50229 Apache Tomcat: XSS in number guess example

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in the number guess example for Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0 through 11.0.22, from 10.1.0 through 10.1.55, from 9.0.0 through 9.0.118, from 8.5.0 through 8.5.100, from 7.0.0...

6.1CVSS5.9AI score0.02569EPSS
Exploits1References3
NVD
NVD
added 2026/07/06 9:16 a.m.13 views

CVE-2026-56140

Improper Input Validation vulnerability in Apache Camel AWS SNS component. The camel-aws2-sns component filters Camel headers through a component-specific HeaderFilterStrategy, Sns2HeaderFilterStrategy. Like the sibling Sqs2HeaderFilterStrategy, it originally configured only an outbound filter...

9.8CVSS0.00427EPSS
Exploits0References1
NVD
NVD
added 2026/07/06 9:16 a.m.6 views

CVE-2026-46456

Improper Input Validation vulnerability in Apache Camel AWS2-SQS Component. The camel-aws2-sqs component map inbound message attributes into the Camel Exchange through a component-specific HeaderFilterStrategy. Sqs2HeaderFilterStrategy configured only an outbound filter setOutFilterPattern, which...

9.8CVSS0.00472EPSS
Exploits0References2
Rows per page
Query Builder