Lucene search
K

34879 matches found

RedHat Linux
RedHat Linux
added 2 days ago5 views

kernel: netfilter: nft_inner: Fix IPv6 inner_thoff desync

A flaw was found in the Linux kernel's netfilter subsystem, specifically within the nftinner module. This vulnerability arises from an incorrect handling of IPv6 inner packet processing, where the transport header offset innerthoff becomes desynchronized from the Layer 4 protocol l4proto. A remot...

9.1CVSS7.2AI score0.00302EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2 days ago5 views

kernel: ipv6: rpl: reserve mac_len headroom when recompressed SRH grows

A flaw was found in the Linux kernel. A local attacker can exploit an out-of-bounds write vulnerability when the kernel recomputes an IPv6 Source Routing Header SRH. This issue occurs because insufficient headroom is reserved during the recompression process, leading to memory corruption...

9.8CVSS7AI score0.00475EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2 days ago8 views

google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation

A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 :path pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed :path that omits the mandato...

9.1CVSS6.7AI score0.01557EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2 days ago6 views

CVE-2026-53540

Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.31, parseform did not validate the Content-Length header before using it to bound its chunked read of the request body. A negative Content-Length turned the bounded read into a read-until-EOF, so the entire body was loaded...

3.7CVSS5.8AI score0.00217EPSS
Exploits0References4
NVD
NVD
added 2 days ago7 views

CVE-2026-12127

The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Improper Neutralization of CRLF Sequences 'CRLF Injection' in all versions up to, and including, 1.10.2 This is due to getreplytoaddress processing the Reply-To...

5.3CVSS0.00343EPSS
Exploits0References11
CVE
CVE
added 2 days ago7 views

CVE-2026-12127

WPForms – Easy Form Builder for WordPress (WordPress plugin WPForms Lite) versions up to 1.10.2 are vulnerable to CRLF header injection in outgoing notification emails. The root cause is improper neutralization of CRLF sequences: get_reply_to_address() expands the Reply-To display name with conte...

5.3CVSS5.9AI score0.00343EPSS
Exploits0References11
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-40907

The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Improper Neutralization of CRLF Sequences 'CRLF Injection' in all versions up to, and including, 1.10.2 This is due to getreplytoaddress processing the Reply-To...

5.3CVSS5.9AI score0.00343EPSS
Exploits0References11
Cvelist
Cvelist
added 2 days ago35 views

CVE-2026-12127 WPForms <= 1.10.2 - Improper Neutralization of CRLF Sequences to Unauthenticated Email Header Injection via Reply-To Display Name

The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Improper Neutralization of CRLF Sequences 'CRLF Injection' in all versions up to, and including, 1.10.2 This is due to getreplytoaddress processing the Reply-To...

5.3CVSS0.00343EPSS
Exploits0References11
Nuclei
Nuclei
added 2 days ago15 views

LiteLLM - SQL Injection

LiteLLM 1.81.16 to 1.83.7 contains a SQL injection caused by improper handling of caller-supplied key in database query during proxy API key checks, letting unauthenticated attackers read and modify database data, exploit requires crafted Authorization header. id: CVE-2026-42208 info: name: LiteL...

9.8CVSS6.2AI score0.84518EPSS
Exploits7References3
Cvelist
Cvelist
added 2 days ago34 views

CVE-2026-14191 WinRAR / UnRAR RAR5 recovery-volume (.rev) out-of-bounds heap write in RecVolumes5::ReadHeader

An out-of-bounds heap write exists in the RAR5 recovery-volume .rev parser in WinRAR and UnRAR RecVolumes5::ReadHeader in recvol5.cpp. The RecItems vector is sized only when the first .rev file in a set is processed; subsequent .rev files supply an independent RecNum value that is validated again...

7.8CVSS0.00286EPSS
Exploits0References2
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-40427

Capgo before 12.128.2 contains a broken object level authorization vulnerability in middlewareKey that accepts the client-controlled x-limited-key-id header without validating ownership, allowing authenticated users to adopt cross-tenant limited keys. Attackers can supply another tenant's limited...

8.8CVSS5.8AI score0.00322EPSS
Exploits0References3
EUVD
EUVD
added 2 days ago3 views

EUVD-2025-210393

Hono before 4.10.2 fixed in 4.10.3 contains a flaw in its CORS middleware: when the origin is not set to "", the middleware copies the Vary header from the incoming request into the response. Because Vary is a response header that should be managed by the server, an attacker can supply arbitrary...

6.9CVSS5.9AI score0.0028EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2 days ago7 views

kernel: ipv6: rpl: reserve mac_len headroom when recompressed SRH grows

A flaw was found in the Linux kernel. A local attacker can exploit an out-of-bounds write vulnerability when the kernel recomputes an IPv6 Source Routing Header SRH. This issue occurs because insufficient headroom is reserved during the recompression process, leading to memory corruption...

9.8CVSS7AI score0.00475EPSS
Exploits0References5
OSV
OSV
added 3 days ago2 views

BIT-GHOST-2026-53943 Ghost: Cache-poisoning XSS in Ghost frontend via x-ghost-preview header

Ghost is a Node.js content management system. From until 6.37.0, when Ghost is behind a shared caching layer that results in cached content being shared between different visitors, an unauthenticated user could send an x-ghost-preview header that altered the rendered frontend response. In affecte...

9.6CVSS5.8AI score0.00244EPSS
Exploits0References2
NVD
NVD
added 3 days ago5 views

CVE-2026-56230

Capgo before 12.128.2 contains a broken object level authorization vulnerability in middlewareKey that accepts the client-controlled x-limited-key-id header without validating ownership, allowing authenticated users to adopt cross-tenant limited keys. Attackers can supply another tenant's limited...

8.8CVSS0.00322EPSS
Exploits0References2
NVD
NVD
added 3 days ago4 views

CVE-2026-54673

electron-updater allows for automatic updates for Electron apps. Prior to 9.7.0, the HTTP redirect handler HttpExecutor.prepareRedirectUrlOptions only stripped a credential header whose key string matched exactly lowercase "authorization", exposing credentials. Other credential-bearing headers —...

8.2CVSS0.00235EPSS
Exploits0References2
NVD
NVD
added 3 days ago4 views

CVE-2025-71381

Hono before 4.10.2 fixed in 4.10.3 contains a flaw in its CORS middleware: when the origin is not set to "", the middleware copies the Vary header from the incoming request into the response. Because Vary is a response header that should be managed by the server, an attacker can supply arbitrary...

6.9CVSS0.0028EPSS
Exploits0References2
Cvelist
Cvelist
added 3 days ago24 views

CVE-2026-54673 electron-updater: Cross-origin redirect leaks `PRIVATE-TOKEN` and mixed-case `Authorization` credentials in `builder-util-runtime`

electron-updater allows for automatic updates for Electron apps. Prior to 9.7.0, the HTTP redirect handler HttpExecutor.prepareRedirectUrlOptions only stripped a credential header whose key string matched exactly lowercase "authorization", exposing credentials. Other credential-bearing headers —...

8.2CVSS0.00235EPSS
Exploits0References2
CVE
CVE
added 3 days ago6 views

CVE-2026-54673

The CVE affects electron-updater (builder-util-runtime component) prior to version 9.7.0. The root cause is that HttpExecutor.prepareRedirectUrlOptions only stripped a credential header named exactly the lowercase string “authorization.” Other credential-bearing headers, notably PRIVATE-TOKEN and...

8.2CVSS5.7AI score0.00235EPSS
Exploits0References2
Cvelist
Cvelist
added 3 days ago22 views

CVE-2026-56230 Capgo - Broken Object Level Authorization via x-limited-key-id Header

Capgo before 12.128.2 contains a broken object level authorization vulnerability in middlewareKey that accepts the client-controlled x-limited-key-id header without validating ownership, allowing authenticated users to adopt cross-tenant limited keys. Attackers can supply another tenant's limited...

8.8CVSS0.00322EPSS
Exploits0References2
Rows per page
Query Builder