Lucene search
K

33 matches found

OSV
OSV
added 2026/05/21 12:0 p.m.10 views

RUSTSEC-2026-0149 WASI path_open(TRUNCATE) bypasses `FilePerms::WRITE` host restriction

This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-2r75-cxrj-cmph For more information see the GitHub-hosted security advisory...

7.5CVSS5.8AI score0.00357EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/04/09 11:29 p.m.4 views

SUSE CVE-2026-5901

Insufficient policy enforcement in DevTools in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to bypass enterprise host restrictions for cookie modification via a crafted Chrome Extension. Chromium security severity: Low...

6.5CVSS7.3AI score0.00139EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/09 12:32 a.m.3 views

EUVD-2026-20725

Insufficient policy enforcement in DevTools in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to bypass enterprise host restrictions for cookie modification via a crafted Chrome Extension. Chromium security severity: Low...

5.9AI score0.00139EPSS
Exploits0References3
CVE
CVE
added 2026/04/08 9:20 p.m.17 views

CVE-2026-5901

CVE-2026-5901 concerns insufficient policy enforcement in Chrome/Chromium DevTools, enabling a user-assisted attacker who installs a malicious extension to bypass enterprise host restrictions for cookie modification. The issue affects Chrome/Chromium builds prior to version 147.0.7727.55, with ad...

6.5CVSS5.9AI score0.00139EPSS
Exploits0References2Affected Software1
AlpineLinux
AlpineLinux
added 2026/04/08 9:20 p.m.5 views

CVE-2026-5901

Insufficient policy enforcement in DevTools in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to bypass enterprise host restrictions for cookie modification via a crafted Chrome Extension. Chromium security severity: Low...

6.5CVSS8.3AI score0.00139EPSS
Exploits0
Cvelist
Cvelist
added 2026/03/27 1:47 p.m.25 views

CVE-2026-32695 Traefik has Knative Ingress Rule Injection that Allows Host Restriction Bypass

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 3.6.11 and 3.7.0-ea.2, Traefik's Knative provider builds router rules by interpolating user-controlled values into backtick-delimited rule expressions without escaping. In live cluster validation, Knative rules.hosts was...

6.3CVSS0.00463EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/03/03 1:37 p.m.5 views

CVE-2026-3431

On SimStudio version below to 0.5.74, the MongoDB tool endpoints accept arbitrary connection parameters from the caller without authentication or host restrictions. An attacker can leverage these endpoints to connect to any reachable MongoDB instance and perform unauthorized operations including...

9.8CVSS6AI score0.00352EPSS
Exploits0References1
NVD
NVD
added 2026/03/02 1:16 p.m.7 views

CVE-2026-3431

On SimStudio version below to 0.5.74, the MongoDB tool endpoints accept arbitrary connection parameters from the caller without authentication or host restrictions. An attacker can leverage these endpoints to connect to any reachable MongoDB instance and perform unauthorized operations including...

9.8CVSS0.00352EPSS
Exploits0References1
OSV
OSV
added 2026/03/02 1:16 p.m.5 views

CVE-2026-3431

On SimStudio version below to 0.5.74, the MongoDB tool endpoints accept arbitrary connection parameters from the caller without authentication or host restrictions. An attacker can leverage these endpoints to connect to any reachable MongoDB instance and perform unauthorized operations including...

9.8CVSS5.9AI score
Exploits0References1
Veracode
Veracode
added 2026/02/05 8:36 a.m.6 views

Server-Side Request Forgery (SSRF)

vllm is vulnerable to a Server-Side Request Forgery SSRF. The vulnerability is due to inconsistent URL parsing and hostname validation in the MediaConnector class when processing user-supplied media URLs, which allows an attacker to bypass host restrictions and coerce the vLLM server into making...

7.1CVSS5.7AI score0.00528EPSS
Exploits1References15Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/29 12:0 a.m.5 views

PT-2026-31519

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 147.0.7727.55 Description A flaw exists in the Google Chrome DevTools web development toolkit's data protection mechanism. Successful exploitation could allow a remote attacker to bypass security restrictions by...

9.6CVSS5.8AI score0.00608EPSS
Exploits0References65
RedhatCVE
RedhatCVE
added 2026/01/28 3:7 a.m.6 views

CVE-2026-24779

A flaw was found in vLLM, an inference and serving engine for large language models LLMs. A Server-Side Request Forgery SSRF vulnerability exists in the MediaConnector class, specifically within the loadfromurl and loadfromurlasync methods. An attacker can exploit differing interpretations of...

7.1CVSS5.9AI score0.00528EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/01/09 12:35 p.m.12 views

CVE-2023-49932

An issue was discovered in Couchbase Server before 7.2.4. An attacker can bypass SQL++ N1QL cURL host restrictions...

5.4CVSS7AI score0.0053EPSS
Exploits0References1
OSV
OSV
added 2025/07/11 12:17 p.m.3 views

OESA-2025-1759 sudo security update

Sudo is a program designed to allow a sysadmin to give limited root privileges to users and log root activity. The basic philosophy is to give as few privileges as possible but still allow people to get their work done. Security Fixes: Sudo before 1.9.17p1, when used with a sudoers file that...

9.3CVSS7AI score0.47467EPSS
Exploits77References3
Tenable Nessus
Tenable Nessus
added 2025/07/01 12:0 a.m.26 views

Ubuntu 22.04 LTS / 24.04 LTS / 24.10 / 25.04 : Sudo vulnerabilities (USN-7604-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 24.10 / 25.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7604-1 advisory. Rich Mirch discovered that Sudo incorrectly handled the host option. In environments where per-host rules are configured in t...

9.3CVSS6.9AI score0.47467EPSS
Exploits77References3
Ubuntu
Ubuntu
added 2025/06/30 5:1 p.m.8 views

USN-7604-2: Sudo vulnerability

USN-7604-1 fixed CVE-2025-32462 in sudo. This update provides the corresponding fixes for Ubuntu 20.04 LTS, Ubuntu 18.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 14.04 LTS. Original advisory details: Rich Mirch discovered that Sudo incorrectly handled the host option. In environments where per-host rule...

8.8CVSS6.7AI score0.03239EPSS
Exploits12
Ubuntu
Ubuntu
added 2025/06/30 2:47 p.m.37 views

USN-7604-1: Sudo vulnerabilities

Rich Mirch discovered that Sudo incorrectly handled the host option. In environments where per-host rules are configured in the sudoers file, a local attacker could use this issue to bypass the host restrictions. CVE-2025-32462 Rich Mirch discovered that Sudo incorrectly handled the chroot option...

9.3CVSS7AI score0.47467EPSS
Exploits77
OSV
OSV
added 2024/02/29 1:41 a.m.5 views

CVE-2023-49932

An issue was discovered in Couchbase Server before 7.2.4. An attacker can bypass SQL++ N1QL cURL host restrictions...

5.4CVSS5.8AI score0.0053EPSS
Exploits0References3
NVD
NVD
added 2024/02/29 1:41 a.m.10 views

CVE-2023-49932

An issue was discovered in Couchbase Server before 7.2.4. An attacker can bypass SQL++ N1QL cURL host restrictions...

5.4CVSS6.6AI score0.0053EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2024/02/29 1:41 a.m.3 views

CVE-2023-49932

An issue was discovered in Couchbase Server before 7.2.4. An attacker can bypass SQL++ N1QL cURL host restrictions...

5.4CVSS5.8AI score0.0053EPSS
Exploits0References4
Rows per page
Query Builder