Lucene search
K

42657 matches found

CVE
CVE
added 1 hour ago5 views

CVE-2026-6790

In Eclipse Jetty, HTTP/1 requests to HTTP/1.3 (HTTP/2/3 included) do not enforce that the request authority (host and port) matches the Host header when present. This mismatch can affect URI redirects, virtual host selection, reverse proxying, and logs. The issue is described across CVE sources (...

5.3CVSS6.1AI score
Exploits0References1
EUVD
EUVD
added 10 hours ago4 views

EUVD-2026-43540

OpenClaw versions before 2026.6.1 contain a flaw in host exec environment filtering that could allow Git ext transport to be abused. When the affected feature is enabled and reachable, a lower-trust caller or configured input path could execute or persist actions beyond the caller's intended...

8.8CVSS6.2AI score
Exploits0References3
EUVD
EUVD
added 10 hours ago4 views

EUVD-2026-43539

OpenClaw versions before 2026.6.6 contain a flaw in host exec environment filtering that can miss interpreter startup variables. When the affected feature is enabled and reachable, a lower-trust caller or configured input path can supply crafted environment variables to execute or persist actions...

8.8CVSS6.2AI score
Exploits0References3
EUVD
EUVD
added yesterday5 views

EUVD-2026-43499

The Apache Airflow Git provider runs its git-over-SSH operations with StrictHostKeyChecking=no by default, disabling SSH host-key verification. An attacker who can intercept the network path between an Airflow worker and the Git server can impersonate the server man-in-the-middle, capturing the S...

8.1CVSS6.1AI score
Exploits0References2
CVE
CVE
added yesterday13 views

CVE-2026-58065

The CVE affects the Apache Airflow Git provider when performing git-over-SSH operations with StrictHostKeyChecking=no, which disables SSH host-key verification and enables MITM risk between an Airflow worker and the Git server. Deployments that clone over SSH using a deploy key or involve the Git...

8.1CVSS6.1AI score
Exploits0References3Affected Software1
RedHat Linux
RedHat Linux
added yesterday5 views

podman: Podman: Information disclosure via malicious container image environment variables

A flaw was found in Podman, a tool for managing OCI containers and pods. A malicious container image can be crafted with an environment variable that has a key but no value, or an asterisk , to trick Podman. This vulnerability causes Podman to pass host environment variables into the container...

7.5CVSS6AI score0.0026EPSS
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday4 views

Malicious code in abuden219 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1de0c667d7c3cbfd4c96728443db8ac059d53487498341bd937cf2aaf738574a The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday4 views

Malicious code in ishowfeet19 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 18bc2a7c89f862926aab27d42ebc31ed5c39f90197170a9b87e1dca9ecf933f5 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday4 views

Malicious code in abuden2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 01fc679091d0bd079249822993efce7f3ed4ef7d032c73f9aa730a6259f76cb6 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday4 views

Malicious code in imillegal4 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0e410fdca18f0aedc18130966449a52dce6ecc481c6d8c7b823764f09146d625 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday3 views

Malicious code in imillegal1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 85b8bddd4b8345bfaacf5ad511276da43344de0033bc312123620aa6cc6e4366 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday3 views

Malicious code in crazynut (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 99acc5fd6f39abd90d81467df8fe55d92230edd286a12d9f628ad6f9c1c34a9a The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday4 views

Malicious code in kuaishou (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fd1d5daf09cc7bfff164e60bf5abd0a1b374b5bb616f0a78cac8f6c6ea613608 The package's prepare lifecycle script, which runs automatically on npm install, collects host, user, and platform identifiers along with the full...

6.1AI score
Exploits0References4
Nuclei
Nuclei
added yesterday78 views

DomainMOD 4.13.0 - Cross-Site Scripting

DomainMOD 4.13.0 is vulnerable to cross-site scripting via reporting/domains/cost-by-owner.php in the "or Expiring Between" parameter. id: CVE-2020-20988 info: name: DomainMOD 4.13.0 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.13.0 is vulnerable to...

5.4CVSS6.1AI score0.01331EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday73 views

Vite Dev Server - Information Exposure

Vite is a frontend tooling framework for JavaScript. Before versions 6.3.4, 6.2.7, 6.1.6, 5.4.19, and 4.5.14, the contents of files in the project root that are denied by a file matching pattern can be returned to the browser. Only apps explicitly exposing the Vite dev server to the network using...

6CVSS6.2AI score0.01077EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday14 views

Astro SSR - Server-Side Request Forgery

Astro before 5.17.3 and @astrojs/node before 9.5.4 are vulnerable to full-read SSRF due to improper Host header validation in error page rendering, allowing attackers to redirect requests and access internal resources. id: CVE-2026-25545 info: name: Astro SSR - Server-Side Request Forgery author:...

8.6CVSS6.1AI score0.01414EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday12 views

Starlette - Improper Validation of Unsafe Equivalence in Input

A flaw was found in Starlette, a lightweight ASGI Asynchronous Server Gateway Interface framework. A remote attacker could exploit this vulnerability by sending a specially crafted HTTP Host request header. This malformed header could cause the request.url to be incorrectly reconstructed, leading...

6.5CVSS6.6AI score0.01438EPSS
Exploits2References2
Nuclei
Nuclei
added yesterday58 views

modoboa 2.0.4 - Admin TakeOver

Authentication Bypass by Primary Weakness in GitHub repository modoboa/modoboa prior to 2.0.4. id: CVE-2023-0777 info: name: modoboa 2.0.4 - Admin TakeOver author: r3Y3r53 severity: critical description: | Authentication Bypass by Primary Weakness in GitHub repository modoboa/modoboa prior to...

9.8CVSS7AI score0.15088EPSS
Exploits4References4
Nuclei
Nuclei
added yesterday58 views

Emlog Pro v2.1.14 - Cross-Site Scripting

Cross Site Scripting XSS vulnerability in Emlog Pro v2.1.14 via /admin/store.php. id: CVE-2023-41621 info: name: Emlog Pro v2.1.14 - Cross-Site Scripting author: ritikchaddha severity: medium description: | Cross Site Scripting XSS vulnerability in Emlog Pro v2.1.14 via /admin/store.php. impact: ...

6.1CVSS6.4AI score0.01146EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday92 views

TIBCO JasperReports Library - Directory Traversal

The default server implementation of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports Library Community Edition, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for...

9.9CVSS6.9AI score0.79064EPSS
Exploits4References5
Rows per page
Query Builder