Lucene search
K

5450 matches found

IBM Security Bulletins
IBM Security Bulletins
added yesterday5 views

Security Bulletin: IBM SPSS Modeler is affected by multiple vulnerabilities in DataView

Summary IBM SPSS Modeler is affected by multiple vulnerabilities in DataView. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2023-44981 DESCRIPTION: Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer...

9.1CVSS7.5AI score0.02667EPSS
Exploits2Affected Software1
Nuclei
Nuclei
added yesterday81 views

Cockpit Web Console < 360 - Remote Code Execution

Cockpit's remote login feature passes user-supplied hostnames and usernames from the web interface to the SSH client without validation or sanitization. An attacker with network access to the Cockpit web service can craft a single HTTP request to the login endpoint that injects malicious SSH...

9.8CVSS6.9AI score0.142EPSS
Exploits4References3
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday5 views

Malicious code in home-mp-commons (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 885b9dad73e9eeb07a1fcb4a94493ec85573f656f7b9347a8682f56db359cfd6 [email protected] is an empty npm package declared main index.js is absent from the tarball whose sole effect on install is to resolve a single...

6.2AI score
Exploits0References2
RedHat Linux
RedHat Linux
added 2 days ago6 views

crypto/x509: golang: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries

A flaw was found in the crypto/x509 package of golang. This vulnerability allows a remote attacker to cause a Denial of Service DoS by presenting a specially crafted X.509 certificate with a large number of DNS Subject Alternative Name SAN entries. The certificate verification process, specifical...

7.5CVSS6.9AI score0.00939EPSS
Exploits0References8
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-43306

A Server-Side Request Forgery SSRF protection bypass existed in the htmltomarkdown expansion module of misp-modules. The module attempts to prevent requests to loopback, private, link-local, and other restricted IP address ranges. However, IP addresses were compared against the blocked ranges...

8.3CVSS6.1AI score0.00239EPSS
Exploits0References2
CVE
CVE
added 2 days ago14 views

CVE-2026-62143

The CVE-2026-62143 issue affects the html_to_markdown expansion module of misp-modules. An SSRF protection bypass occurred because IPv4-mapped IPv6 addresses were not normalised before checking blocked IP ranges, allowing an authenticated attacker to supply addresses like http://[::ffff:127.0.0.1...

8.3CVSS6.1AI score0.00239EPSS
Exploits0References1
OSV
OSV
added 2 days ago3 views

MAL-2026-10403 Malicious code in @iana-rzms/bff-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b7adbad0c719aec3345c5aa16b3435e8621f4a81b5a0e0cf0e0d979509e5d21f Package published to the public @iana-rzms scope as a dependency-confusion squat targeting an internal ICANN namespace. The preinstall lifecycle scri...

6.1AI score
Exploits0References1
CVE
CVE
added 3 days ago16 views

CVE-2026-61876

LuCI DHCPv6 lease hostnames are not properly encoded before rendering in status pages, enabling stored cross-site scripting. An adjacent attacker can deliver a DHCPv6 Client FQDN containing script tags that execute in the administrator’s browser when viewing DHCP lease pages. Affected: LuCI web i...

9.4CVSS6.2AI score0.002EPSS
Exploits0References2
Cvelist
Cvelist
added 3 days ago35 views

CVE-2026-61876 LuCI DHCPv6 Lease Hostname Stored Cross-Site Scripting

LuCI versions fail to properly encode DHCPv6 lease hostnames before rendering in status tables, allowing adjacent network attackers to inject HTML markup. Attackers can send a DHCPv6 Client FQDN containing script tags that execute in the administrator's browser when viewing DHCP lease pages...

9.4CVSS0.002EPSS
Exploits0References2
NVD
NVD
added 3 days ago5 views

CVE-2026-15487

A vulnerability was found in TRENDnet TEW-821DAP 1.11B03. This impacts the function sub41FBD0 of the file /goform/systemntp of the component Firmware Update Handler. Performing a manipulation of the argument Hostname results in os command injection. The attack may be initiated remotely. The vendo...

6.5CVSS0.0105EPSS
Exploits0References5
NVD
NVD
added 3 days ago6 views

CVE-2026-15486

A vulnerability has been found in TRENDnet TEW-821DAP 1.11B03. This affects the function sub42026C of the file /goform/toolsddns of the component Firmware Update Handler. Such manipulation of the argument hostname/username/password leads to os command injection. The attack can be launched remotel...

6.5CVSS0.0105EPSS
Exploits0References5
CVE
CVE
added 3 days ago18 views

CVE-2026-15487

TRENDnet TEW-821DAP firmware 1.11B03 contains a vulnerability in the Firmware Update Handler: the function sub_41FBD0 in /goform/system_ntp can be abused by manipulating the Hostname argument to cause an OS command injection. The CVE indicates remote execution is possible via a network attack, wi...

6.5CVSS6.5AI score0.0105EPSS
Exploits0References5
EUVD
EUVD
added 3 days ago7 views

EUVD-2026-43209

A vulnerability was found in TRENDnet TEW-821DAP 1.11B03. This impacts the function sub41FBD0 of the file /goform/systemntp of the component Firmware Update Handler. Performing a manipulation of the argument Hostname results in os command injection. The attack may be initiated remotely. The vendo...

6.5CVSS6.5AI score0.0105EPSS
Exploits0References5
Cvelist
Cvelist
added 3 days ago32 views

CVE-2026-15487 TRENDnet TEW-821DAP Firmware Update system_ntp sub_41FBD0 os command injection

A vulnerability was found in TRENDnet TEW-821DAP 1.11B03. This impacts the function sub41FBD0 of the file /goform/systemntp of the component Firmware Update Handler. Performing a manipulation of the argument Hostname results in os command injection. The attack may be initiated remotely. The vendo...

6.5CVSS0.0105EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 3 days ago10 views

PT-2026-57532

Name of the Vulnerable Software and Affected Versions TRENDnet TEW-821DAP version 1.11B03 Description An OS command injection flaw exists in the Firmware Update Handler component. A remote attacker can trigger this issue by manipulating the Hostname argument within the sub 41FBD0 function of the...

6.5CVSS6.7AI score0.0105EPSS
Exploits0References8
Cvelist
Cvelist
added 5 days ago29 views

CVE-2026-56329 Capgo - Cross-Tenant Preview Namespace Collision via Non-Bijective Underscore Decoding

Capgo before 12.128.2 contains a cross-tenant preview namespace collision vulnerability caused by non-bijective decoding of double underscores to dots in preview hostname parsing. Attackers can register app IDs with underscores that collide with other tenants' dotted app IDs, causing preview...

6.4CVSS0.00237EPSS
Exploits0References2
CVE
CVE
added 5 days ago7 views

CVE-2026-56329

CVE-2026-56329 affects Capgo before 12.128.2. The issue arises from non-bijective decoding of double underscores to dots in preview hostname parsing, causing a cross-tenant preview namespace collision. Attackers can register app IDs with underscores that collide with other tenants’ dotted app IDs...

6.4CVSS6.1AI score0.00237EPSS
Exploits0References2
NVD
NVD
added 6 days ago6 views

CVE-2026-33655

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to 0.12.0-alpha.1, the default SSRF protection configuration did not apply IP filtering to hostnames; with ApplyIPFilterForDomain disabled by default, URL validation checked domain allow/blo...

7.7CVSS0.00437EPSS
Exploits0References3
Cvelist
Cvelist
added 6 days ago35 views

CVE-2026-33655 New API: SSRF Protection Bypass via Unresolved Hostname in Notification URLs

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to 0.12.0-alpha.1, the default SSRF protection configuration did not apply IP filtering to hostnames; with ApplyIPFilterForDomain disabled by default, URL validation checked domain allow/blo...

7.7CVSS0.00437EPSS
Exploits0References3
CVE
CVE
added 6 days ago21 views

CVE-2026-33655

The CVE-2026-33655 issue affects New API prior to version 0.12.0-alpha.1 where SSRF protection did not apply IP filtering to hostnames by default due to ApplyIPFilterForDomain being disabled. Authenticated users could configure notification URLs (Webhook, Bark, Gotify) that resolve to internal or...

7.7CVSS5.9AI score0.00437EPSS
Exploits0References3
Rows per page
Query Builder