Lucene search
K

37 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.8 views

EulerOS Virtualization 2.13.0 : util-linux (EulerOS-SA-2026-2420)

According to the versions of the util-linux packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU Time-of-Check- Time-of-Use vulnerabilit...

5.3CVSS5.5AI score0.00436EPSS
Exploits1References3
OSV
OSV
added 2026/05/27 7:56 a.m.3 views

SUSE-SU-2026:2083-1 Security update for rsync

This update for rsync fixes the following issues - CVE-2026-29518: Symlink-Race TOCTOU in Daemon bsc1264511. - CVE-2026-41035: count of entries mismatch can lead to a use-after-free bsc1262223. - CVE-2026-43617: Authorization Bypass via Hostname Resolution bsc1264515. - CVE-2026-43618: Integer...

9.8CVSS7AI score0.72059EPSS
Exploits9References27
Tenable Nessus
Tenable Nessus
added 2026/05/26 12:0 a.m.12 views

SUSE SLES12 Security Update : rsync (SUSE-SU-2026:2048-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2048-1 advisory. This update for rsync fixes the following issues - CVE-2026-29518: Symlink-Race TOCTOU in Daemon bsc1264511. - CVE-2026-43617: Authorization...

9.8CVSS5.9AI score0.72059EPSS
Exploits9References40
OSV
OSV
added 2026/05/25 1:55 p.m.6 views

SUSE-SU-2026:2048-1 Security update for rsync

This update for rsync fixes the following issues - CVE-2026-29518: Symlink-Race TOCTOU in Daemon bsc1264511. - CVE-2026-43617: Authorization Bypass via Hostname Resolution bsc1264515. - CVE-2026-43618: Integer Overflow Information Disclosure bsc1264512. - CVE-2026-43620: Out-of-Bounds Array Read...

9.8CVSS7AI score0.72059EPSS
Exploits9References27
OSV
OSV
added 2026/05/21 1:33 p.m.5 views

SUSE-SU-2026:2038-1 Security update for rsync

This update for rsync fixes the following issues - CVE-2026-29518: Symlink-Race TOCTOU in Daemon bsc1264511. - CVE-2026-41035: Count of entries mismatch can lead to a use-after-free bsc1262223 - CVE-2026-43617: Authorization Bypass via Hostname Resolution bsc1264515. - CVE-2026-43618: Integer...

9.8CVSS7AI score0.72059EPSS
Exploits9References29
Cvelist
Cvelist
added 2026/05/12 2:9 p.m.42 views

CVE-2026-42260 Open-WebSearch: SSRF in `fetchWebContent` MCP tool: bracketed IPv6 literals and non-resolving hostname check bypass `isPrivateOrLocalHostname`

Open-WebSearch is a multi-engine MCP server, CLI, and local daemon for agent web search and content retrieval. Prior to 2.1.7, isPublicHttpUrl / assertPublicHttpUrl in src/utils/urlSafety.ts do not recognize bracketed IPv6 literals and do not resolve DNS, which combine to allow non-blind SSRF wit...

8.2CVSS0.00215EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.9 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.10 contained security vulnerabilities. These vulnerabilities were due to browser navigation strategies that involved server-side request forgeing, which potentially allowed...

6.3CVSS5.8AI score0.00199EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/17 12:0 a.m.4 views

SUSE SLED15: libblkid-devel / libblkid-devel-static / libblkid1 / etc (SUSE-SU-2026:1406-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1406-1 advisory. Security issue: - CVE-2026-3184: access control bypass due to improper hostname canonicalization in login bsc1258859. N...

5.3CVSS5.9AI score0.00436EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/03/12 8:52 a.m.2 views

SUSE CVE-2026-29777

Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.10, A tenant with write access to an HTTPRoute resource can inject backtick-delimited rule tokens into Traefik's router rule language via unsanitized header or query parameter match values. In shared gateway deployments, this can...

6.5CVSS5.8AI score0.00277EPSS
Exploits0References4
NCSC
NCSC
added 2026/03/12 7:46 a.m.6 views

Vulnerabilities fixed in Fortinet FortiWeb

Fortinet has fixed vulnerabilities in FortiWeb Versions 7.0 to 8.0.1. The vulnerabilities include an ability for remote unauthenticated attackers to bypass hostname restrictions, an OS command injection vulnerability within the FortiWeb API, and the ability to bypass authentication rate-limits...

8.1CVSS6.2AI score0.01667EPSS
Exploits0References6
Snyk
Snyk
added 2026/03/11 6:44 p.m.3 views

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via unsanitized header or query parameter match values in the HTTPRoute resource. An attacker can bypass listener hostname constraints and...

7.6CVSS5.8AI score0.00277EPSS
Exploits0References2
NVD
NVD
added 2026/03/11 4:16 p.m.6 views

CVE-2026-29777

Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.10, A tenant with write access to an HTTPRoute resource can inject backtick-delimited rule tokens into Traefik's router rule language via unsanitized header or query parameter match values. In shared gateway deployments, this can...

6.5CVSS0.00277EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2026/03/11 3:54 p.m.2 views

CVE-2026-29777

Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.10, A tenant with write access to an HTTPRoute resource can inject backtick-delimited rule tokens into Traefik's router rule language via unsanitized header or query parameter match values. In shared gateway deployments, this can...

6.5CVSS5.8AI score0.00277EPSS
Exploits0References2
OSV
OSV
added 2026/03/10 6:17 p.m.6 views

CVE-2025-48840

An authentication bypass by spoofing vulnerability in Fortinet FortiWeb 7.6.0 through 7.6.3, FortiWeb 7.4.0 through 7.4.8, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow a remote unauthenticated attacker to bypass hostname restrictions via a specially crafted request...

5.3CVSS5.8AI score0.00459EPSS
Exploits0References1
NVD
NVD
added 2026/03/03 11:16 a.m.4 views

CVE-2025-59060

Hostname verification bypass issue in Apache Ranger NiFiRegistryClient/NiFiClient is reported in Apache Ranger versions = 2.7.0. Users are recommended to upgrade to version 2.8.0, which fixes this issue...

5.3CVSS0.00329EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/03 10:46 a.m.31 views

CVE-2025-59060 Apache Ranger: Hostname verification bypass in NiFiRegistryClient and NifiClient

Hostname verification bypass issue in Apache Ranger NiFiRegistryClient/NiFiClient is reported in Apache Ranger versions = 2.7.0. Users are recommended to upgrade to version 2.8.0, which fixes this issue...

0.00329EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/09 12:0 a.m.5 views

Craft CMS 代码问题漏洞

Craft CMS is an open-source content management system developed by Craft CMS. There were code vulnerabilities in the versions of Craft CMS from 3.5.0 to 4.16.17, and from 5.0.0-RC1 to 5.8.21. These vulnerabilities stemmed from a GraphQL mutation in the saveimagesAsset function, which could be...

6.5CVSS5.9AI score0.00419EPSS
Exploits1References3
GithubExploit
GithubExploit
added 2025/12/25 4:42 p.m.212 views

Exploit for Incorrect Authorization in Sudo_Project Sudo

CVE-2025-32462 – Sudo Hostname Bypass Privilege Escalation !...

8.8CVSS7.5AI score0.03239EPSS
Exploits12
EUVD
EUVD
added 2025/12/10 9:31 p.m.4 views

EUVD-2025-202627

A Server-Side Request Forgery SSRF vulnerability was discovered in the webpage-to-markdown conversion feature of markdownify-mcp v0.0.2 and before. This vulnerability allows an attacker to bypass private IP restrictions through hostname-based bypass and HTTP redirect chains, enabling access to...

6.4AI score0.00442EPSS
Exploits1References3
OSV
OSV
added 2025/12/10 9:16 p.m.4 views

CVE-2025-65512

A Server-Side Request Forgery SSRF vulnerability was discovered in the webpage-to-markdown conversion feature of markdownify-mcp v0.0.2 and before. This vulnerability allows an attacker to bypass private IP restrictions through hostname-based bypass and HTTP redirect chains, enabling access to...

7.5CVSS5.8AI score0.00442EPSS
Exploits1References2
Rows per page
Query Builder