Lucene search
K

3829 matches found

OSV
OSV
added 2026/06/26 4:36 p.m.4 views

GHSA-72F5-RR8C-R6GR Fluentd is Vulnerable to Server-Side Request Forgery (SSRF) via Placeholder Expansion in `out_http`

The outhttp output plugin allows the use of placeholders such as $tag in the endpoint configuration parameter. It was discovered that if the placeholder value is derived from untrusted user input, an attacker can maliciously control the destination hostname of the outbound HTTP requests made by...

7.2CVSS6AI score0.00449EPSS
Exploits0References3
OSV
OSV
added 2026/06/26 8:29 a.m.2 views

SUSE-SU-2026:22376-1 Security update for google-guest-agent

This update for google-guest-agent fixes the following issues - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2 :path pseudo- header bsc1260264. - CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allo...

10CVSS6.7AI score0.01557EPSS
Exploits1References21
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/26 5:17 a.m.9 views

Malicious code in tw-style-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fc430da42cdbbb83b681be645a2bbc3f3f2a48e0e19d9d3624b4b3e6f9aa7e92 [email protected] was scanned and produced no findings indicative of supply-chain attack behavior. No install-time lifecycle scripts performing...

6AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/26 5:11 a.m.9 views

Malicious code in pino-zod (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 92ceffaf94fc190f70c18587857f2f0a674a9699512eec79f5cf738eefaa54ca Package advertises itself as a pino+zod logging helper but ships content that does not match that purpose: a dist/discordRelayUpload.js module...

6.3AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.12 views

PT-2026-53022

Name of the Vulnerable Software and Affected Versions Nebula Mesh affected versions not specified Description The web UI /ui/ fails to apply per-operator Certificate Authority CA scoping. This allows any authenticated non-admin operator to access, block, or delete resources belonging to other...

8.8CVSS6AI score
Exploits0References4
NVD
NVD
added 2026/06/25 10:17 p.m.9 views

CVE-2026-11703

Missing SNI/ALPN binding on stateful session-ID resumption, which previously skipped the binding check performed for ticket-based resumption. A cached session could be resumed under a different SNI/ALPN than originally negotiated and, where client-authentication policy differs across virtual host...

7.5CVSS0.0021EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-53125

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - md: fix arraystate=clear sysfs deadlock When clear is written to arraystate, mdattrstore breaks sysfs active protection so the array can delete itself from its...

6.2AI score0.00169EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-54297

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. From 1.0.0 until 1.10.6 and 2.14.3,...

7.5CVSS7.1AI score0.00391EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.13 views

PT-2026-52591

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An issue exists where SNI Server Name Indication and ALPN Application-Layer Protocol Negotiation bindings are missing during stateful session-ID resumption. This...

7.5CVSS5.7AI score0.0021EPSS
Exploits0References7
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.11 views

Astra Linux – Vulnerability in libssh

A flaw was discovered in libssh. A remote attacker, by controlling client configuration files or knownhosts files, could create specific hostnames that, when processed by the matchpattern function, could lead to inefficient regular expression backtracking. This could cause timeouts and resource...

5.5CVSS6.5AI score0.00223EPSS
Exploits0References3
OSV
OSV
added 2026/06/24 2:0 p.m.4 views

UBUNTU-CVE-2026-12064

When a user invokes curl using a schemeless URL combined with --proto-default sftp or scp, a disconnect occurs between the tool layer and libcurl. The tool layer incorrectly infers the URL scheme, which erroneously bypasses the initialization of critical SSH security options like...

7.5CVSS6AI score0.00574EPSS
Exploits1References3
OSV
OSV
added 2026/06/24 2:0 p.m.6 views

UBUNTU-CVE-2026-9547

When a libcurl-based application performs transfers via SCP:// or SFTP:// and utilizes the CURLOPTSSHKEYFUNCTION callback, it may silently accept an untrusted server. This vulnerability occurs when a server presents a host key type that does not match the specific key type already recorded for th...

7.4CVSS5.9AI score0.00508EPSS
Exploits1References4
OSV
OSV
added 2026/06/24 8:0 a.m.9 views

CURL-CVE-2026-12064 proto-default skips SSH verification

When a user invokes curl using a schemeless URL combined with --proto-default sftp or scp, a disconnect occurs between the tool layer and libcurl. The tool layer incorrectly infers the URL scheme, which erroneously bypasses the initialization of critical SSH security options like...

7.5CVSS6AI score0.00574EPSS
Exploits1
curl security advisories
curl security advisories
added 2026/06/24 8:0 a.m.13 views

SSH improper host validation

When a libcurl-based application performs transfers via SCP:// or SFTP:// and utilizes the CURLOPTSSHKEYFUNCTION callback, it may silently accept an untrusted server. This vulnerability occurs when a server presents a host key type that does not match the specific key type already recorded for th...

7.4CVSS5.9AI score0.00508EPSS
Exploits1References1Affected Software2
curl security advisories
curl security advisories
added 2026/06/24 8:0 a.m.5 views

proto-default skips SSH verification

When a user invokes curl using a schemeless URL combined with --proto-default sftp or scp, a disconnect occurs between the tool layer and libcurl. The tool layer incorrectly infers the URL scheme, which erroneously bypasses the initialization of critical SSH security options like...

7.5CVSS6AI score0.00574EPSS
Exploits1References1Affected Software2
RedhatCVE
RedhatCVE
added 2026/06/24 7:25 a.m.5 views

CVE-2026-53622

A flaw was found in Traefik, an HTTP reverse proxy and load balancer. This critical vulnerability in Traefik's HTTP/3 QUIC TLS configuration selection allows unauthenticated clients to bypass router-specific mutual Transport Layer Security mTLS enforcement. When HTTP/3 is enabled and a router use...

10CVSS5.9AI score0.0024EPSS
Exploits1References5
EUVD
EUVD
added 2026/06/24 4:37 a.m.10 views

EUVD-2026-38654

An out-of-bounds heap read and integer underflow in the TCP urgent data handling sosendoob in freedesktop.org libslirp version before v4.9.2 on hypervisor host environments e.g., QEMU allows a privileged guest VM attacker root or CAPNETRAW to leak gigabytes of sensitive host-process heap memory v...

6.5CVSS5.9AI score0.00106EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.14 views

PT-2026-51744

Name of the Vulnerable Software and Affected Versions curl affected versions not specified Description A disconnect between the tool layer and libcurl occurs when a user invokes curl with a schemeless URL and the --proto-default option set to sftp or scp. The tool layer incorrectly infers the URL...

7.5CVSS6.1AI score0.00574EPSS
Exploits1References36
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.8 views

PT-2026-51756

Name of the Vulnerable Software and Affected Versions libcurl affected versions not specified Description Applications using libcurl for transfers via SCP:// or SFTP:// that utilize the CURLOPT SSH KEYFUNCTION callback may silently accept an untrusted server. This occurs when a server presents a...

7.5CVSS5.8AI score0.00543EPSS
Exploits3References48
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-51669

Name of the Vulnerable Software and Affected Versions WP Meta SEO versions prior to 4.5.19 Description The plugin is susceptible to Server-Side Request Forgery SSRF, a flaw that allows an attacker to induce the server-side application to make requests to an unintended location. Authenticated user...

6.4CVSS5.9AI score0.00242EPSS
Exploits0References8
Rows per page
Query Builder