7636 matches found
CVE-2026-34287
Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware component: Core. The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Identity Manager...
CVE-2026-22021
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 a...
CVE-2026-22021
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 a...
CVE-2026-22021
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 a...
CVE-2026-22021
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 a...
PT-2026-34069
Vulnerability in the XML Database component of Oracle Database Server. Supported versions that are affected are 23.4.0-23.26.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise XML Database. Successful attacks require human interaction...
CVE-2026-33472
Cryptomator is an open-source client-side encryption application for cloud storage. Version 1.19.1 contains a logic flaw in CheckHostTrustController.getAuthority that allows an attacker to bypass the security fix for CVE-2026-32303. The method hardcodes the URI scheme based on port number, causin...
CLSA-2026-1776682775 libsoup: Fix of CVE-2026-5119
CVE-2026-5119: fix cleartext transmission of cookies to HTTP proxy in tunnelconnect CONNECT request for HTTPS targets...
CLSA-2026-1776681849 libsoup: Fix of CVE-2026-5119
CVE-2026-5119: fix cleartext transmission of cookies to HTTP proxy in tunnelconnect CONNECT request for HTTPS targets...
DEBIAN-CVE-2026-40490
The AsyncHttpClient AHC library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. When redirect following is enabled followRedirecttrue, versions of AsyncHttpClient prior to 3.0.9 and 2.14.5 forward Authorization and Proxy-Authorization headers...
CVE-2026-40490
AsyncHttpClient (as described in GHSA-CMXV-58FP-FM3G) leaks Authorization and Proxy-Authorization headers, plus Realm credentials, to cross-origin redirect targets when followRedirect is enabled. An attacker controlling the redirect target can capture credentials. Upgrade to version 3.0.9 where t...
Insufficiently Protected Credentials
Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials in the advertisedReferences function. The headers - including Authorization headers - from an initial /info/refs request are forwarded to redirect targets. An attacker can obtain authentication...
CVE-2026-33337
creationtimestamp| type| source ---|---|--- 2026-04-17 19:20:51+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mjpngcrnnp2l 2026-04-17 21:22:46+00:00| seen| Telegram/o-uTgZiWLI4DGr-3Qx2v6r5S9u58WJIjtqdTFR62kB0PIWs...
Cisco Unity Connection Arbitrary File Download (cisco-sa-unity-file-download-RmKEVWPx)
According to its self-reported version, Cisco Unity Connection is affected by multiple arbitrary file download vulnerabilities: - Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker to download arbitrary files from an affected system. To exploit these...
Cleartext Transmission of Sensitive Information
Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Cleartext Transmission of Sensitive Information through the AccountService in account.service.ts. An attacker can cause password reset, verification, registration, and invite emails to contain http:// links...
Flowise: SSRF Protection Bypass via Unprotected Built-in HTTP Modules in Custom Function Sandbox
Summary A Server-Side Request Forgery SSRF protection bypass vulnerability exists in the Custom Function feature. While the application implements SSRF protection via HTTPDENYLIST for axios and node-fetch libraries, the built-in Node.js http, https, and net modules are allowed in the NodeVM sandb...
GHSA-XHMJ-RG95-44HV Flowise: SSRF Protection Bypass via Unprotected Built-in HTTP Modules in Custom Function Sandbox
Summary A Server-Side Request Forgery SSRF protection bypass vulnerability exists in the Custom Function feature. While the application implements SSRF protection via HTTPDENYLIST for axios and node-fetch libraries, the built-in Node.js http, https, and net modules are allowed in the NodeVM sandb...
CVE-2026-33472
Cryptomator is an open-source client-side encryption application for cloud storage. Version 1.19.1 contains a logic flaw in CheckHostTrustController.getAuthority that allows an attacker to bypass the security fix for CVE-2026-32303. The method hardcodes the URI scheme based on port number, causin...
CVE-2026-40500
creationtimestamp| type| source ---|---|--- 2026-04-15 22:19:41+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjkwif2xh32o...
EUVD-2026-22956
Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker to download arbitrary files from an affected system. To exploit these vulnerabilities, the attacker must have valid administrative credentials. These vulnerabilities are due to improper sanitization o...