Lucene search
+L

507 matches found

Github Security Blog
Github Security Blog
added 2026/05/11 3:54 p.m.31 views

Next.js has a Middleware / Proxy bypass through dynamic route parameter injection

Impact Applications that rely on middleware to protect dynamic routes can be vulnerable to authorization bypass. In affected deployments, specially crafted query parameters can alter the dynamic route value seen by the page while leaving the visible path unchanged, which can allow protected conte...

8.1CVSS5.8AI score0.00496EPSS
Exploits2References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/08 11:47 p.m.12 views

epa4all-client has a VAU Signature bypass

Impact In SignedPublicKeysTrustValidatorImpl.isTrusted, the ECDSA signature verification at line 45 discards the boolean return value of Signature.verify. The method performs certificate chain validation, OCSP check, and signature algorithm setup, but never checks whether the signature actually...

8.1CVSS5.8AI score0.00121EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/05/08 7:43 p.m.76 views

GHSA-45M8-CPM2-3V65 Open WebUI: Stale Admin Role in Socket.IO Session Pool Enables Post-Demotion Cross-User Note Access

Stale Admin Role in Socket.IO Session Pool Enables Post-Demotion Cross-User Note Access Affected Component Socket.IO session state and role-check callsites: - backend/openwebui/socket/main.py lines 330-351, connect handler — role snapshotted into SESSIONPOOL - backend/openwebui/socket/main.py lin...

8.1CVSS5.8AI score0.00284EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.20 views

PT-2026-39308

Name of the Vulnerable Software and Affected Versions epa4all-client affected versions not specified Description A signature bypass exists in the isTrusted function of the SignedPublicKeysTrustValidatorImpl class. The ECDSA signature verification process discards the boolean return value of the...

8.1CVSS5.8AI score0.00121EPSS
Exploits0References8
OSV
OSV
added 2026/05/07 9:30 p.m.15 views

GHSA-P64J-F4X9-WQ66 Ech0's OAuth redirect URI validation ignores path component, enables exchange-code theft

Summary parseAndValidateClientRedirect at internal/service/auth/auth.go:448 validates OAuth client-redirect URIs by comparing only scheme and host against the admin-configured allowlist. Path, query, and fragment are ignored. The initiator at /oauth/:provider/login embeds the caller-supplied...

8CVSS5.9AI score
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/07 3:0 a.m.8 views

CVE-2026-41669 Admidio: SAML Signature Validation Result Ignored — Forged AuthnRequests and LogoutRequests Processed

Admidio is an open-source user management solution. Prior to version 5.0.9, the Admidio SAML Identity Provider implementation discards the return value of its validateSignature method at both call sites handleSSORequest line 418 and handleSLORequest line 613. The method returns error strings on...

8.2CVSS5.7AI score0.00191EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/28 6:9 p.m.35 views

CVE-2026-41377 OpenClaw < 2026.3.31 - Fail-Open Security Scan Bypass in Plugin Installation

OpenClaw before 2026.3.31 contains a fail-open vulnerability in the plugin installation flow where security scan failures do not block installation. Attackers can exploit scan failures to install untrusted plugins when operators proceed despite visible scan warnings...

5.1CVSS0.00231EPSS
Exploits0References6
OSV
OSV
added 2026/04/28 6:9 p.m.2 views

CVE-2026-41377 OpenClaw < 2026.3.31 - Fail-Open Security Scan Bypass in Plugin Installation

OpenClaw before 2026.3.31 contains a fail-open vulnerability in the plugin installation flow where security scan failures do not block installation. Attackers can exploit scan failures to install untrusted plugins when operators proceed despite visible scan warnings...

5.1CVSS5.9AI score0.00231EPSS
Exploits0References8
NVD
NVD
added 2026/04/28 8:16 a.m.10 views

CVE-2026-4911

The Booking Package plugin for WordPress is vulnerable to Price Manipulation in versions up to, and including, 1.7.06 This is due to the intentForStripe function passing user-controlled $POST'amount' directly to the Stripe PaymentIntent API without validation, and the commitStripe function ignori...

5.3CVSS0.00308EPSS
Exploits0References10
EUVD
EUVD
added 2026/04/27 10:0 p.m.6 views

EUVD-2026-25931

A weakness has been identified in ChatGPTNextWeb NextChat up to 2.16.1. This affects the function storeUrl of the file app/api/artifacts/route.ts of the component Artifacts Endpoint. This manipulation of the argument ID causes server-side request forgery. It is possible to initiate the attack...

7.5CVSS7.1AI score0.00344EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2026/04/26 1:0 p.m.8 views

CVE-2026-7042

A flaw has been found in 666ghj MiroFish up to 0.1.2. This affects the function createapp of the file backend/app/init.py of the component REST API Endpoint. Executing a manipulation can lead to missing authentication. It is possible to launch the attack remotely. The exploit has been published a...

7.5CVSS7AI score0.00383EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/22 6:31 p.m.12 views

Duplicate Advisory: uutils coreutils has an Incorrect Provision of Specified Functionality Issue in its cut Utility

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-pmfc-4wjj-gmhx. This link is maintained to preserve external references. Original Description A logic error in the cut utility of uutils coreutils causes the utility to ignore the -s only-delimited flag when usi...

3.3CVSS6AI score0.00182EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/22 4:9 p.m.3 views

CVE-2026-35381 uutils coreutils cut Local Logic Error and Data Integrity Issue in Output Filtering

A logic error in the cut utility of uutils coreutils causes the utility to ignore the -s only-delimited flag when using the -z null-terminated and -d '' empty delimiter options together. The implementation incorrectly routes this specific combination through a specialized newline-delimiter code...

3.3CVSS5.8AI score0.00182EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.9 views

uutils coreutils 安全漏洞

uutils coreutils is a cross-platform core command-line toolset developed by Uutils Open Source. There is a security vulnerability in uutils coreutils, which stems from a logical error in the cut command. When the -z and -d options are used simultaneously, the -s flag is ignored, potentially leadi...

3.3CVSS5.8AI score0.00182EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2026/04/20 12:48 a.m.7 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS5.8AI score0.00728EPSS
Exploits0References8
Hacker One
Hacker One
added 2026/04/17 6:59 p.m.78 views

curl: libcurl omits IPv6 zoneid from host identity and leaks credentials/cookies across scoped link-local realms

Summary: libcurl omits the IPv6 zoneid component from multiple security-sensitive host identity decisions even though the connection layer still routes by zoneid. As a result, two distinct scoped/link-local destinations such as fe80::X%zoneA and fe80::X%zoneB are treated as the same host by...

7.5CVSS6.7AI score0.02794EPSS
Exploits1
Cvelist
Cvelist
added 2026/04/10 8:19 p.m.20 views

CVE-2026-40191 ClearanceKit has a policy bypass via dual-path Endpoint Security events checking only source path

ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to 5.0.4-beta-1f46165, ClearanceKit's Endpoint Security event handler only checked the source path of dual-path file operations against File Access Authorization FAA rules and App Jail...

6.8CVSS0.00115EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/10 3:34 p.m.7 views

Vikunja Missing Authorization on CalDAV Task Read

Summary The CalDAV GetResource and GetResourcesByList methods fetch tasks by UID from the database without verifying that the authenticated user has access to the task's project. Any authenticated CalDAV user who knows or guesses a task UID can read the full task data from any project on the...

4.3CVSS5.9AI score0.00216EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2026/04/10 9:31 a.m.3 views

GHSA-HWQH-2684-54FC Spring Cloud Gateway's SSL bundle configuration silently bypassed

When configuring SSL bundles in Spring Cloud Gateway by using the configuration property spring.ssl.bundle, the configuration was silently ignored and the default SSL configuration was used instead. Note: The 4.2.x branch is no longer under open source support. If you are using Spring Cloud...

7.5CVSS5.8AI score0.00217EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/04/10 7:32 a.m.3 views

CVE-2026-22750 SSL bundle configuration silently bypassed in Spring Cloud Gateway

When configuring SSL bundles in Spring Cloud Gateway by using the configuration property spring.ssl.bundle, the configuration was silently ignored and the default SSL configuration was used instead. Note: The 4.2.x branch is no longer under open source support. If you are using Spring Cloud...

7.5CVSS5.8AI score0.00217EPSS
Exploits0References1
Rows per page
Query Builder