Lucene search
+L

505 matches found

CNNVD
CNNVD
added 2026/04/10 12:0 a.m.9 views

Apache Log4j 安全漏洞

Apache Log4j is an open-source logging tool based on Java, developed by the Apache Foundation in the United States. Versions of Apache Log4j Core 2.25.3 and earlier contain security vulnerabilities. These vulnerabilities stem from the silent ignoring of the verifyHostName configuration property,...

6.3CVSS5.8AI score0.00395EPSS
Exploits0References5
OSV
OSV
added 2026/04/09 8:28 p.m.5 views

GHSA-9HFR-GW99-8RHX bsv-sdk ARC broadcaster treats INVALID/MALFORMED/ORPHAN responses as successful broadcasts

ARC broadcaster treats failure statuses as successful broadcasts Summary BSV::Network::ARC's failure detection only recognises REJECTED and DOUBLESPENDATTEMPTED. ARC responses with txStatus values of INVALID, MALFORMED, MINEDINSTALEBLOCK, or any ORPHAN-containing extraInfo / txStatus are silently...

7.5CVSS5.7AI score0.00266EPSS
Exploits0References8
Spring Security Advisories
Spring Security Advisories
added 2026/04/09 12:0 a.m.8 views

SSL bundle configuration silently bypassed in Spring Cloud Gateway

When configuring SSL bundles in Spring Cloud Gateway by using the configuration property spring.ssl.bundle , the configuration was silently ignored and the default SSL configuration was used instead...

7.5CVSS5.8AI score0.00217EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/07 11:1 p.m.4 views

CVE-2026-35181

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the player skin configuration endpoint at admin/playerUpdate.json.php does not validate CSRF tokens. The plugins table is explicitly excluded from the ORM's domain-based security check via ignoreTableSecurityCheck, removing...

4.3CVSS5.9AI score0.00134EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.6 views

PT-2026-31063

Name of the Vulnerable Software and Affected Versions Root.Chmod affected versions not specified Description On Linux, if the target of Root.Chmod is replaced with a symlink during a chmod operation, the operation can affect the symlink's target, even if that target is outside the root directory...

9.8CVSS5.8AI score0.00292EPSS
Exploits0
OSV
OSV
added 2026/04/03 9:50 p.m.6 views

GHSA-VC68-257W-M432 OpenEXR: Heap information disclosure in PXR24 decompression via unchecked decompressed size (undo_pxr24_impl)

Summary The PXR24 decompression function undopxr24impl in OpenEXR internalpxr24.c ignores the actual decompressed size outSize returned by exruncompressbuffer and instead reads from the scratch buffer based solely on the expected size uncompressedsize derived from the header metadata. Additionall...

8.7CVSS6AI score0.00482EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/04/03 12:0 a.m.6 views

PT-2026-30285

Severity: Medium CWE: CWE-352 Cross-Site Request Forgery Summary The player skin configuration endpoint at admin/playerUpdate.json.php does not validate CSRF tokens. The plugins table is explicitly excluded from the ORM's domain-based security check via ignoreTableSecurityCheck, removing the only...

4.3CVSS6AI score0.00134EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/04/01 11:0 p.m.7 views

CVE-2026-34381

Admidio is an open-source user management solution. From version 5.0.0 to before version 5.0.8, Admidio relies on admmyfiles/.htaccess to deny direct HTTP access to uploaded documents. The Docker image ships with AllowOverride None in the Apache configuration, which causes Apache to silently igno...

7.5CVSS5.7AI score0.00575EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/03/31 11:10 p.m.4 views

Admidio allows Unauthenticated Access to Role-Restricted documents via neutralized .htaccess

Summary Admidio relies on admmyfiles/.htaccess to deny direct HTTP access to uploaded documents. The Docker image ships with AllowOverride None in the Apache configuration, which causes Apache to silently ignore all .htaccess files. As a result, any file uploaded to the documents module regardles...

7.5CVSS5.9AI score0.00575EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/03/31 11:10 p.m.2 views

GHSA-7FH7-8XQM-3G88 Admidio allows Unauthenticated Access to Role-Restricted documents via neutralized .htaccess

Summary Admidio relies on admmyfiles/.htaccess to deny direct HTTP access to uploaded documents. The Docker image ships with AllowOverride None in the Apache configuration, which causes Apache to silently ignore all .htaccess files. As a result, any file uploaded to the documents module regardles...

7.5CVSS5.9AI score0.00575EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/03/31 8:31 p.m.1 views

CVE-2026-34381

Admidio is an open-source user management solution. From version 5.0.0 to before version 5.0.8, Admidio relies on admmyfiles/.htaccess to deny direct HTTP access to uploaded documents. The Docker image ships with AllowOverride None in the Apache configuration, which causes Apache to silently igno...

7.5CVSS5.7AI score0.00575EPSS
Exploits1References3Affected Software1
RedHat Linux
RedHat Linux
added 2026/03/26 1:40 p.m.25 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS5.8AI score0.0052EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/03/25 11:36 a.m.3 views

CVE-2026-23287

A flaw was found in the Linux kernel's irqchip/sifive-plic component. When an interrupt's affinity setting is changed while a hardware thread hart is still processing the interrupt, the Programmable Interrupt Controller PLIC may ignore the interrupt completion message. This can lead to the...

5.5CVSS5.7AI score0.00123EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/24 6:1 p.m.4 views

CVE-2026-33417 Wallos: Password Reset Tokens Never Expire

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.2, password reset tokens in Wallos never expire. The passwordresets table includes a createdat timestamp column, but the token validation logic never checks it. A password reset token remains valid...

6.5CVSS5.7AI score0.00264EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/03/16 9:17 p.m.8 views

Admidio is Missing CSRF Validation on Role Delete, Activate, and Deactivate Actions

Summary The delete, activate, and deactivate modes in modules/groups-roles/groupsroles.php perform destructive state changes on organizational roles but never validate an anti-CSRF token. The client-side UI passes a CSRF token to callUrlHideElement, which includes it in the POST body, but the...

5.7CVSS6AI score0.0013EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/10 5:16 p.m.5 views

CVE-2026-30964

web-auth/webauthn-lib is an open source set of PHP libraries and a Symfony bundle to allow developers to integrate that authentication mechanism into their web applications. Prior to 5.2.4, when allowedorigins is configured, CheckAllowedOrigins reduces URL-like values to their host component and...

5.4CVSS5.8AI score0.00197EPSS
Exploits1References4Affected Software3
ATTACKERKB
ATTACKERKB
added 2026/03/09 8:16 a.m.2 views

CVE-2025-41759

An administrator may attempt to block all networks by specifying "" or "all" as the network identifier. However, these values are not supported and do not trigger any validation error. Instead, they are silently interpreted as network 0 which results in no networks being blocked at all...

4.9CVSS5.8AI score0.0032EPSS
Exploits0References2
CVE
CVE
added 2026/03/06 11:4 a.m.15 views

CVE-2026-1468

Product: QuickCMS. Vulnerability: Cross-Site Request Forgery (CSRF) across multiple endpoints. An attacker can lure a victim to a crafted site that automatically issues a POST request using the victim’s credentials. Root cause / vector: The software does not implement protections against CSRF on ...

5.1CVSS5.8AI score0.00222EPSS
Exploits0References2
NVD
NVD
added 2026/03/05 10:16 p.m.6 views

CVE-2026-28484

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

0.00049EPSS
Exploits0
CVE
CVE
added 2026/03/05 9:59 p.m.30 views

CVE-2026-28484

OpenClaw contains an option-injection vulnerability in the git-hooks/pre-commit hook in versions prior to 2026.2.15. The hook fails to use a -- separator when piping filenames through xargs to git add, enabling an attacker to inject git flags by supplying maliciously-named files beginning with da...

5.9AI score0.00049EPSS
Exploits0
Rows per page
Query Builder