Lucene search
+L

124 matches found

NVD
NVD
added last week8 views

CVE-2026-55461

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the user edit flow stores url-previous from the attacker-controlled Referer header into Laravel’s intended URL session value and later uses redirect-intended... when redirectoption=back is submitted, allowing Snipe-IT to be used a...

6.1CVSS0.00232EPSS
Exploits0References3
Cvelist
Cvelist
added last week31 views

CVE-2026-55461 Snipe-IT: Open Redirect After User Edit

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the user edit flow stores url-previous from the attacker-controlled Referer header into Laravel’s intended URL session value and later uses redirect-intended... when redirectoption=back is submitted, allowing Snipe-IT to be used a...

6.1CVSS0.00232EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/09 9:4 p.m.38 views

CVE-2026-33803 Junos OS Evolved: A port which has been inadvertently exposed can be reached by an attacker

An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a limited information disclosure and availability impact to the device. Due to a wrong initialization, a process whi...

6.9CVSS0.00354EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/01 12:34 a.m.7 views

EUVD-2026-40417

An unauthenticated attacker can read worklist records from a directory outside the intended per-AE worklist storage area. In a multi-area deployment, this can cross departmental or clinic data separation...

8.8CVSS5.7AI score0.00374EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/30 9:7 p.m.39 views

CVE-2026-58450 Invoice Ninja 5.13.26 - Open Redirect in Client Portal Login via intended Parameter

Invoice Ninja through 5.13.26 contains an open redirect vulnerability in the client portal login that allows unauthenticated attackers to redirect authenticated victims to attacker-controlled external URLs by injecting a malicious value into the intended query parameter. Attackers can craft a...

5.3CVSS0.00176EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/30 9:7 p.m.6 views

CVE-2026-58450 Invoice Ninja 5.13.26 - Open Redirect in Client Portal Login via intended Parameter

Invoice Ninja through 5.13.26 contains an open redirect vulnerability in the client portal login that allows unauthenticated attackers to redirect authenticated victims to attacker-controlled external URLs by injecting a malicious value into the intended query parameter. Attackers can craft a...

5.3CVSS5.8AI score0.00176EPSS
Exploits0References2
CVE
CVE
added 2026/06/30 9:7 p.m.16 views

CVE-2026-58450

Invoice Ninja 5.13.26 contains an open redirect in the client portal login. An unauthenticated attacker can craft a login link with a malicious external URL in the intended parameter, which is stored in the user session without host validation and emitted verbatim via a bare redirect in ContactLo...

5.3CVSS5.8AI score0.00176EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.11 views

PT-2026-53994

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An unauthenticated attacker can perform a directory traversal to read worklist records from a directory outside the intended per-AE worklist storage area. In...

8.8CVSS5.8AI score0.00374EPSS
Exploits0References7
NVD
NVD
added 2026/06/12 10:16 a.m.15 views

CVE-2026-11844

The iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has a Arbitrary File Read vulnerability, allowing privileged remote attackers to access files outside the intended directory scope...

6.9CVSS0.00407EPSS
Exploits0References2
CVE
CVE
added 2026/06/09 3:50 p.m.18 views

CVE-2026-0416

CVE-2026-0416 affects Netgear RAXE450 and RAXE500 routers. Authenticated administrators on the local network can modify router functionality beyond what is intended via the standard management interface. Documented CVSS shows adjacent access, high privileges, no user interaction, and integrity im...

6.8CVSS5.4AI score0.0018EPSS
Exploits0References3Affected Software1
UbuntuCve
UbuntuCve
added 2026/05/13 4:17 a.m.11 views

CVE-2026-8336

After invoking $internalJsEmit, which is not intended to be directly accessible, or mapreduce command’s map function in a certain way, an authenticated user can subsequently crash mongod when the server-side JavaScript engine through $where, $function, mapreduce reduce stage, etc. is used also in...

7.7CVSS5.8AI score0.00255EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/03/23 12:0 a.m.5 views

Siemens APE1808 Improper Restriction of Communication Channel to Intended Endpoints (CVE-2025-22251)

An improper restriction of communication channel to intended endpoints vulnerability CWE-923 in FortiOS 7.6.0, 7.4.0 through 7.4.5, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an unauthenticated attacker to inject unauthorized sessions via crafted FGSP session synchronization...

5.3CVSS5.8AI score0.00337EPSS
Exploits0References2
OSV
OSV
added 2026/03/10 6:18 p.m.7 views

CVE-2026-23664

Improper restriction of communication channel to intended endpoints in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network...

7.5CVSS5.8AI score0.00997EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/03/10 12:0 a.m.4 views

Execution Is the New Attack Surface: Survivability-Aware Agentic Crypto Trading with OpenClaw-Style Local Executors

OpenClaw-style agent stacks turn language into privileged execution: LLM intents flow through tool interception, policy gates, and a local executor. In parallel, skill marketplaces such as skills.sh make capability acquisition as easy as installing skills and CLIs, creating a growing capability...

5.9AI score
Exploits0
NVD
NVD
added 2026/03/04 9:15 a.m.11 views

CVE-2026-27445

SEPPmail Secure Email Gateway before version 15.0.1 does not properly verify that a PGP signature was generated by the expected key, allowing signature spoofing...

6.9CVSS0.00123EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/04 12:0 a.m.9 views

SEPPmail Secure Email Gateway 安全漏洞

SEPPmail Secure Email Gateway is an email security gateway developed by the German company SEPPmail. Versions of SEPPmail Secure Email Gateway prior to version 15.0.1 contained security vulnerabilities. These vulnerabilities stemmed from improper verification of whether the PGP signature was...

6.9CVSS5.8AI score0.00123EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/02 12:0 a.m.7 views

ABC PRO EAP Legislator 路径遍历漏洞

ABC PRO EAP Legislator is a software developed by the Polish company ABC PRO, used for managing legislative processes and editing legal documents. ABC PRO EAP Legislator has a path traversal vulnerability; this vulnerability arises from the file extraction function’s ability to traverse paths,...

8.6CVSS5.8AI score0.00344EPSS
Exploits0References2
EUVD
EUVD
added 2026/01/09 2:55 a.m.6 views

EUVD-2026-1833

Malicious code in dotenv-intended npm...

6.6AI score
Exploits0References1
Snyk
Snyk
added 2026/01/09 2:55 a.m.3 views

Malicious Package

Overview dotenv-intended is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.8AI score
Exploits0References2
OSV
OSV
added 2026/01/09 2:55 a.m.8 views

MAL-2026-174 Malicious code in dotenv-intended (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 321eaa257985bd47bbf31b2f7ccdaef2df5b424b7b257400a48140ef6029e670 The package dotenv-intended was found to contain malicious code. Source: ghsa-malware df2195d5589f3e44d82053db7cd9ae186dfd168b35c9db8f97baa29f0c63612...

6.8AI score
Exploits0References1
Rows per page
Query Builder