124 matches found
CVE-2026-55461
Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the user edit flow stores url-previous from the attacker-controlled Referer header into Laravel’s intended URL session value and later uses redirect-intended... when redirectoption=back is submitted, allowing Snipe-IT to be used a...
CVE-2026-55461 Snipe-IT: Open Redirect After User Edit
Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the user edit flow stores url-previous from the attacker-controlled Referer header into Laravel’s intended URL session value and later uses redirect-intended... when redirectoption=back is submitted, allowing Snipe-IT to be used a...
CVE-2026-33803 Junos OS Evolved: A port which has been inadvertently exposed can be reached by an attacker
An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a limited information disclosure and availability impact to the device. Due to a wrong initialization, a process whi...
EUVD-2026-40417
An unauthenticated attacker can read worklist records from a directory outside the intended per-AE worklist storage area. In a multi-area deployment, this can cross departmental or clinic data separation...
CVE-2026-58450 Invoice Ninja 5.13.26 - Open Redirect in Client Portal Login via intended Parameter
Invoice Ninja through 5.13.26 contains an open redirect vulnerability in the client portal login that allows unauthenticated attackers to redirect authenticated victims to attacker-controlled external URLs by injecting a malicious value into the intended query parameter. Attackers can craft a...
CVE-2026-58450 Invoice Ninja 5.13.26 - Open Redirect in Client Portal Login via intended Parameter
Invoice Ninja through 5.13.26 contains an open redirect vulnerability in the client portal login that allows unauthenticated attackers to redirect authenticated victims to attacker-controlled external URLs by injecting a malicious value into the intended query parameter. Attackers can craft a...
CVE-2026-58450
Invoice Ninja 5.13.26 contains an open redirect in the client portal login. An unauthenticated attacker can craft a login link with a malicious external URL in the intended parameter, which is stored in the user session without host validation and emitted verbatim via a bare redirect in ContactLo...
PT-2026-53994
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An unauthenticated attacker can perform a directory traversal to read worklist records from a directory outside the intended per-AE worklist storage area. In...
CVE-2026-11844
The iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has a Arbitrary File Read vulnerability, allowing privileged remote attackers to access files outside the intended directory scope...
CVE-2026-0416
CVE-2026-0416 affects Netgear RAXE450 and RAXE500 routers. Authenticated administrators on the local network can modify router functionality beyond what is intended via the standard management interface. Documented CVSS shows adjacent access, high privileges, no user interaction, and integrity im...
CVE-2026-8336
After invoking $internalJsEmit, which is not intended to be directly accessible, or mapreduce command’s map function in a certain way, an authenticated user can subsequently crash mongod when the server-side JavaScript engine through $where, $function, mapreduce reduce stage, etc. is used also in...
Siemens APE1808 Improper Restriction of Communication Channel to Intended Endpoints (CVE-2025-22251)
An improper restriction of communication channel to intended endpoints vulnerability CWE-923 in FortiOS 7.6.0, 7.4.0 through 7.4.5, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an unauthenticated attacker to inject unauthorized sessions via crafted FGSP session synchronization...
CVE-2026-23664
Improper restriction of communication channel to intended endpoints in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network...
Execution Is the New Attack Surface: Survivability-Aware Agentic Crypto Trading with OpenClaw-Style Local Executors
OpenClaw-style agent stacks turn language into privileged execution: LLM intents flow through tool interception, policy gates, and a local executor. In parallel, skill marketplaces such as skills.sh make capability acquisition as easy as installing skills and CLIs, creating a growing capability...
CVE-2026-27445
SEPPmail Secure Email Gateway before version 15.0.1 does not properly verify that a PGP signature was generated by the expected key, allowing signature spoofing...
SEPPmail Secure Email Gateway 安全漏洞
SEPPmail Secure Email Gateway is an email security gateway developed by the German company SEPPmail. Versions of SEPPmail Secure Email Gateway prior to version 15.0.1 contained security vulnerabilities. These vulnerabilities stemmed from improper verification of whether the PGP signature was...
ABC PRO EAP Legislator 路径遍历漏洞
ABC PRO EAP Legislator is a software developed by the Polish company ABC PRO, used for managing legislative processes and editing legal documents. ABC PRO EAP Legislator has a path traversal vulnerability; this vulnerability arises from the file extraction function’s ability to traverse paths,...
EUVD-2026-1833
Malicious code in dotenv-intended npm...
Malicious Package
Overview dotenv-intended is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
MAL-2026-174 Malicious code in dotenv-intended (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 321eaa257985bd47bbf31b2f7ccdaef2df5b424b7b257400a48140ef6029e670 The package dotenv-intended was found to contain malicious code. Source: ghsa-malware df2195d5589f3e44d82053db7cd9ae186dfd168b35c9db8f97baa29f0c63612...