Lucene search
K

172 matches found

Nuclei
Nuclei
added 3 days ago94 views

Apache APISIX - Remote Code Execution

A default configuration of Apache APISIX with default API key is vulnerable to remote code execution. An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of Admin API. When the admin key was changed or the port of Admin API was changed to a port different...

9.8CVSS7.3AI score0.96182EPSS
Exploits16References5
EUVD
EUVD
added 5 days ago10 views

EUVD-2026-42680

An information disclosure vulnerability in Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to the management web interface to obtain web session tokens. This requires a legitimate user to first click on a malicious link provided by the attacker. The...

5.9CVSS6AI score0.00357EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago37 views

CVE-2026-0282 PAN-OS: File Deletion Vulnerability in Management Web Interface

A file deletion vulnerability in Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to the management web interface to delete files from a temporary directory. The security risk posed by this issue is minimized by restricting access to the management web...

6.9CVSS0.00357EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 5 days ago6 views

CVE-2026-0282

A file deletion vulnerability in Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to the management web interface to delete files from a temporary directory. The security risk posed by this issue is minimized by restricting access to the management web...

6.9CVSS6AI score0.00357EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42679

A file deletion vulnerability in Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to the management web interface to delete files from a temporary directory. The security risk posed by this issue is minimized by restricting access to the management web...

6.9CVSS6AI score0.00357EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 5 days ago11 views

Palo Alto Networks PAN-OS 11.1.x < 11.1.16 / 11.2.x < 11.2.13 / 12.1.x < 12.1.8 Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is 11.1.x prior to 11.1.16, 11.2.x prior to 11.2.13, or 12.1.x prior to 12.1.8. It is, therefore, affected by a vulnerability. An information disclosure vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticat...

7.1CVSS6.2AI score0.00357EPSS
Exploits0References2
Cvelist
Cvelist
added 6 days ago33 views

CVE-2026-0288 PAN-OS: Buffer Overflow Vulnerabilities in User-ID Terminal Server Agent

Multiple buffer overflow vulnerabilities in the User-ID Terminal Server Agent TSA component of Palo Alto Networks PAN-OS software allow an unauthenticated attacker with network access to cause a denial of service DoS condition or potentially execute arbitrary code by sending specially crafted...

9.2CVSS0.00557EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.9 views

PT-2026-53923

Name of the Vulnerable Software and Affected Versions Ocelot versions prior to 24.1.1 Description A security control bypass exists in the handling of WebSocket upgrade requests. The issue stems from a logic flaw in the OcelotPipelineExtensions.cs file, where a MapWhen branch configured for...

9.3CVSS6AI score0.00412EPSS
Exploits0References9
EUVD
EUVD
added 2026/06/23 2:25 p.m.8 views

EUVD-2026-38451

FOSSBilling is a free, open-source billing and client management system. Starting in version 0.5.4 and prior to version 0.8.0, an authorization bypass in the API role handling allows unauthenticated access to privileged /api/system/ endpoints. Because system resolves to the cron admin identity,...

10CVSS5.9AI score0.00408EPSS
Exploits0References3
NVD
NVD
added 2026/06/15 12:16 p.m.13 views

CVE-2026-34025

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains an IP restriction bypass vulnerability in the login process. The application restricts user logins based on the IP address associated with a branch location, but the client IP address is derived from the HTTP...

5.3CVSS0.00283EPSS
Exploits1References2
CVE
CVE
added 2026/06/15 10:3 a.m.18 views

CVE-2026-34025

CVE-2026-34025 affects Wertheim SafeController Software (AssemblyVersion 6.15.8328.28014). The login flow derives the client IP from the HTTP X-Forwarded-For header when present, bypassing IP-based access restrictions tied to a branch location. An attacker with valid branch credentials can manipu...

5.3CVSS5.4AI score0.00283EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.13 views

PT-2026-49196

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains an IP restriction bypass vulnerability in the login process. The application restricts user logins based on the IP address associated with a branch location, but the client IP address is derived from the HTTP...

5.3CVSS5.3AI score0.00283EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:26 p.m.10 views

CVE-2026-39409

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.12, ipRestriction does not canonicalize IPv4-mapped IPv6 client addresses e.g. ::ffff:127.0.0.1 before applying IPv4 allow or deny rules. In environments such as Node.js dual-stack, this can cause...

6.3CVSS5.4AI score0.00342EPSS
Exploits0References1
OSV
OSV
added 2026/06/04 6:0 p.m.8 views

GHSA-XRHX-7G5J-RCJ5 Hono: IP Restriction bypasses static deny rules for non-canonical IPv6

Summary The ip-restriction middleware hono/ip-restriction compares incoming IP addresses against configured deny and allow rules using string equality after partial normalization. Non-canonical IPv6 representations of an address already listed in a static rule — such as compressed forms,...

5.3CVSS5.8AI score0.00244EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.17 views

PT-2026-46873

Summary The ip-restriction middleware hono/ip-restriction compares incoming IP addresses against configured deny and allow rules using string equality after partial normalization. Non-canonical IPv6 representations of an address already listed in a static rule — such as compressed forms,...

5.3CVSS5.8AI score0.00244EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/02 10:2 p.m.12 views

CVE-2026-47674

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.21, the ip-restriction middleware hono/ip-restriction compares incoming IP addresses against configured deny and allow rules using string equality after partial normalization. Non-canonical IPv6...

5.3CVSS5.8AI score0.00244EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/28 6:24 p.m.11 views

Incorrect Regular Expression

Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to Incorrect Regular Expression via the ip-restriction middleware. An attacker can bypass configured deny rules for IPv6 addresses by submitting non-canonical representations, such as...

6.9CVSS5.8AI score0.00244EPSS
Exploits0References2
NVD
NVD
added 2026/05/28 5:16 p.m.22 views

CVE-2026-47674

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.21, the ip-restriction middleware hono/ip-restriction compares incoming IP addresses against configured deny and allow rules using string equality after partial normalization. Non-canonical IPv6...

5.3CVSS0.00244EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/13 12:0 a.m.39 views

Palo Alto Networks PAN-OS 10.2.x / 11.1.x / 11.2.x / 12.1.x Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is a vulnerable version of 10.2.x, 11.1.x, 11.2.x, or 12.1.x. It is, therefore, affected by a vulnerability. An authentication bypass vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with...

9.2CVSS5.8AI score0.0044EPSS
Exploits3References2
RedhatCVE
RedhatCVE
added 2026/05/12 2:21 p.m.16 views

CVE-2026-0300

A buffer overflow vulnerability in the User-ID™ Authentication Portal aka Captive Portal service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets. T...

9.8CVSS6.4AI score0.32074EPSS
Exploits6References1
Rows per page
Query Builder