Lucene search
K

52580 matches found

NVD
NVD
added 2026/05/26 10:16 p.m.12 views

CVE-2026-44985

Dozzle is a realtime log viewer for docker containers. Prior to 10.5.2, he WebSocket upgrader for the /exec and /attach endpoints uses CheckOrigin: funcr http.Request bool return true , accepting upgrade requests from any origin. Combined with the JWT cookie using SameSite: Lax, this enables...

9.6CVSS0.00195EPSS
Exploits1References2
EUVD
EUVD
added 2026/05/26 9:58 p.m.9 views

EUVD-2026-32017

Dozzle is a realtime log viewer for docker containers. Prior to 10.5.2, he WebSocket upgrader for the /exec and /attach endpoints uses CheckOrigin: funcr http.Request bool return true , accepting upgrade requests from any origin. Combined with the JWT cookie using SameSite: Lax, this enables...

8.7CVSS5.8AI score0.00195EPSS
Exploits1References2
NVD
NVD
added 2026/05/26 7:16 p.m.19 views

CVE-2026-8890

code100x contains an authentication bypass vulnerability in the Mobile API that allows unauthenticated attackers to impersonate arbitrary users by supplying a crafted JSON payload in the 'g' HTTP header. The middleware in middleware.ts skips identity header generation when an Auth-Key header is...

8.8CVSS0.0049EPSS
Exploits0References5
NVD
NVD
added 2026/05/26 6:16 p.m.16 views

CVE-2026-47202

Kavita is a cross platform reading server. Prior to 0.9.0.2, an Improper Token validation flaw permits a remote and unauthenticated threat actor to request a JWT for any user including admins given knowledge of their username. This vulnerability is fixed in 0.9.0.2...

9.3CVSS0.00171EPSS
Exploits0References2
NVD
NVD
added 2026/05/26 6:16 p.m.12 views

CVE-2026-41164

nuts-node is the reference implementation of the Nuts specification. Prior to 6.2.3 and 5.4.31, the v1 access token introspection endpoint /auth/v1/introspectaccesstoken accepts any JWT signed by a key present on the node, without validating the JWT type, issuer-to-key binding, or required claims...

4.4CVSS0.00076EPSS
Exploits0References1
CVE
CVE
added 2026/05/26 5:35 p.m.19 views

CVE-2026-41164

The CVE concerns nuts-node, the reference implementation of the Nuts spec. Prior to versions 6.2.3 (and 5.4.31 for the 5.x branch), the v1 access token introspection endpoint (/auth/v1/introspect_access_token) validates only standard JWTs, and does not enforce Nuts-specific checks such as JWT typ...

4.4CVSS5.8AI score0.00076EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/26 5:30 p.m.47 views

CVE-2026-47202 Kavita: Pre-Auth Account Takeover

Kavita is a cross platform reading server. Prior to 0.9.0.2, an Improper Token validation flaw permits a remote and unauthenticated threat actor to request a JWT for any user including admins given knowledge of their username. This vulnerability is fixed in 0.9.0.2...

9.3CVSS0.00171EPSS
Exploits0References2
CVE
CVE
added 2026/05/26 5:30 p.m.40 views

CVE-2026-47202

Kavita (cross‑platform reading server) before version 0.9.0.2 is affected by an improper token validation flaw that allows a remote, unauthenticated attacker to obtain a JWT for any user, including admins, given knowledge of the username. The issue stems from inadequate validation of tokens and i...

9.3CVSS5.7AI score0.00171EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/05/26 5:23 p.m.6 views

WordPress auto making JSON-LD plugin <= 4.5.3 - Cross-Site Request Forgery to Plugin Certification Settings vulnerability

Cross-Site Request Forgery to Plugin Certification Settings vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin auto making JSON-LD versions = 4.5.3...

4.3CVSS5.8AI score0.0014EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/05/26 5:16 p.m.12 views

CVE-2026-44680

MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Prior to @mikro-orm/knex 6.6.14 and @mikro-orm/sql 7.0.14, MikroORM's identifier-quoting helper Platform.quoteIdentifier and the postgres/mssql overrides and its JSON-path emitters...

7.6CVSS0.01252EPSS
Exploits2References5
Cvelist
Cvelist
added 2026/05/26 4:49 p.m.37 views

CVE-2026-44680 MikroORM: SQL injection via runtime-controlled identifiers and JSON-path keys

MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Prior to @mikro-orm/knex 6.6.14 and @mikro-orm/sql 7.0.14, MikroORM's identifier-quoting helper Platform.quoteIdentifier and the postgres/mssql overrides and its JSON-path emitters...

7.6CVSS0.01252EPSS
Exploits2References5
Vulnrichment
Vulnrichment
added 2026/05/26 4:49 p.m.8 views

CVE-2026-44680 MikroORM: SQL injection via runtime-controlled identifiers and JSON-path keys

MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Prior to @mikro-orm/knex 6.6.14 and @mikro-orm/sql 7.0.14, MikroORM's identifier-quoting helper Platform.quoteIdentifier and the postgres/mssql overrides and its JSON-path emitters...

7.6CVSS6AI score0.01252EPSS
Exploits2References5
CVE
CVE
added 2026/05/26 4:49 p.m.16 views

CVE-2026-44680

MikroORM is vulnerable to SQL injection via runtime-controlled identifiers and JSON-path keys. The root cause is improper escaping in the identifier-quoting helper (Platform.quoteIdentifier and PostgreSQL/MSSQL overrides) and in JSON-path emitters (Platform.getSearchJsonPropertyKey, quoteJsonKey)...

7.6CVSS6AI score0.01252EPSS
Exploits2References5
ATTACKERKB
ATTACKERKB
added 2026/05/26 4:49 p.m.7 views

CVE-2026-44680

MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Prior to @mikro-orm/knex 6.6.14 and @mikro-orm/sql 7.0.14, MikroORM's identifier-quoting helper Platform.quoteIdentifier and the postgres/mssql overrides and its JSON-path emitters...

7.6CVSS6AI score0.01252EPSS
Exploits2References6Affected Software3
EUVD
EUVD
added 2026/05/26 4:49 p.m.8 views

EUVD-2026-31893

MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Prior to @mikro-orm/knex 6.6.14 and @mikro-orm/sql 7.0.14, MikroORM's identifier-quoting helper Platform.quoteIdentifier and the postgres/mssql overrides and its JSON-path emitters...

7.6CVSS6AI score0.01252EPSS
Exploits2References5
GithubExploit
GithubExploit
added 2026/05/26 2:47 p.m.125 views

Exploit for CVE-2026-47668

CVE-2026-47668 DbGate Unauthenticated Remote Code Execution...

6.7AI score0.00336EPSS
Exploits1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/26 2:34 p.m.18 views

Malicious code in chainix (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 93d9609d2eac0c0ff33aed557171138930255798aa649fa648b04814c8cb1908 Package presents itself as a pino-compatible logger README badges link to pinojs/pino, exports alias module.exports.pino = middleware but its exporte...

6.4AI score
Exploits0References2
OSV
OSV
added 2026/05/26 2:34 p.m.5 views

MAL-2026-4817 Malicious code in chainix (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 93d9609d2eac0c0ff33aed557171138930255798aa649fa648b04814c8cb1908 Package presents itself as a pino-compatible logger README badges link to pinojs/pino, exports alias module.exports.pino = middleware but its exporte...

6.4AI score
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/05/26 12:59 p.m.12 views

Apache Tomcat: Apache Tomcat: Information disclosure due to improper encoding in JsonAccessLogValve

A flaw was found in the JsonAccessLogValve component of Apache Tomcat. This improper encoding or escaping of output vulnerability could allow an attacker to inject specially crafted data into log files. This could lead to information disclosure or other unintended consequences when the logs are...

7.5CVSS7AI score0.00461EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/26 9:30 a.m.19 views

mysql: JSON unspecified vulnerability (CPU Apr 2026)

Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: JSON. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access v...

6.5CVSS7.2AI score0.00303EPSS
Exploits0References6
Rows per page
Query Builder