Lucene search
K

52627 matches found

Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.12 views

RHEL 10 : ruby4.0 (RHSA-2026:20606)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:20606 advisory. Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and ...

9.1CVSS6.2AI score0.01131EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.8 views

AlmaLinux 9 : ruby:4.0 (ALSA-2026:20596)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:20596 advisory. ruby/json: Ruby JSON: Denial of Service or Information Disclosure via format string injection CVE-2026-33210 erb: ERB: Arbitrary code execution via...

9.1CVSS6.8AI score0.01131EPSS
Exploits0References4
OSV
OSV
added 2026/05/26 11:38 p.m.8 views

GHSA-9RFG-V8G9-9367 Fedify has an LD-Signature Bypass via JSON-LD Named-Graph Restructuring

As told on Discord earlier, multiple projects are affected, and we would like to coordinate. For now, we are aiming at a May 6th release date, but this is not set in stone yet. Summary An attacker can make use of JSON-LD features to restructure a JSON-LD document that would change how Fedify...

7CVSS5.4AI score0.00171EPSS
Exploits0References4
Snyk
Snyk
added 2026/05/26 11:38 p.m.12 views

Incorrect Behavior Order: Validate Before Canonicalize

Overview @fedify/fedify is an An ActivityPub server framework Affected versions of this package are vulnerable to Incorrect Behavior Order: Validate Before Canonicalize through manipulation of JSON-LD document structure using keywords such as @graph, @included, and @reverse. An attacker can alter...

8.3CVSS5.9AI score0.00171EPSS
Exploits0References2
NVD
NVD
added 2026/05/26 10:16 p.m.12 views

CVE-2026-44985

Dozzle is a realtime log viewer for docker containers. Prior to 10.5.2, he WebSocket upgrader for the /exec and /attach endpoints uses CheckOrigin: funcr http.Request bool return true , accepting upgrade requests from any origin. Combined with the JWT cookie using SameSite: Lax, this enables...

9.6CVSS0.00195EPSS
Exploits1References2
EUVD
EUVD
added 2026/05/26 9:58 p.m.9 views

EUVD-2026-32017

Dozzle is a realtime log viewer for docker containers. Prior to 10.5.2, he WebSocket upgrader for the /exec and /attach endpoints uses CheckOrigin: funcr http.Request bool return true , accepting upgrade requests from any origin. Combined with the JWT cookie using SameSite: Lax, this enables...

8.7CVSS5.8AI score0.00195EPSS
Exploits1References2
NVD
NVD
added 2026/05/26 7:16 p.m.19 views

CVE-2026-8890

code100x contains an authentication bypass vulnerability in the Mobile API that allows unauthenticated attackers to impersonate arbitrary users by supplying a crafted JSON payload in the 'g' HTTP header. The middleware in middleware.ts skips identity header generation when an Auth-Key header is...

8.8CVSS0.0049EPSS
Exploits0References5
NVD
NVD
added 2026/05/26 6:16 p.m.16 views

CVE-2026-47202

Kavita is a cross platform reading server. Prior to 0.9.0.2, an Improper Token validation flaw permits a remote and unauthenticated threat actor to request a JWT for any user including admins given knowledge of their username. This vulnerability is fixed in 0.9.0.2...

9.3CVSS0.00171EPSS
Exploits0References2
NVD
NVD
added 2026/05/26 6:16 p.m.12 views

CVE-2026-41164

nuts-node is the reference implementation of the Nuts specification. Prior to 6.2.3 and 5.4.31, the v1 access token introspection endpoint /auth/v1/introspectaccesstoken accepts any JWT signed by a key present on the node, without validating the JWT type, issuer-to-key binding, or required claims...

4.4CVSS0.00076EPSS
Exploits0References1
CVE
CVE
added 2026/05/26 5:35 p.m.19 views

CVE-2026-41164

The CVE concerns nuts-node, the reference implementation of the Nuts spec. Prior to versions 6.2.3 (and 5.4.31 for the 5.x branch), the v1 access token introspection endpoint (/auth/v1/introspect_access_token) validates only standard JWTs, and does not enforce Nuts-specific checks such as JWT typ...

4.4CVSS5.8AI score0.00076EPSS
Exploits0References1
CVE
CVE
added 2026/05/26 5:30 p.m.40 views

CVE-2026-47202

Kavita (cross‑platform reading server) before version 0.9.0.2 is affected by an improper token validation flaw that allows a remote, unauthenticated attacker to obtain a JWT for any user, including admins, given knowledge of the username. The issue stems from inadequate validation of tokens and i...

9.3CVSS5.7AI score0.00171EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/26 5:30 p.m.47 views

CVE-2026-47202 Kavita: Pre-Auth Account Takeover

Kavita is a cross platform reading server. Prior to 0.9.0.2, an Improper Token validation flaw permits a remote and unauthenticated threat actor to request a JWT for any user including admins given knowledge of their username. This vulnerability is fixed in 0.9.0.2...

9.3CVSS0.00171EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/05/26 5:23 p.m.6 views

WordPress auto making JSON-LD plugin <= 4.5.3 - Cross-Site Request Forgery to Plugin Certification Settings vulnerability

Cross-Site Request Forgery to Plugin Certification Settings vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin auto making JSON-LD versions = 4.5.3...

4.3CVSS5.8AI score0.0014EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/05/26 5:16 p.m.12 views

CVE-2026-44680

MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Prior to @mikro-orm/knex 6.6.14 and @mikro-orm/sql 7.0.14, MikroORM's identifier-quoting helper Platform.quoteIdentifier and the postgres/mssql overrides and its JSON-path emitters...

7.6CVSS0.01252EPSS
Exploits2References5
Cvelist
Cvelist
added 2026/05/26 4:49 p.m.37 views

CVE-2026-44680 MikroORM: SQL injection via runtime-controlled identifiers and JSON-path keys

MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Prior to @mikro-orm/knex 6.6.14 and @mikro-orm/sql 7.0.14, MikroORM's identifier-quoting helper Platform.quoteIdentifier and the postgres/mssql overrides and its JSON-path emitters...

7.6CVSS0.01252EPSS
Exploits2References5
CVE
CVE
added 2026/05/26 4:49 p.m.16 views

CVE-2026-44680

MikroORM is vulnerable to SQL injection via runtime-controlled identifiers and JSON-path keys. The root cause is improper escaping in the identifier-quoting helper (Platform.quoteIdentifier and PostgreSQL/MSSQL overrides) and in JSON-path emitters (Platform.getSearchJsonPropertyKey, quoteJsonKey)...

7.6CVSS6AI score0.01252EPSS
Exploits2References5
Vulnrichment
Vulnrichment
added 2026/05/26 4:49 p.m.9 views

CVE-2026-44680 MikroORM: SQL injection via runtime-controlled identifiers and JSON-path keys

MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Prior to @mikro-orm/knex 6.6.14 and @mikro-orm/sql 7.0.14, MikroORM's identifier-quoting helper Platform.quoteIdentifier and the postgres/mssql overrides and its JSON-path emitters...

7.6CVSS6AI score0.01252EPSS
Exploits2References5
ATTACKERKB
ATTACKERKB
added 2026/05/26 4:49 p.m.7 views

CVE-2026-44680

MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Prior to @mikro-orm/knex 6.6.14 and @mikro-orm/sql 7.0.14, MikroORM's identifier-quoting helper Platform.quoteIdentifier and the postgres/mssql overrides and its JSON-path emitters...

7.6CVSS6AI score0.01252EPSS
Exploits2References6Affected Software3
EUVD
EUVD
added 2026/05/26 4:49 p.m.8 views

EUVD-2026-31893

MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Prior to @mikro-orm/knex 6.6.14 and @mikro-orm/sql 7.0.14, MikroORM's identifier-quoting helper Platform.quoteIdentifier and the postgres/mssql overrides and its JSON-path emitters...

7.6CVSS6AI score0.01252EPSS
Exploits2References5
GithubExploit
GithubExploit
added 2026/05/26 2:47 p.m.127 views

Exploit for CVE-2026-47668

CVE-2026-47668 DbGate Unauthenticated Remote Code Execution...

6.7AI score0.00336EPSS
Exploits1
Rows per page
Query Builder