Lucene search
+L

5333 matches found

CVE
CVE
added 2 days ago9 views

CVE-2026-62314

Anubis Web AI Firewall Utility vulnerable in versions 1.22.0–1.26.0-pre1 due to PathChecker.Check() trusting the client-controlled X-Original-URI header before r.URL.Path, enabling bypass of the challenge via ALLOW rules (e.g., ^/.well-known/.*$). A fixed release is 1.26.0-pre1; upgrade to mitiga...

5.8CVSS6.1AI score0.0027EPSS
Exploits0References4
Circl
Circl
added 3 days ago4 views

CVE-2026-56164

creationtimestamp| type| source ---|---|--- 2026-07-14 18:00:28+00:00| exploited| https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/668b2838-95c6-4ab3-abc0-8c35823f659e 2026-07-14 18:20:38+00:00| seen| https://bsky.app/profile/cvesentinel.bsky.social/post/3mqmt3pfil62x...

9.8CVSS6.3AI score0.05601EPSS
Exploits0References57
CVE
CVE
added 3 days ago48 views

CVE-2026-15719

The CVE-2026-15719 entry refers to Firefox Site isolation in the DOM: Navigation component. Publicly disclosed exploit code exists, but none are documented as in-the-wild attacks in the provided sources. Affected software is Firefox; the vulnerability was fixed in Firefox 152.0.6. The Mozilla adv...

5.4CVSS6.1AI score0.00133EPSS
Exploits0References2Affected Software1
NVD
NVD
added 4 days ago8 views

CVE-2026-58065

The Apache Airflow Git provider runs its git-over-SSH operations with StrictHostKeyChecking=no by default, disabling SSH host-key verification. An attacker who can intercept the network path between an Airflow worker and the Git server can impersonate the server man-in-the-middle, capturing the S...

8.1CVSS0.00461EPSS
Exploits0References3
OSV
OSV
added 4 days ago3 views

CVE-2026-58065 Apache Airflow Git provider: Git provider hook defaults to StrictHostKeyChecking=no, disabling SSH host-key verification

The Apache Airflow Git provider runs its git-over-SSH operations with StrictHostKeyChecking=no by default, disabling SSH host-key verification. An attacker who can intercept the network path between an Airflow worker and the Git server can impersonate the server man-in-the-middle, capturing the S...

8.1CVSS6.1AI score0.00461EPSS
Exploits0References6
EUVD
EUVD
added 4 days ago5 views

EUVD-2026-43499

The Apache Airflow Git provider runs its git-over-SSH operations with StrictHostKeyChecking=no by default, disabling SSH host-key verification. An attacker who can intercept the network path between an Airflow worker and the Git server can impersonate the server man-in-the-middle, capturing the S...

8.1CVSS6.1AI score0.00461EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago34 views

CVE-2026-58065 Apache Airflow Git provider: Git provider hook defaults to StrictHostKeyChecking=no, disabling SSH host-key verification

The Apache Airflow Git provider runs its git-over-SSH operations with StrictHostKeyChecking=no by default, disabling SSH host-key verification. An attacker who can intercept the network path between an Airflow worker and the Git server can impersonate the server man-in-the-middle, capturing the S...

0.00461EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/07/10 3:20 a.m.4 views

SUSE CVE-2026-12064

When a user invokes curl using a schemeless URL combined with --proto-default sftp or scp, a disconnect occurs between the tool layer and libcurl. The tool layer incorrectly infers the URL scheme, which erroneously bypasses the initialization of critical SSH security options like...

7.4CVSS6.2AI score0.00574EPSS
Exploits1References8
Cvelist
Cvelist
added 2026/07/09 9:59 p.m.31 views

CVE-2026-45788 Discourse: Secure uploads exposed by hotlinked image copying

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, secure uploads could be exposed by pullhotlinkedimages when an attacker knew the secured upload URL and the secureuploads site setting was enabled. This issue is fixed in versions 2026.6.0,...

6.3CVSS0.00465EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2026/07/08 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-55191

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - freerdp2 - None freerdp3 - None Ubuntu Linux - Heap-buffer-overflow write in AVC444 YUV buffer allocation CVE-2026-55191 Note that Nessus relies ...

6.2AI score
Exploits0References3
OSV
OSV
added 2026/07/07 11:45 a.m.5 views

PYSEC-2026-2007 vantage6 collaboration admins can extend their influence by expanding the collaboration

Impact Collaboration administrators can add extra organizations to their collaboration. When doing that, they extend their influence: for instance, for organizations that they include, they can then create new users for which they know the passwords, and use that to read task results of other...

2.7CVSS6AI score0.00316EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/07 3:7 a.m.4 views

EUVD-2026-41988

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the GET /invitations/uuid endpoint can perform a state-changing password reset using an attacker-known invitation UUID, allowing an attacker who can cause a victim to visit...

8CVSS6AI score0.00146EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/07/06 7:19 p.m.5 views

CVE-2026-9547

A flaw was found in curl. When a libcurl-based application uses SCP:// or SFTP:// for transfers and employs the CURLOPTSSHKEYFUNCTION callback, it may silently accept an untrusted server. This occurs if the server's host key type differs from the one stored in the knownhosts file. The callback...

7.4CVSS5.8AI score0.00508EPSS
Exploits1References6
OSV
OSV
added 2026/07/06 6:1 p.m.8 views

RLSA-2026:35833 Important: container-tools:rhel8 security update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption JWE object CVE-2026-34986...

8.7CVSS6.8AI score0.00651EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/07/04 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-58214

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - nats-server - None Ubuntu Linux - Unknown description CVE-2026-58214 Note that Nessus relies on the presence of the package as reported by the...

4.3CVSS6AI score0.00349EPSS
Exploits0References3
Snyk
Snyk
added 2026/07/03 8:18 a.m.9 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation in the CURLOPTSSHKEYFUNCTION process. An attacker can intercept or manipulate data by presenting a server host key type that does not match the recorded key type in the knownhosts file, which is improperl...

8.3CVSS6AI score0.00508EPSS
Exploits1References2
OSV
OSV
added 2026/07/03 7:16 a.m.4 views

ALPINE-CVE-2026-9547

When a libcurl-based application performs transfers via SCP:// or SFTP:// and utilizes the CURLOPTSSHKEYFUNCTION callback, it may silently accept an untrusted server. This vulnerability occurs when a server presents a host key type that does not match the specific key type already recorded for th...

7.4CVSS6AI score0.00508EPSS
Exploits1References1
NVD
NVD
added 2026/07/03 7:16 a.m.8 views

CVE-2026-9547

When a libcurl-based application performs transfers via SCP:// or SFTP:// and utilizes the CURLOPTSSHKEYFUNCTION callback, it may silently accept an untrusted server. This vulnerability occurs when a server presents a host key type that does not match the specific key type already recorded for th...

7.4CVSS0.00508EPSS
Exploits1References3
NVD
NVD
added 2026/07/03 7:16 a.m.11 views

CVE-2026-12064

When a user invokes curl using a schemeless URL combined with --proto-default sftp or scp, a disconnect occurs between the tool layer and libcurl. The tool layer incorrectly infers the URL scheme, which erroneously bypasses the initialization of critical SSH security options like...

7.5CVSS0.00574EPSS
Exploits1References3
OSV
OSV
added 2026/07/03 6:18 a.m.4 views

CVE-2026-9547 SSH improper host validation

When a libcurl-based application performs transfers via SCP:// or SFTP:// and utilizes the CURLOPTSSHKEYFUNCTION callback, it may silently accept an untrusted server. This vulnerability occurs when a server presents a host key type that does not match the specific key type already recorded for th...

7.4CVSS6.1AI score0.00508EPSS
Exploits1References5
Rows per page
Query Builder