Lucene search
K

18 matches found

RedhatCVE
RedhatCVE
added 2026/06/06 6:43 p.m.15 views

CVE-2026-5411

The WP Captcha PRO the premium version of the Advanced Google reCAPTCHA plugin, both have the same slug plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 5.38. This is due to a capability check in the saveajax function of the licensing module,...

8.8CVSS6.1AI score0.00449EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/05 6:31 p.m.5 views

CVE-2026-5411

The WP Captcha PRO the premium version of the Advanced Google reCAPTCHA plugin, both have the same slug plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 5.38. This is due to a capability check in the saveajax function of the licensing module,...

8.8CVSS6.1AI score0.00449EPSS
Exploits0References3
NVD
NVD
added 2026/05/28 7:16 p.m.10 views

CVE-2026-47136

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the RustFS console endpoint GET /rustfs/console/license returns parsed license metadata without requiring authentication. The endpoint is registered on the console listener and returns JSON containing license...

6.9CVSS0.0031EPSS
Exploits0References1
CVE
CVE
added 2026/05/28 6:41 p.m.21 views

CVE-2026-46685

RustFS 1.0.0-beta.2 fixes a CORS bug in the S3 listener. Before the fix, if RUSTFS_CORS_ALLOWED_ORIGINS is unset, ConditionalCorsLayer would echo any Origin back as Access-Control-Allow-Origin and set Access-Control-Allow-Credentials: true and Access-Control-Allow-Headers: *, including preflight ...

6CVSS5.8AI score0.00108EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/28 6:41 p.m.35 views

CVE-2026-46685 RustFS: Reflective CORS with credentials on S3 listener; unauthenticated license metadata endpoint on console

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, when RUSTFSCORSALLOWEDORIGINS is unset, the RustFS S3 listener's ConditionalCorsLayer reflects any request Origin value back as Access-Control-Allow-Origin and also sets Access-Control-Allow-Credentials: true and...

6CVSS0.00108EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/28 6:41 p.m.6 views

CVE-2026-46685 RustFS: Reflective CORS with credentials on S3 listener; unauthenticated license metadata endpoint on console

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, when RUSTFSCORSALLOWEDORIGINS is unset, the RustFS S3 listener's ConditionalCorsLayer reflects any request Origin value back as Access-Control-Allow-Origin and also sets Access-Control-Allow-Credentials: true and...

6CVSS5.8AI score0.00108EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/28 6:30 p.m.11 views

EUVD-2026-32993

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the RustFS console endpoint GET /rustfs/console/license returns parsed license metadata without requiring authentication. The endpoint is registered on the console listener and returns JSON containing license...

6.9CVSS5.8AI score0.0031EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/28 6:30 p.m.30 views

CVE-2026-47136 RustFS: Unauthenticated RustFS console license endpoint exposes license metadata

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the RustFS console endpoint GET /rustfs/console/license returns parsed license metadata without requiring authentication. The endpoint is registered on the console listener and returns JSON containing license...

6.9CVSS0.0031EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/28 6:30 p.m.12 views

CVE-2026-47136 RustFS: Unauthenticated RustFS console license endpoint exposes license metadata

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the RustFS console endpoint GET /rustfs/console/license returns parsed license metadata without requiring authentication. The endpoint is registered on the console listener and returns JSON containing license...

6.9CVSS5.8AI score0.0031EPSS
Exploits0References1
CVE
CVE
added 2026/05/28 6:30 p.m.18 views

CVE-2026-47136

CVE-2026-47136 affects RustFS, a distributed object storage system written in Rust. The issue is an unauthenticated exposure of license metadata via the console endpoint GET /rustfs/console/license, which is accessible to any client that can reach the console listener and returns JSON containing ...

6.9CVSS5.8AI score0.0031EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2026/03/23 12:0 a.m.3 views

Fedora: Security Advisory (FEDORA-2026-0f099ed388)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS5.8AI score0.00479EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/03/22 12:0 a.m.5 views

Fedora 42 : python-ujson (2026-0f099ed388)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-0f099ed388 advisory. Update to 5.12.0. This release updates the license field in the Python metadata and fixes a buffer overflow/infinite loop from indent handling...

7.5CVSS6.1AI score0.00479EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/03/21 12:0 a.m.4 views

Fedora 43 : python-ujson (2026-bf741e26e4)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-bf741e26e4 advisory. Update to 5.12.0. This release updates the license field in the Python metadata and fixes a buffer overflow/infinite loop from indent handling...

7.5CVSS6.1AI score0.00479EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-14414

Malware in sbrugna...

5.3CVSS5.3AI score0.01043EPSS
Exploits0References3
OSV
OSV
added 2024/03/06 11:11 a.m.23 views

BIT-VAULT-2021-27668

HashiCorp Vault Enterprise 0.9.2 through 1.6.2 allowed the read of license metadata from DR secondaries without authentication. Fixed in 1.6.3...

5.3CVSS5.4AI score0.01043EPSS
Exploits0References3
Cvelist
Cvelist
added 2021/08/31 5:1 p.m.19 views

CVE-2021-27668

HashiCorp Vault Enterprise 0.9.2 through 1.6.2 allowed the read of license metadata from DR secondaries without authentication. Fixed in 1.6.3...

5.9AI score0.01043EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2021/08/31 12:0 a.m.4 views

PT-2021-17594 · Hashicorp · Hashicorp Vault Enterprise

Name of the Vulnerable Software and Affected Versions: HashiCorp Vault Enterprise versions 0.9.2 through 1.6.2 Description: The issue allows the read of license metadata from DR secondaries without authentication. Recommendations: For HashiCorp Vault Enterprise versions 0.9.2 through 1.6.2, updat...

5.3CVSS5AI score0.01043EPSS
Exploits0References6
CNNVD
CNNVD
added 2021/08/31 12:0 a.m.4 views

HashiCorp Vault 访问控制错误漏洞

Hashicorp HashiCorp Vault is a private key access management tool from the US-based Hashicorp. An Access Control Error vulnerability exists in HashiCorp Vault Enterprise that stems from the product's lack of privilege validation when reading license metadata from DR secondaries. An attacker could...

5.3CVSS5.8AI score0.01043EPSS
Exploits0References3
Rows per page
Query Builder