Lucene search
+L

191 matches found

Tenable Nessus
Tenable Nessus
added 2026/07/08 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-59153

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Anki is a program for creating and reviewing flashcards. Prior to 25.09.3, Anki launches a local HTTP server to serve media files and web pages for parts of its...

2.1CVSS6.1AI score0.00181EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/07/07 9:11 p.m.7 views

CVE-2026-59153

Anki is a program for creating and reviewing flashcards. Prior to 25.09.3, Anki launches a local HTTP server to serve media files and web pages for parts of its interface, but requests from other origins were not sufficiently blocked. A malicious website could potentially trigger side-effecting...

2.1CVSS6AI score0.00181EPSS
Exploits0
Cvelist
Cvelist
added 2026/07/07 9:11 p.m.22 views

CVE-2026-59153 Anki's local HTTP server does not sufficiently validate requests

Anki is a program for creating and reviewing flashcards. Prior to 25.09.3, Anki launches a local HTTP server to serve media files and web pages for parts of its interface, but requests from other origins were not sufficiently blocked. A malicious website could potentially trigger side-effecting...

2.1CVSS0.00181EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/07 9:11 p.m.7 views

CVE-2026-59153

Anki is a program for creating and reviewing flashcards. Prior to 25.09.3, Anki launches a local HTTP server to serve media files and web pages for parts of its interface, but requests from other origins were not sufficiently blocked. A malicious website could potentially trigger side-effecting...

2.1CVSS6AI score0.00181EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/06/30 5:16 p.m.19 views

CVE-2026-58169

Vibe-Trading before 0.1.10 contains a DNS rebinding authentication bypass vulnerability that allows remote attackers to bypass bearer-token authentication by exploiting the server's trust of TCP peer addresses for loopback clients combined with missing Host header validation while binding to...

7.7CVSS0.00286EPSS
Exploits0References7
OSV
OSV
added 2026/06/29 5:49 a.m.6 views

BIT-NODE-MIN-2026-48936

A flaw in Node.js Permission API can cause a local server to be started via a Unix domain socket, even without the --allow-net permission. This vulnerability affects one supported release line: Node.js 26...

3.3CVSS6AI score0.00154EPSS
Exploits0References2
OSV
OSV
added 2026/06/29 5:48 a.m.5 views

BIT-NODE-2026-48936

A flaw in Node.js Permission API can cause a local server to be started via a Unix domain socket, even without the --allow-net permission. This vulnerability affects one supported release line: Node.js 26...

3.3CVSS5.7AI score0.00154EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/26 10:31 p.m.12 views

CVE-2026-48936

A flaw was found in Node.js. The Node.js Permission API can allow a local server to be started through a Unix domain socket, even when the --allow-net permission is not explicitly granted. This bypasses intended security restrictions, potentially leading to unintended local network exposure or...

3.3CVSS5.6AI score0.00154EPSS
Exploits0References4
Snyk
Snyk
added 2026/06/26 8:13 p.m.18 views

Exposed Dangerous Method or Function

Overview nx is a The core Nx plugin contains the core functionality of Nx like the project graph, nx commands and task orchestration. Affected versions of this package are vulnerable to Exposed Dangerous Method or Function via the local HTTP server's permissive CORS policy, which sends...

6CVSS6.1AI score0.00812EPSS
Exploits0References2
NVD
NVD
added 2026/06/26 2:16 a.m.11 views

CVE-2026-48936

A flaw in Node.js Permission API can cause a local server to be started via a Unix domain socket, even without the --allow-net permission. This vulnerability affects one supported release line: Node.js 26...

3.3CVSS0.00154EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/06/26 1:14 a.m.11 views

CVE-2026-48936

A flaw in Node.js Permission API can cause a local server to be started via a Unix domain socket, even without the --allow-net permission. This vulnerability affects one supported release line: Node.js 26...

3.3CVSS6.4AI score0.00154EPSS
Exploits0
CVE
CVE
added 2026/06/26 1:14 a.m.34 views

CVE-2026-48936

CVE-2026-48936: A flaw in the Node.js Permission API can cause a local server to start via a Unix domain socket without the --allow-net permission, affecting the Node.js 26 release line. Connected sources indicate this has been fixed in the nodejs26-26.3.1-1.1 package (openSUSE Tumbleweed) and re...

3.3CVSS6.6AI score0.00154EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/26 1:14 a.m.10 views

CVE-2026-48936

A flaw in Node.js Permission API can cause a local server to be started via a Unix domain socket, even without the --allow-net permission. This vulnerability affects one supported release line: Node.js 26...

3.3CVSS6.4AI score0.00154EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/26 1:14 a.m.1 views

CVE-2026-48936

A flaw in Node.js Permission API can cause a local server to be started via a Unix domain socket, even without the --allow-net permission. This vulnerability affects one supported release line: Node.js 26...

3.3CVSS6.3AI score0.00154EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/26 1:14 a.m.11 views

EUVD-2026-39611

A flaw in Node.js Permission API can cause a local server to be started via a Unix domain socket, even without the --allow-net permission. This vulnerability affects one supported release line: Node.js 26...

3.3CVSS6.4AI score0.00154EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/06/19 10:10 p.m.20 views

Anki's local HTTP server does not sufficiently validate requests

Summary Anki launches a local HTTP server to serve media files and web pages for parts of its interface. While the server has a CORS setup, requests from other origins were not blocked, allowing malicious websites to potentially trigger side-effecting requests. Browser impact The severity varies ...

2.1CVSS6.1AI score0.00181EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/06/19 10:10 p.m.20 views

GHSA-869J-R97X-HX2G Anki's local HTTP server does not sufficiently validate requests

Summary Anki launches a local HTTP server to serve media files and web pages for parts of its interface. While the server has a CORS setup, requests from other origins were not blocked, allowing malicious websites to potentially trigger side-effecting requests. Browser impact The severity varies ...

8.7CVSS6.1AI score0.00181EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.7 views

PT-2026-56267

Name of the Vulnerable Software and Affected Versions Anki versions prior to 25.09.3 Description Anki launches a local HTTP server to serve media files and web pages for its interface. The server does not sufficiently block requests from other origins, allowing a malicious website to trigger...

8.7CVSS6.1AI score0.00181EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2026/06/05 7:43 p.m.11 views

CVE-2026-8706

Firefox for iOS hosted Reader mode on an unauthenticated local web server, allowing another application on the same device to request arbitrary URLs and receive the response rendered with the signed-in user's cookies. This vulnerability was fixed in Firefox for iOS 151.0...

6.5CVSS5.6AI score0.00192EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:30 p.m.14 views

CVE-2026-42073

OpenClaude is an open-source coding-agent command line interface for cloud and local model providers. Prior to version 0.5.1, the OpenClaude MCP authentication flow starts a temporary local HTTP server to handle OAuth callbacks. To prevent CSRF attacks, the server validates a state parameter...

6.5CVSS5.4AI score0.00219EPSS
Exploits1References1
Rows per page
Query Builder