Lucene search
K

8285 matches found

Nuclei
Nuclei
added 16 hours ago372 views

Oracle Forms & Reports RCE (CVE-2012-3152 & CVE-2012-3153)

An unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Report Server Component. id: CVE-2012-3153 info: name: Oracle Forms &...

9.1CVSS6.9AI score0.98695EPSS
Exploits11References5
Nuclei
Nuclei
added 16 hours ago144 views

Oracle Business Intelligence - Path Traversal

Oracle Business Intelligence versions 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0 are vulnerable to path traversal in the BI Publisher formerly XML Publisher component of Oracle Fusion Middleware subcomponent: BI Publisher Security. id: CVE-2019-2588 info: name: Oracle Business Intelligence - Path...

4.9CVSS6.4AI score0.37099EPSS
Exploits4References5
Nuclei
Nuclei
added 16 hours ago25 views

Next.js Middleware - Server-Side Request Forgery

In Next.js prior to versions 14.2.32 and 15.4.7, when request headerswere insecurely passed to NextResponse.next, an attacker could exploit this behavior to perform Server-Side Request Forgery SSRF attacks. id: CVE-2025-57822 info: name: Next.js Middleware - Server-Side Request Forgery author:...

8.2CVSS6.2AI score0.02328EPSS
Exploits0References3
Nuclei
Nuclei
added 16 hours ago133 views

Vendure - Arbitrary File Read

Vendure is an open-source headless commerce platform. Prior to versions 3.0.5 and 2.3.3, a vulnerability in Vendure's asset server plugin allows an attacker to craft a request which is able to traverse the server file system and retrieve the contents of arbitrary files, including sensitive data...

9.1CVSS7.1AI score0.59798EPSS
Exploits1References5
Nuclei
Nuclei
added 16 hours ago18 views

FastChat - Open Redirect

Detects an open redirect vulnerability in lm-sys/fastchat version 0.2.36, which allows attackers to redirect users to malicious URLs. id: CVE-2024-10908 info: name: FastChat - Open Redirect author: DhiyaneshDK severity: medium description: | Detects an open redirect vulnerability in lm-sys/fastch...

6.1CVSS6.4AI score0.0077EPSS
Exploits1References1
Nuclei
Nuclei
added yesterday249 views

Oracle WebLogic Server - Remote Code Execution

The Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: WLS - Web Services is susceptible to a remote code execution vulnerability that is easily exploitable and could allow unauthenticated attackers with network access via HTTP to compromise the server. Supported versions...

9.8CVSS7.4AI score0.50224EPSS
Exploits7References5
Nuclei
Nuclei
added yesterday71 views

Oracle Fusion Middleware WebCenter Sites - Cross-Site Scripting

The Oracle WebCenter Sites component of Oracle Fusion Middleware is susceptible to multiple instances of cross-site scripting that could allow unauthenticated attackers with network access via HTTP to compromise Oracle WebCenter Sites. Impacted versions that are affected are 11.1.1.8.0, 12.2.1.2....

8.2CVSS7AI score0.3945EPSS
Exploits4References5
Nuclei
Nuclei
added yesterday163 views

Oracle WebLogic Server Administration Console - Remote Code Execution

The Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: Web Services versions 0.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0 contain an easily exploitable vulnerability that allows unauthenticated attackers with network access via HTTP to compromise Oracle WebLogic Server. id:...

9.8CVSS7.1AI score0.8883EPSS
Exploits11References5
NVD
NVD
added 2 days ago8 views

CVE-2026-56271

Flowise before 3.1.0 affected versions 3.0.13 and earlier uses weak hardcoded default JWT secrets 'authtoken', 'refreshtoken' and default audience and issuer values 'AUDIENCE', 'ISSUER' in the enterprise passport authentication middleware packages/server/src/enterprise/middleware/passport/index.t...

9.8CVSS0.00396EPSS
Exploits0References2
OSV
OSV
added 2 days ago3 views

CVE-2026-56271 Flowise - Weak Default JWT Secrets in Authentication Middleware

Flowise before 3.1.0 affected versions 3.0.13 and earlier uses weak hardcoded default JWT secrets 'authtoken', 'refreshtoken' and default audience and issuer values 'AUDIENCE', 'ISSUER' in the enterprise passport authentication middleware packages/server/src/enterprise/middleware/passport/index.t...

9.3CVSS6.1AI score0.00396EPSS
Exploits0References4
CVE
CVE
added 2 days ago26 views

CVE-2026-56271

Flowise prior to 3.1.0 (versions

9.8CVSS6.1AI score0.00396EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2 days ago7 views

EUVD-2026-43228

Flowise before 3.1.0 affected versions 3.0.13 and earlier uses weak hardcoded default JWT secrets 'authtoken', 'refreshtoken' and default audience and issuer values 'AUDIENCE', 'ISSUER' in the enterprise passport authentication middleware packages/server/src/enterprise/middleware/passport/index.t...

9.8CVSS6.1AI score0.00396EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago34 views

CVE-2026-56271 Flowise - Weak Default JWT Secrets in Authentication Middleware

Flowise before 3.1.0 affected versions 3.0.13 and earlier uses weak hardcoded default JWT secrets 'authtoken', 'refreshtoken' and default audience and issuer values 'AUDIENCE', 'ISSUER' in the enterprise passport authentication middleware packages/server/src/enterprise/middleware/passport/index.t...

9.8CVSS0.00396EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2 days ago7 views

PT-2026-57552

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.1.0 Description The enterprise passport authentication middleware in packages/server/src/enterprise/middleware/passport/index.ts uses weak hardcoded default secrets and values for audience and issuer. When the...

9.8CVSS6.1AI score0.00396EPSS
Exploits0References8
Nuclei
Nuclei
added 3 days ago143 views

Next.js Middleware Bypass

Next.js contains a critical middleware bypass vulnerability affecting versions 11.1.4 through 15.2.2. The vulnerability allows attackers to bypass middleware security controls by sending a specially crafted 'x-middleware-subrequest' header, which can lead to authorization bypass and other securit...

9.1CVSS6.8AI score0.99301EPSS
Exploits58References3
Nuclei
Nuclei
added 3 days ago64 views

Oracle Fusion Middleware Weblogic Server - Remote OS Command Execution

The Oracle WebLogic Server component of Oracle Fusion Middleware Web Services versions 10.3.6.0, 12.1.3.0, 12.2.1.0, 12.2.1.1 and 12.2.1.2 is susceptible to a difficult to exploit vulnerability that could allow unauthenticated attackers with network access via HTTP to compromise Oracle WebLogic...

7.4CVSS7AI score0.96281EPSS
Exploits9References5
EUVD
EUVD
added 4 days ago19 views

EUVD-2026-34067

morgan vulnerable to Log Forging via unneutralized control characters in :remote-user...

5.3CVSS6.1AI score0.00246EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 4 days ago10 views

CVE-2026-59152

A flaw was found in the LangSmith Client SDK's TracingMiddleware. An attacker can send an HTTP request to a server running the TracingMiddleware, causing it to read an arbitrary file from its local filesystem. The contents of this file are then uploaded to LangSmith as a trace attachment. This...

5CVSS6.1AI score0.00174EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 4 days ago10 views

CVE-2026-15319

A security vulnerability has been detected in Sipeed PicoClaw up to 0.2.9. This affects the function IPAllowlist of the file web/backend/middleware/accesscontrol.go of the component Launcher. Such manipulation leads to improper access controls. The attack may be performed from remote. The exploit...

7.5CVSS6.4AI score0.00323EPSS
Exploits0References7Affected Software1
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-42775

A security vulnerability has been detected in Sipeed PicoClaw up to 0.2.9. This affects the function IPAllowlist of the file web/backend/middleware/accesscontrol.go of the component Launcher. Such manipulation leads to improper access controls. The attack may be performed from remote. The exploit...

7.5CVSS6.4AI score0.00323EPSS
Exploits0References7
Rows per page
Query Builder