Lucene search
+L

393557 matches found

NVD
NVD
added 8 minutes ago0 views

CVE-2026-63096

Dendrite through 0.13.8 contains a server-side request forgery vulnerability that allows unauthenticated attackers to cause the server to open outbound TLS connections to arbitrary hosts and ports by supplying an unvalidated serverName parameter to the legacy media download endpoint. Attackers ca...

6.9CVSS
Exploits0References2
Cvelist
Cvelist
added 26 minutes ago0 views

CVE-2026-9588 Authenticated Stored Cross-Site Scripting (XSS) in Switchvox SMB Web Portal

A stored cross-site scripting XSS vulnerability exists in Sangoma Switchvox SMB Edition 8.3 104997 within the voicemail notification template functionality. The submitmodifyvoicemailtemplate endpoint fails to properly sanitize HTML content supplied by authenticated users, allowing malicious...

7CVSS
Exploits0References2
Cvelist
Cvelist
added 27 minutes ago0 views

CVE-2026-9587 Authenticated Local File Inclusion (LFI) in Switchvox SMB Web Portal

An authenticated local file inclusion vulnerability exists in Sangoma Switchvox SMB Edition 8.3 104997. The playfile functionality accepts user-controlled input through the soundpath parameter and fails to properly validate file paths before accessing the underlying filesystem. By supplying...

7.1CVSS
Exploits0References2
Cvelist
Cvelist
added 29 minutes ago0 views

CVE-2026-9585 Unauthenticated Reflected Cross-Site Scripting (XSS) in Switchvox SMB Web Portal

An unauthenticated reflected cross-site scripting XSS vulnerability exists in Sangoma Switchvox SMB Edition version 8.3 104997. The application fails to properly sanitize the portal parameter supplied to the invalidbrowser and invalidbrowserlogin handlers. User-supplied data is reflected into...

8.6CVSS
Exploits0References2
Cvelist
Cvelist
added 55 minutes ago5 views

CVE-2026-63096 Dendrite 0.13.8 SSRF via Unauthenticated Legacy Media Download Endpoint

Dendrite through 0.13.8 contains a server-side request forgery vulnerability that allows unauthenticated attackers to cause the server to open outbound TLS connections to arbitrary hosts and ports by supplying an unvalidated serverName parameter to the legacy media download endpoint. Attackers ca...

6.9CVSS
Exploits0References2
CVE
CVE
added 55 minutes ago6 views

CVE-2026-63096 Dendrite 0.13.8 SSRF via Unauthenticated Legacy Media Download Endpoint

Dendrite through 0.13.8 contains a server-side request forgery vulnerability that allows unauthenticated attackers to cause the server to open outbound TLS connections to arbitrary hosts and ports by supplying an unvalidated serverName parameter to the legacy media download endpoint. Attackers ca...

6.9CVSS5.5AI score
Exploits0References2
NVD
NVD
added 1 hour ago4 views

CVE-2026-63094

SigNoz through 0.133.0 contains an open redirect vulnerability in the SSO authentication flow that allows unauthenticated attackers to steal session tokens from any user on instances configured with Google OAuth, SAML, or OIDC. Attackers can call the unauthenticated sessions context endpoint with...

8.1CVSS
Exploits0References3
CVE
CVE
added 2 hours ago6 views

CVE-2026-63094

SigNoz through 0.133.0 contains an open redirect vulnerability in the SSO authentication flow that allows unauthenticated attackers to steal session tokens from any user on instances configured with Google OAuth, SAML, or OIDC. Attackers can call the unauthenticated sessions context endpoint with...

8.1CVSS5.4AI score
Exploits0References3
Cvelist
Cvelist
added 2 hours ago7 views

CVE-2026-63094 SigNoz 0.133.0 SSO OAuth State Manipulation Session Token Theft

SigNoz through 0.133.0 contains an open redirect vulnerability in the SSO authentication flow that allows unauthenticated attackers to steal session tokens from any user on instances configured with Google OAuth, SAML, or OIDC. Attackers can call the unauthenticated sessions context endpoint with...

8.1CVSS
Exploits0References3
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-45177

SigNoz through 0.133.0 contains an open redirect vulnerability in the SSO authentication flow that allows unauthenticated attackers to steal session tokens from any user on instances configured with Google OAuth, SAML, or OIDC. Attackers can call the unauthenticated sessions context endpoint with...

8.1CVSS5.4AI score
Exploits0References3
GithubExploit
GithubExploit
added 3 hours ago7 views

Exploit for Use After Free in Linux Linux_Kernel

CVE-2026-43499 for realme RMX5200 CVE-2026-43499 local privil...

7.8CVSS5.3AI score0.00125EPSS
Exploits24
NVD
NVD
added 5 hours ago7 views

CVE-2026-59252

Improper Validation of Specified Quantity in Input in ZenHive mpp allows an unauthenticated remote client to drain the fee-payer wallet, resulting in denial of service for legitimate clients. When the mpp Elixir library is configured as fee payer feepayer: true, the MPP.Methods.Tempo payment meth...

8.2CVSS
Exploits0References4
OSV
OSV
added 6 hours ago5 views

EEF-CVE-2026-59252 Missing gas_limit validation in mpp Tempo fee-payer enables wallet drain

Summary Improper Validation of Specified Quantity in Input in ZenHive mpp allows an unauthenticated remote client to drain the fee-payer wallet, resulting in denial of service for legitimate clients. When the mpp Elixir library is configured as fee payer fee\payer: true, the MPP.Methods.Tempo...

8.2CVSS6.1AI score
Exploits0References4
Cvelist
Cvelist
added 6 hours ago10 views

CVE-2026-59252 Missing gas_limit validation in mpp Tempo fee-payer enables wallet drain

Improper Validation of Specified Quantity in Input in ZenHive mpp allows an unauthenticated remote client to drain the fee-payer wallet, resulting in denial of service for legitimate clients. When the mpp Elixir library is configured as fee payer feepayer: true, the MPP.Methods.Tempo payment meth...

8.2CVSS
Exploits0References4
Vulnrichment
Vulnrichment
added 6 hours ago3 views

CVE-2026-59252 Missing gas_limit validation in mpp Tempo fee-payer enables wallet drain

Improper Validation of Specified Quantity in Input in ZenHive mpp allows an unauthenticated remote client to drain the fee-payer wallet, resulting in denial of service for legitimate clients. When the mpp Elixir library is configured as fee payer feepayer: true, the MPP.Methods.Tempo payment meth...

8.2CVSS5.8AI score
Exploits0References4
EUVD
EUVD
added 6 hours ago5 views

EUVD-2026-45160

Improper Validation of Specified Quantity in Input in ZenHive mpp allows an unauthenticated remote client to drain the fee-payer wallet, resulting in denial of service for legitimate clients. When the mpp Elixir library is configured as fee payer feepayer: true, the MPP.Methods.Tempo payment meth...

8.2CVSS5.8AI score
Exploits0References4
ATTACKERKB
ATTACKERKB
added 6 hours ago4 views

CVE-2026-59252

Improper Validation of Specified Quantity in Input in ZenHive mpp allows an unauthenticated remote client to drain the fee-payer wallet, resulting in denial of service for legitimate clients. When the mpp Elixir library is configured as fee payer feepayer: true, the MPP.Methods.Tempo payment meth...

8.2CVSS5.9AI score
Exploits0References5Affected Software1
CVE
CVE
added 6 hours ago11 views

CVE-2026-59252

The CVE-2026-59252 entry describes a missing gas_limit validation in ZenHive mpp when configured as a fee payer (fee_payer: true). The MPP.Methods.Tempo payment method co-signs and broadcasts a client-supplied EVM transaction without ensuring the client-supplied gas_limit is sufficient, allowing ...

8.2CVSS5.9AI score
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 6 hours ago3 views

Security Bulletin: Multiple vulnerabilities in IBM Guardium Unified Discovery and Classification (GUDC) container images

Summary Security vulnerabilities have been addressed in the IBM Guardium Unified Discovery and Classification GUDC container images Vulnerability Details CVEID:CVE-2025-0167 DESCRIPTION: When asked to use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password use...

9.3CVSS7.2AI score0.00723EPSS
Exploits7Affected Software1
NVD
NVD
added 10 hours ago4 views

CVE-2026-15094

The WP Hotel Booking plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'checkindate' parameter in all versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrar...

6.1CVSS
Exploits0References6
Rows per page
Query Builder