Lucene search
K

689 matches found

Nuclei
Nuclei
added 2 days ago178 views

Change Detection - Server Side Template Injection

A Server Side Template Injection in changedetection.io caused by usage of unsafe functions of Jinja2 allows Remote Command Execution on the server host. id: CVE-2024-32651 info: name: Change Detection - Server Side Template Injection author: edoardottt severity: critical description: | A Server...

10CVSS7.1AI score0.83722EPSS
Exploits5References4
NVD
NVD
added 5 days ago5 views

CVE-2026-57221

RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, RabbitMQ does not perform authorization checks on passive queue.declare and exchange.declare AMQP 0-9-1 operations, allowing any authenticated user who can connect to a virtual host to enumerate queue and...

5.3CVSS0.00271EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 5 days ago5 views

CVE-2026-15146

A flaw was found in Wget. When operating in FTP passive mode, Wget fails to validate the IP address provided in an FTP PASV response. A malicious FTP server, or an HTTP server that redirects to an FTP URL, can exploit this vulnerability to redirect Wget's data connection to an arbitrary IP addres...

5.9CVSS6.1AI score0.00121EPSS
Exploits0References5
Cvelist
Cvelist
added 5 days ago31 views

CVE-2026-57221 RabbitMQ: Passive queue/exchange declaration bypasses authorization checks, leaking queue metadata to unprivileged users

RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, RabbitMQ does not perform authorization checks on passive queue.declare and exchange.declare AMQP 0-9-1 operations, allowing any authenticated user who can connect to a virtual host to enumerate queue and...

5.3CVSS0.00271EPSS
Exploits1References6
OSV
OSV
added 5 days ago2 views

CVE-2026-57221 RabbitMQ: Passive queue/exchange declaration bypasses authorization checks, leaking queue metadata to unprivileged users

RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, RabbitMQ does not perform authorization checks on passive queue.declare and exchange.declare AMQP 0-9-1 operations, allowing any authenticated user who can connect to a virtual host to enumerate queue and...

5.3CVSS6.1AI score0.00271EPSS
Exploits1References8
CVE
CVE
added 5 days ago57 views

CVE-2026-57221

RabbitMQ vulnerability CVE-2026-57221 affects passive queue.declare and exchange.declare operations in AMQP 0-9-1. Prior to versions 3.13.15, 4.0.20, 4.1.11, and 4.2.6, authenticated users who can connect to a virtual host could enumerate queue and exchange names and read queue message and consum...

5.3CVSS6.1AI score0.00271EPSS
Exploits1References6Affected Software1
NVD
NVD
added 5 days ago8 views

CVE-2026-15146

GNU Wget does not validate the IP address provided by an FTP PASV response while operating in FTP passive mode. A malicious FTP server, or an HTTP server that redirects to an FTP URL, can exploit this behavior to redirect Wget’s data connection to an arbitrary IP address and port. This allows an...

5.9CVSS0.00121EPSS
Exploits0References3
Cvelist
Cvelist
added 5 days ago35 views

CVE-2026-15146 CVE-2026-15146

GNU Wget does not validate the IP address provided by an FTP PASV response while operating in FTP passive mode. A malicious FTP server, or an HTTP server that redirects to an FTP URL, can exploit this behavior to redirect Wget’s data connection to an arbitrary IP address and port. This allows an...

0.00121EPSS
Exploits0References2
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42980

GNU Wget does not validate the IP address provided by an FTP PASV response while operating in FTP passive mode. A malicious FTP server, or an HTTP server that redirects to an FTP URL, can exploit this behavior to redirect Wget’s data connection to an arbitrary IP address and port. This allows an...

5.9CVSS6.2AI score0.00121EPSS
Exploits0References2
CVE
CVE
added 5 days ago23 views

CVE-2026-15146

GNU Wget is vulnerable in FTP passive mode due to not validating the IP address in the PASV response, enabling potential SSRF to localhost/internal resources via a malicious FTP/redirected HTTP server. The issue is addressed in the 4f85853f... commit, which validates the PASV address against the ...

5.9CVSS6.2AI score0.00121EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 5 days ago8 views

PT-2026-57306

Name of the Vulnerable Software and Affected Versions RabbitMQ versions prior to 3.13.15 RabbitMQ versions prior to 4.0.20 RabbitMQ versions prior to 4.1.11 RabbitMQ versions prior to 4.2.6 Description RabbitMQ fails to perform authorization checks on passive queue.declare and exchange.declare AM...

5.3CVSS6.1AI score0.00271EPSS
Exploits1References10
EUVD
EUVD
added last week4 views

EUVD-2026-42317

Handshakes which used Encrypted Client Hello could be de-anonymized by a passive network observer due to a disclosure of pre-shared key identities in the unencrypted client hello...

5.3CVSS5.9AI score0.00413EPSS
Exploits0References4
Cvelist
Cvelist
added last week40 views

CVE-2026-42505 Invoking Encrypted Client Hello privacy leak in crypto/tls

Handshakes which used Encrypted Client Hello could be de-anonymized by a passive network observer due to a disclosure of pre-shared key identities in the unencrypted client hello...

0.00413EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.9 views

PT-2026-56479

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Handshakes using Encrypted Client Hello ECH, a mechanism designed to encrypt the initial handshake of a TLS connection to protect client privacy, could be...

5.3CVSS6.1AI score0.00413EPSS
Exploits0References28
CVE
CVE
added 2026/06/30 11:5 a.m.15 views

CVE-2026-57082

The CVE-2026-57082 issue affects Net::BitTorrent for Perl (up to version 2.0.1). The MSE handshake derives its 160-bit Diffie-Hellman private key from Perl’s rand(), a non-cryptographic PRNG seeded once per process, via KeyExchange.pm. As a result, the shared secret and the RC4 keys (SHA-1("keyA"...

5.9CVSS5.8AI score0.00152EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/30 11:5 a.m.7 views

EUVD-2026-40291

Net::BitTorrent versions through 2.0.1 for Perl generate the MSE Diffie-Hellman private key with a non-cryptographic PRNG. The MSE Message Stream Encryption handshake derives its 160-bit Diffie-Hellman private key from Perl's rand, a non-cryptographic drand48-class generator seeded once per...

5.9CVSS5.8AI score0.00152EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/30 11:5 a.m.6 views

CVE-2026-57082

Net::BitTorrent versions through 2.0.1 for Perl generate the MSE Diffie-Hellman private key with a non-cryptographic PRNG. The MSE Message Stream Encryption handshake derives its 160-bit Diffie-Hellman private key from Perl's rand, a non-cryptographic drand48-class generator seeded once per...

5.9CVSS5.8AI score0.00152EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/30 11:5 a.m.33 views

CVE-2026-57082 Net::BitTorrent versions through 2.0.1 for Perl generate the MSE Diffie-Hellman private key with a non-cryptographic PRNG

Net::BitTorrent versions through 2.0.1 for Perl generate the MSE Diffie-Hellman private key with a non-cryptographic PRNG. The MSE Message Stream Encryption handshake derives its 160-bit Diffie-Hellman private key from Perl's rand, a non-cryptographic drand48-class generator seeded once per...

0.00152EPSS
Exploits0References1
Nuclei
Nuclei
added 2026/06/25 1:31 a.m.19 views

VMware vCenter Server - Out-of-Bounds Write

vCenter Server contains an out-of-bounds write caused by a vulnerability in the DCERPC protocol implementation. A malicious actor with network access can trigger remote code execution on vCenter Server. id: CVE-2023-34048 info: name: VMware vCenter Server - Out-of-Bounds Write author: ritikchaddh...

9.8CVSS8.1AI score0.99428EPSS
Exploits1References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.7 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftct: Added an seqadj extension for natted connections. Sequence adjustment may be required for FTP traffic with PASV/EPSV modes. This is due to the need to rewrite the packet payload IP, port on the ftp control...

5.9AI score0.00173EPSS
Exploits0References2
Rows per page
Query Builder