Lucene search
K

6 matches found

OSV
OSV
added 2026/04/14 8:1 p.m.5 views

GHSA-6QVV-PJ99-48QM @adonisjs/http-server has an Open Redirect vulnerability

Impact The response.redirect.back method in @adonisjs/http-server is vulnerable to open redirects. The method reads the Referer header from the incoming HTTP request and redirects to that URL without validating the host. An attacker who can influence the Referer header for example, by linking a...

6.1CVSS5.7AI score0.00248EPSS
Exploits0References6
OSV
OSV
added 2026/03/25 11:40 p.m.3 views

CVE-2026-33933 Reflected XSS via Unescaped contextName Parameter in Custom Template Editor

OpenEMR is a free and open source electronic health records and medical practice management application. Starting in version 7.0.2.1 and prior to version 8.0.0.3, a reflected cross-site scripting XSS vulnerability in the custom template editor allows an attacker to execute arbitrary JavaScript in...

6.1CVSS6AI score0.00271EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/03/24 6:18 p.m.21 views

CVE-2026-33498 Parse Server: Query condition depth bypass via pre-validation transform pipeline

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.55 and 9.6.0-alpha.44, an attacker can send an unauthenticated HTTP request with a deeply nested query containing logical operators to permanently hang the Parse Server...

8.7CVSS0.00452EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/03/11 9:11 p.m.13 views

.NET Denial of Service Vulnerability

Microsoft Security Advisory CVE-2026-26130 – .NET Denial of Service Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 8.0, .NET 9.0, and .NET 10.0. This advisory also provides guidance on what developers can do to...

7.5CVSS6AI score0.02818EPSS
Exploits0References5Affected Software12
OSV
OSV
added 2025/11/29 3:6 a.m.10 views

CVE-2025-66289 OrangeHRM is Vulnerable to Persistent Session Access Due to Missing Invalidation After User Disable and Password Change

OrangeHRM is a comprehensive human resource management HRM system. From version 5.0 to 5.7, the application does not invalidate existing sessions when a user is disabled or when a password change occurs, allowing active session cookies to remain valid indefinitely. As a result, a disabled user, o...

8.7CVSS7AI score0.00241EPSS
Exploits0References3
NVD
NVD
added 2025/11/26 11:15 p.m.10 views

CVE-2025-64333

Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. Prior to versions 7.0.13 and 8.0.2, a large HTTP content type, when logged can cause a stack overflow crashing Suricata. This issue has been patched in versions...

7.5CVSS0.00278EPSS
Exploits0References1
Rows per page
Query Builder