Lucene search
+L

74 matches found

Cvelist
Cvelist
added 3 days ago35 views

CVE-2026-46341 Apify MCP server: Domain Allowlist Bypass in fetch-apify-docs via String Prefix Matching

The Apify MCP server enables AI agents to extract data from websites using ready-made scrapers, crawlers, and automation tools available on the Apify Store. Prior to 0.9.21, the fetch-apify-docs tool in src/tools/common/fetchapifydocs.ts validates allowlisted documentation domains with...

6.1CVSS0.00194EPSS
Exploits0References4
CVE
CVE
added 3 days ago27 views

CVE-2026-46341

CVE-2026-46341 affects Apify MCP Server prior to v0.9.21, where fetch-apify-docs.ts validates allowed domains with a startsWith() check instead of proper hostname comparison, enabling attacker-controlled subdomains (e.g., https://docs.apify.com.evil.com/ or https://[email protected]/) to pa...

6.1CVSS6.2AI score0.00194EPSS
Exploits0References4
OSV
OSV
added 3 days ago7 views

CVE-2026-46341 Apify MCP server: Domain Allowlist Bypass in fetch-apify-docs via String Prefix Matching

The Apify MCP server enables AI agents to extract data from websites using ready-made scrapers, crawlers, and automation tools available on the Apify Store. Prior to 0.9.21, the fetch-apify-docs tool in src/tools/common/fetchapifydocs.ts validates allowlisted documentation domains with...

6.1CVSS6.2AI score0.00194EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/07/03 12:56 p.m.10 views

CVE-2026-56015

Net::IP::LPM versions through 1.10 for Perl allow a heap out-of-bounds read via an unbounded prefix length. add passes the prefix string to the trie builder addPrefixToTrie without checking it against the address width. addPrefixToTrie then walks the prefix buffer by prefixlength bits, reading...

6AI score0.00537EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2026/06/23 5:55 p.m.11 views

CVE-2026-45692

Caddy is an extensible server platform that uses TLS by default. From 2.4.0 until 2.11.3, the authorization layer and the /config traversal layer do not agree on what object the path refers to. In this case, a path authorized for one config object is accepted, but then resolves to a different...

5.4CVSS5.9AI score0.00144EPSS
Exploits1
OSV
OSV
added 2026/06/16 2:37 p.m.7 views

GHSA-529G-XQ4F-CW38 @astrojs/netlify broadens Astro image.remotePatterns in Netlify Image CDN config

Summary @astrojs/netlify converts Astro image.remotePatterns into Netlify Image CDN images.remoteimages regular expressions with broader semantics than Astro's canonical matcher. A single wildcard hostname such as .example.com is converted to an optional subdomain regex, so the apex host matches....

5.3CVSS5.6AI score0.00187EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/13 12:34 a.m.13 views

EUVD-2026-36627

OpenClaw before 2026.5.7 contains a hostname validation vulnerability in retry endpoint checks that allows matching hostname prefixes instead of exact hostnames. Attackers can exploit this by crafting a hostname prefix resembling a trusted host to send authentication material to untrusted endpoin...

6.5CVSS5.3AI score0.00265EPSS
Exploits0References3
NVD
NVD
added 2026/06/12 10:16 p.m.16 views

CVE-2026-53839

OpenClaw before 2026.5.7 contains a hostname validation vulnerability in retry endpoint checks that allows matching hostname prefixes instead of exact hostnames. Attackers can exploit this by crafting a hostname prefix resembling a trusted host to send authentication material to untrusted endpoin...

6.5CVSS0.00265EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/12 9:57 p.m.9 views

CVE-2026-53839 OpenClaw < 2026.5.7 - Hostname Prefix Matching Bypass in Trusted Retry Endpoint Validation

OpenClaw before 2026.5.7 contains a hostname validation vulnerability in retry endpoint checks that allows matching hostname prefixes instead of exact hostnames. Attackers can exploit this by crafting a hostname prefix resembling a trusted host to send authentication material to untrusted endpoin...

6.5CVSS5.3AI score0.00265EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.23 views

PT-2026-49064

Name of the Vulnerable Software and Affected Versions File Browser versions prior to 2.63.6 Description Public share handlers rebase the share owner's filesystem root to the shared directory and evaluate descendant paths against global and per-user rules using the rebased relative path instead of...

7.5CVSS5.9AI score0.00471EPSS
Exploits0References6
OSV
OSV
added 2026/05/19 7:36 p.m.14 views

GHSA-GX7W-56W6-G48X Caddy: Remote Admin Authorization Bypass on PKI Endpoints via Prefix-Based Path Matching

AI Disclosure I used an LLM to help review the source code, reason about attack surface, and help draft and refine this report. I manually validated the finding by reproducing it locally, confirming the vulnerable code path, and verifying the HTTP behavior with curl -v. Summary Caddy's remote adm...

4.3CVSS5.8AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.14 views

PT-2026-41964

Name of the Vulnerable Software and Affected Versions Caddy versions 2.4.0 through 2.11.2 Description An authorization-to-object mismatch exists in the remote admin functionality. The authorization layer uses string prefix matching, while the /config traversal layer parses array indices numerical...

5.4CVSS5.9AI score0.00144EPSS
Exploits1References12
Snyk
Snyk
added 2026/05/18 9:45 a.m.6 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the group subscription process. An attacker can gain unauthorized access to groups that were not intended to be accessible by creating groups with prefixes matching those of whitelisted groups. Remediation A...

5.3CVSS5.8AI score0.00152EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/18 7:0 a.m.9 views

CVE-2026-6342 Group prefix matching bypass for subscriptions

Mattermost Plugins versions =11.5 11.1.5 10.13.11 11.3.4.0 fail to appropriately check for valid namespaces which allows plugin users to create subscriptions to groups that were not whitelisted via creating groups that share the same prefix as a whitelisted group. Mattermost Advisory ID:...

4.3CVSS5.8AI score0.00152EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.13 views

PT-2026-41647

Mattermost Plugins versions =11.5 11.1.5 10.13.11 11.3.4.0 fail to appropriately check for valid namespaces which allows plugin users to create subscriptions to groups that were not whitelisted via creating groups that share the same prefix as a whitelisted group. Mattermost Advisory ID:...

4.3CVSS5.8AI score0.00152EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/02 6:44 p.m.6 views

Rack::Static prefix matching can expose unintended files under the static root

Summary Rack::Static determines whether a request should be served as a static file using a simple string prefix check. When configured with URL prefixes such as "/css", it matches any request path that begins with that string, including unrelated paths such as "/css-config.env" or...

7.5CVSS5.9AI score0.00387EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/04/02 5:16 p.m.5 views

CVE-2026-34785

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Static determines whether a request should be served as a static file using a simple string prefix check. When configured with URL prefixes such as "/css", it matches any request path that begins with...

7.5CVSS0.00387EPSS
Exploits0References4
CVE
CVE
added 2026/04/02 4:44 p.m.22 views

CVE-2026-34785

CVE-2026-34785 affects Rack (modular Ruby web server interface). Vulnerable component: Rack::Static. Issue: a simplistic string-prefix check for URL prefixes (e.g., "/css") causes matches on paths starting with that string, potentially serving files under the static root whose names merely share ...

7.5CVSS5.7AI score0.00387EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/02 4:44 p.m.3 views

CVE-2026-34785 Rack: Local file inclusion in `Rack::Static` via URL Prefix Matching

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Static determines whether a request should be served as a static file using a simple string prefix check. When configured with URL prefixes such as "/css", it matches any request path that begins with...

7.5CVSS5.7AI score0.00387EPSS
Exploits0References1
OSV
OSV
added 2026/04/02 4:44 p.m.2 views

CVE-2026-34785 Rack: Local file inclusion in `Rack::Static` via URL Prefix Matching

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Static determines whether a request should be served as a static file using a simple string prefix check. When configured with URL prefixes such as "/css", it matches any request path that begins with...

7.5CVSS6.9AI score0.00387EPSS
Exploits0References6
Rows per page
Query Builder