Lucene search
K

2103 matches found

Github Security Blog
Github Security Blog
added 2026/06/19 9:16 p.m.11 views

Mailpit: Incomplete SSRF protection in Link Check API via IPv6 transition mechanisms

Summary The remediation shipped in mailpit v1.29.2 for GHSA-mpf7-p9x7-96r3 CVE-2026-27808 is incomplete. The tools.IsInternalIP deny-list relies on Go's stdlib classification helpers IsLoopback, IsPrivate, IsLinkLocalUnicast, IsLinkLocalMulticast, IsUnspecified, IsMulticast plus an inline CGNAT...

5.8CVSS6AI score
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/19 6:32 p.m.21 views

CVE-2026-12238

The WP Go Maps WordPress plugin (up to version 10.1.01) is vulnerable to an authorization bypass that allows unauthenticated attackers to create arbitrary records in plugin tables (maps, markers, circles, polygons, polylines, rectangles, and point labels) by supplying a WPGMZA-namespaced CRUD-bac...

5.3CVSS6AI score0.00205EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.14 views

PT-2026-51096

Name of the Vulnerable Software and Affected Versions Mailpit versions prior to 1.30.2 Description An incomplete Server-Side Request Forgery SSRF protection exists in the Link Check API. The tools.IsInternalIP deny-list in internal/tools/net.go fails to block certain IPv6 transition mechanisms an...

5.8CVSS6.1AI score
Exploits0References7
OSV
OSV
added 2026/06/18 9:28 p.m.7 views

MGASA-2026-0226 Updated ruby-rack packages fix security vulnerabilities

CVE-2026-26961 Greedy multipart boundary parsing can cause parser differentials and WAF bypass. Forwarded header semicolon injection enables Host and Scheme spoofing. CVE-2026-34230 Quadratic complexity in Rack::Utils.selectbestencoding via wildcard Accept-Encoding header. CVE-2026-34763 Root...

7.5CVSS5.2AI score0.00475EPSS
Exploits2References14
OSV
OSV
added 2026/06/17 8:36 a.m.4 views

SUSE-SU-2026:22145-1 Security update for openvswitch

This update for openvswitch fixes the following issues - CVE-2026-5265: heap over-read in ICMP error response generation bsc1262498. - CVE-2026-5367: heap over-read in OVN DHCPv6 client ID processing bsc1262499. - CVE-2026-34956: Invalid memory access in conntrack FTP alg bsc1261273. Changes for...

8.6CVSS6.1AI score0.00868EPSS
Exploits0References7
OSV
OSV
added 2026/06/16 2:45 p.m.5 views

USN-8434-1 nova vulnerability

It was discovered that Nova did not strip internal nova-prefixed scheduler hints supplied by users on instance creation. An attacker could possibly use this issue to bypass Placement resource claims and scheduling constraint enforcement...

8.5CVSS5.4AI score0.00272EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2026/06/16 2:19 a.m.11 views

SUSE CVE-2026-49982

tmp is a temporary file and directory creator for node.js. In version 0.2.6, the assertPath guard added to tmp rejects only string values that contain the substring ... It is bypassed when prefix, postfix, or template is supplied as a non-string value Array, Buffer, or any object whose includes'....

8.2CVSS5.3AI score0.00496EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.13 views

PT-2026-49733

Name of the Vulnerable Software and Affected Versions serve-static affected versions not specified Description On Windows hosts, an encoded backslash %5C in the request path decodes to , which the Windows path resolver treats as a separator. Because the router splits paths only on /, a request su...

5.9CVSS5.8AI score0.00292EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.19 views

PT-2026-50078

Name of the Vulnerable Software and Affected Versions LangGraph Python SDK versions prior to 0.3.15 Description Unsafe URL path construction occurs due to unsanitized caller-supplied identifier values used in HTTP request paths for resource operations. Identifiers containing characters with speci...

4.2CVSS5.9AI score0.00216EPSS
Exploits0References6
OSV
OSV
added 2026/06/15 4:36 p.m.7 views

GHSA-7C78-JF6Q-G5CM tmp: Type-confusion bypass of _assertPath allows path traversal via non-string prefix/postfix/template

Summary The assertPath guard added to [email protected] rejects only string values that contain the substring ... It is bypassed when prefix, postfix, or template is supplied as a non-string value Array, Buffer, or any object whose includes'..' returns falsy but whose stringification still contains ../...

8.2CVSS5.6AI score0.00496EPSS
Exploits1References3
Snyk
Snyk
added 2026/06/15 3:16 p.m.8 views

Modification of Assumed-Immutable Data

Overview @angular/core is a package that lets you write client-side web applications as if you had a smarter browser. It also lets you use HTML as your template language and lets you extend HTML’s syntax to express your application’s components clearly and succinctly. Affected versions of this...

8.6CVSS6.1AI score0.00179EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/13 12:34 a.m.11 views

EUVD-2026-36627

OpenClaw before 2026.5.7 contains a hostname validation vulnerability in retry endpoint checks that allows matching hostname prefixes instead of exact hostnames. Attackers can exploit this by crafting a hostname prefix resembling a trusted host to send authentication material to untrusted endpoin...

6.5CVSS5.3AI score0.00265EPSS
Exploits0References3
NVD
NVD
added 2026/06/12 10:16 p.m.16 views

CVE-2026-53839

OpenClaw before 2026.5.7 contains a hostname validation vulnerability in retry endpoint checks that allows matching hostname prefixes instead of exact hostnames. Attackers can exploit this by crafting a hostname prefix resembling a trusted host to send authentication material to untrusted endpoin...

6.5CVSS0.00265EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/12 9:57 p.m.9 views

CVE-2026-53839 OpenClaw < 2026.5.7 - Hostname Prefix Matching Bypass in Trusted Retry Endpoint Validation

OpenClaw before 2026.5.7 contains a hostname validation vulnerability in retry endpoint checks that allows matching hostname prefixes instead of exact hostnames. Attackers can exploit this by crafting a hostname prefix resembling a trusted host to send authentication material to untrusted endpoin...

6.5CVSS5.3AI score0.00265EPSS
Exploits0References2
CVE
CVE
added 2026/06/12 9:57 p.m.22 views

CVE-2026-53839

OpenClaw before 2026.5.7 has a hostname validation flaw in the retry endpoint checks that allows matching hostname prefixes instead of exact hostnames. This can enable an attacker to craft a hostname prefix that resembles a trusted host, potentially causing authentication material to be sent to u...

6.5CVSS5.3AI score0.00265EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/12 9:57 p.m.34 views

CVE-2026-53839 OpenClaw < 2026.5.7 - Hostname Prefix Matching Bypass in Trusted Retry Endpoint Validation

OpenClaw before 2026.5.7 contains a hostname validation vulnerability in retry endpoint checks that allows matching hostname prefixes instead of exact hostnames. Attackers can exploit this by crafting a hostname prefix resembling a trusted host to send authentication material to untrusted endpoin...

6.5CVSS0.00265EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/12 9:3 p.m.16 views

CVE-2026-53519 Nezha Monitoring: Pre-auth path traversal via /dashboard.. prefix confusion leaks jwt_secret_key

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. Prior to version 2.0.13, fallbackToFrontend in the dashboard's NoRoute handler treats any URL whose raw string starts with /dashboard as an admin-frontend asset request. The check uses strings.HasPrefi...

9.1CVSS5.2AI score0.00451EPSS
Exploits1References1
CVE
CVE
added 2026/06/12 9:3 p.m.258 views

CVE-2026-53519

Nezha Monitoring prior to v2.0.13 is affected by a path-traversal in the dashboard NoRoute handler. The code uses strings.HasPrefix on URLs that start with /dashboard, so an input like /dashboard../data/config.yaml is accepted; trimming the prefix yields ../data/config.yaml and path.Join("admin-d...

9.1CVSS5.3AI score0.00451EPSS
Exploits1References1
OSV
OSV
added 2026/06/12 9:0 p.m.14 views

GHSA-5WW9-JG6Q-38R7 File Browser: Cross-user unauthorized share-link deletion via unbounded prefix match in DeleteWithPathPrefix

Summary A low-privileged authenticated user of filebrowser with create + delete permissions in their own isolated scope can silently destroy share-link records belonging to any other user — including the administrator — by performing a legitimate DELETE on a file in their own directory whose...

7.2CVSS5.5AI score0.00411EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/06/12 9:0 p.m.15 views

File Browser: Cross-user unauthorized share-link deletion via unbounded prefix match in DeleteWithPathPrefix

Summary A low-privileged authenticated user of filebrowser with create + delete permissions in their own isolated scope can silently destroy share-link records belonging to any other user — including the administrator — by performing a legitimate DELETE on a file in their own directory whose...

7.2CVSS5.5AI score0.00411EPSS
Exploits0References4Affected Software2
Rows per page
Query Builder