Lucene search
+L

1157 matches found

ATTACKERKB
ATTACKERKB
added 2026/07/06 3:0 a.m.7 views

CVE-2026-14792

A security vulnerability has been detected in Formbricks 5.0.0. This impacts an unknown function of the file apps/web/modules/survey/link/actions.ts of the component Survey Handler. The manipulation leads to improper access controls. Remote exploitation of the attack is possible. Upgrading to...

6.9CVSS6.1AI score0.00366EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.10 views

PT-2026-55855

Name of the Vulnerable Software and Affected Versions Formbricks version 5.0.0 Description Improper access controls exist within the Survey Handler component, specifically affecting a function in the apps/web/modules/survey/link/actions.ts file. This flaw allows for remote exploitation...

6.9CVSS6.7AI score0.00366EPSS
Exploits0References12
OSV
OSV
added 2026/07/02 11:0 a.m.3 views

CGA-FV49-J265-MMRC

Bulletin has no description...

5.7AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/02 12:0 a.m.10 views

Malicious code in @marketfront/bannerpopup (npm)

The @marketfront/bannerpopup package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0 and use...

6AI score
Exploits0References2
OSV
OSV
added 2026/07/02 12:0 a.m.8 views

MAL-2026-6768 Malicious code in @marketfront/blenderdevtool (npm)

The @marketfront/blenderdevtool package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0 and use...

6AI score
Exploits0References2
NVD
NVD
added 2026/06/30 2:16 p.m.8 views

CVE-2026-14178

openGauss 在处理带 NLS 参数的 totimestamp 调用时,totimestampwithfmtnls 会将 nlsfmtstr 保存到 usess-parsercxt.nlsfmtstr。在 seqscan + sort 执行路径下,该字符串原本被分配在 SeqScan 的表达式上下文中;当 SeqScan 完成后,该内存上下文会被 reset,但后续结果输出阶段 timestampout 仍会通过 CheckNlsFormat 访问 usess-parsercxt.nlsfmtstr,导致访问已释放内存。攻击者在具备数据库 SQL 执行权限的情况下,可构造特定...

5.9CVSS0.00351EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.7 views

FreeBSD : rclone -- Unauthenticated command execution in `rclone rcd --rc-serve` via inline remote instantiation (0f3342e3-73ba-11f1-910d-3c7c3fba4204)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 0f3342e3-73ba-11f1-910d-3c7c3fba4204 advisory. https://github.com/rclone/rclone/security/advisories/GHSA-qw24-gh76-8rvv reports: Rclone is a...

9.8CVSS5.9AI score0.00701EPSS
Exploits0References4
Fedora
Fedora
added 2026/06/27 1:12 a.m.7 views

[SECURITY] Fedora 44 Update: nginx-mod-brotli-1.0.0~rc-11.fc44

NGINX module for Brotli compression...

9.2CVSS7AI score0.03552EPSS
Exploits4
Snyk
Snyk
added 2026/06/24 9:17 p.m.6 views

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation via the ENABLEREVERSEPROXYAUTHENTICATION process. An attacker can impersonate any user or trigger automatic account creation by forging the configured authentication header in client requests. This is only exploitable...

8.7CVSS6AI score0.00864EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/24 9:17 p.m.6 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the webhook delivery process. An attacker can access internal network resources by supplying a webhook URL that follows redirects to hostnames within restricted local address ranges. Remediation Upgra...

8.8CVSS7.2AI score0.00402EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/24 9:16 p.m.3 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the repository migration process. An attacker can access internal resources and exfiltrate sensitive repository contents by submitting a crafted URL that redirects to an internal endpoint during...

8.7CVSS6AI score0.00384EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/24 9:16 p.m.5 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the repository migration process. An attacker can access internal resources and exfiltrate sensitive repository contents by submitting a crafted URL that redirects to an internal endpoint during...

8.7CVSS6AI score0.00384EPSS
Exploits0References2
OSV
OSV
added 2026/06/24 9:16 p.m.4 views

UBUNTU-CVE-2026-11998

A flaw in AngularJS' Strict Contextual Escaping SCE logic allows bypassing certain SCE policies for resource URLs and can lead to arbitrary JavaScript execution within the context of the victim's browser session. SCE's purpose is to ensure that only trusted or safe values are used in certain...

7.6CVSS6AI score0.00338EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/24 8:29 p.m.5 views

CVE-2026-11998

A flaw in AngularJS' Strict Contextual Escaping SCE logic allows bypassing certain SCE policies for resource URLs and can lead to arbitrary JavaScript execution within the context of the victim's browser session. SCE's purpose is to ensure that only trusted or safe values are used in certain...

7.6CVSS6.1AI score0.00338EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/24 8:29 p.m.7 views

CVE-2026-11998 AngularJS XSS via SCE resource URL sanitization bypass

A flaw in AngularJS' Strict Contextual Escaping SCE logic allows bypassing certain SCE policies for resource URLs and can lead to arbitrary JavaScript execution within the context of the victim's browser session. SCE's purpose is to ensure that only trusted or safe values are used in certain...

7.6CVSS6.1AI score0.00338EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/24 8:29 p.m.13 views

EUVD-2026-39080

A flaw in AngularJS' Strict Contextual Escaping SCE logic allows bypassing certain SCE policies for resource URLs and can lead to arbitrary JavaScript execution within the context of the victim's browser session. SCE's purpose is to ensure that only trusted or safe values are used in certain...

7.6CVSS6.1AI score0.00338EPSS
Exploits0References2
NVD
NVD
added 2026/06/24 7:17 p.m.12 views

CVE-2026-49980

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. From 1.46.0 until 1.74.3, rclone rcd --rc-serve accepts unauthenticated GET and HEAD requests to paths of the form: /remote:path/object. The remote value is parsed from the URL and passed...

9.8CVSS0.00701EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/24 5:52 p.m.6 views

CVE-2026-49980

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. From 1.46.0 until 1.74.3, rclone rcd --rc-serve accepts unauthenticated GET and HEAD requests to paths of the form: /remote:path/object. The remote value is parsed from the URL and passed...

9.8CVSS6AI score0.00701EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/24 5:52 p.m.39 views

CVE-2026-49980 Rclone: Unauthenticated command execution in `rclone rcd --rc-serve` via inline remote instantiation, bypassing CVE-2026-41179 fix

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. From 1.46.0 until 1.74.3, rclone rcd --rc-serve accepts unauthenticated GET and HEAD requests to paths of the form: /remote:path/object. The remote value is parsed from the URL and passed...

9.8CVSS0.00701EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/24 5:52 p.m.12 views

CVE-2026-49980 Rclone: Unauthenticated command execution in `rclone rcd --rc-serve` via inline remote instantiation, bypassing CVE-2026-41179 fix

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. From 1.46.0 until 1.74.3, rclone rcd --rc-serve accepts unauthenticated GET and HEAD requests to paths of the form: /remote:path/object. The remote value is parsed from the URL and passed...

9.8CVSS6AI score0.00701EPSS
Exploits0References1
Rows per page
Query Builder