Lucene search
K

194 matches found

OSV
OSV
added 2026/07/02 8:4 p.m.3 views

CVE-2026-58467 Cockpit CMS 2.14.0 - Path Traversal Local File Inclusion via index.php

Cockpit CMS through 2.14.0 contains a path traversal and local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files or execute PHP files by including unvalidated PATHINFO derived from REQUESTURI in filesystem path construction without containment checks...

8.2CVSS6.2AI score0.00406EPSS
Exploits0References5
CVE
CVE
added 2026/07/02 8:4 p.m.24 views

CVE-2026-58467

Cockpit CMS prior to release 364 is affected by a path traversal and local file inclusion vulnerability. Unauthenticated attackers can craft a request (via the URL’s PATH_INFO in REQUEST_URI) to reach arbitrary files; if the resolved path ends with .php, it may be passed to include(), enabling lo...

8.2CVSS6.1AI score0.00406EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 3:33 a.m.12 views

CVE-2026-7828

UltraVNC repeater up to version 1.8.2.2 contains an integer overflow in the HTTP request logging path. In repeater/webgui/settings.c:336, win_log() allocates memory with malloc(sizeof(struct LIST) + strlen(line)); if strlen(line) is large, the size overflows to a value smaller than sizeof(struct ...

5.3CVSS6.2AI score0.01057EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/07/01 3:33 a.m.8 views

CVE-2026-7828 UltraVNC repeater integer overflow in win_log malloc leading to heap overflow

UltraVNC repeater through 1.8.2.2 contains an integer overflow in the HTTP request logging path. In repeater/webgui/settings.c:336, the winlog function allocates list nodes via mallocsizeofstruct LIST + strlenline, where line is derived from HTTP request URIs. If strlenline is sufficiently large,...

5.3CVSS6.2AI score0.01057EPSS
Exploits0References3
OSV
OSV
added 2026/06/30 6:40 p.m.4 views

GHSA-9C54-X2G4-V92J Sigstore Timestamp Authority has OOM due to unbounded metric label cardinality

Impact An unauthenticated remote attacker can trigger unbounded memory growth on the timestamp authority server. This vulnerability exists because the global wrapMetrics middleware records the raw HTTP request path r.URL.Path and raw HTTP request method r.Method as Prometheus labels for latency a...

5.9CVSS6AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/29 4:50 a.m.15 views

CVE-2026-54282

A flaw was found in Starlette, a lightweight Asynchronous Server Gateway Interface ASGI framework. Prior to version 1.3.0, the HTTP request path was not properly validated when reconstructing the request.url. A remote attacker could craft a malicious HTTP request path that does not begin with a...

5.3CVSS5.8AI score0.00187EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/25 6:47 p.m.7 views

keycloak-policy-enforcer: Keycloak Policy Enforcer: Authorization bypass via incorrect URI comparison

A flaw was found in Keycloak Policy Enforcer. This vulnerability allows any authenticated user to bypass all authorization policies, including role, scope, and User-Managed Access UMA permission checks. By including the configured access-denied page path within a request URL, either as a path...

8.1CVSS5.7AI score0.00301EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/25 4:16 p.m.37 views

CVE-2026-9800 Keycloak-policy-enforcer: keycloak policy enforcer: authorization bypass via incorrect uri comparison

A flaw was found in Keycloak Policy Enforcer. This vulnerability allows any authenticated user to bypass all authorization policies, including role, scope, and User-Managed Access UMA permission checks. By including the configured access-denied page path within a request URL, either as a path...

8.1CVSS0.00301EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.14 views

Splunk SOAR 安全漏洞

Splunk SOAR is a security orchestration, automation, and response platform provided by Splunk Inc. Versions of Splunk SOAR prior to 8.5.0 contained a security vulnerability. This vulnerability stemmed from SOAR failing to strip control characters from the HTTP request path before writing...

4.3CVSS5.3AI score0.00199EPSS
Exploits0References1
OSV
OSV
added 2026/06/09 11:47 p.m.3 views

CVE-2026-41008 Spring Security Authorization Server Open Redirect via request_uri

Spring Security Authorization Server's authorization endpoint performs insufficient validation of the requesturi parameter. An attacker can craft a malicious authorization request containing an invalid requesturi and an arbitrary, unvalidated redirecturi, which can lead to an Open Redirect...

6.1CVSS6AI score0.00172EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/09 12:0 a.m.34 views

CVE-2026-39170

SemCms 5.0 is vulnerable to Cross Site Request Forgery CSRF via crafted POST request to /admin/semcmsuser.php...

0.00107EPSS
Exploits0References1
OSV
OSV
added 2026/06/05 3:27 p.m.8 views

GHSA-W342-MJ6G-V9C4 Klever-Go KVM: Hash-array amplification in P2P resolver request handling

Summary A connected peer can send a compressed RequestDataTypeHashArrayType direct request that is only 442 bytes on the wire but expands into 200000 decoded hash entries inside the resolver path. On klever-go v1.7.17, this allows remote memory and CPU amplification against nodes that accept P2P...

7.5CVSS5.5AI score0.0005EPSS
Exploits0References3
NVD
NVD
added 2026/05/28 1:16 p.m.21 views

CVE-2026-9658

Plack::Middleware::Security::Common versions before 0.13.1 for Perl did not block header injections in request paths. The header injection rule was ineffective at blocking header injections in the request paths unless they were double-encoded, for example, GET /path\r\nHTTP/1.1\r\nHost:...

7.3CVSS0.00226EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/28 11:36 a.m.16 views

CVE-2026-9658 Plack::Middleware::Security::Common versions before 0.13.1 for Perl did not block header injections in request paths

Plack::Middleware::Security::Common versions before 0.13.1 for Perl did not block header injections in request paths. The header injection rule was ineffective at blocking header injections in the request paths unless they were double-encoded, for example, GET /path\r\nHTTP/1.1\r\nHost:...

5.8AI score0.00226EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.9 views

Heimdall 安全漏洞

Heimdall is an open-source application panel and launcher developed by LinuxServer.io. Versions of Heimdall prior to 0.17.14 contained security vulnerabilities. These vulnerabilities stemmed from the use of the original request path for rule matching. Downstream components might normalize the que...

7.8CVSS5.8AI score0.00368EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2026/05/07 8:2 a.m.13 views

CoreDNS DoH GET path missing size validation causes CPU and memory amplification

...

8.7CVSS5.8AI score0.00672EPSS
Exploits1
OSV
OSV
added 2026/04/28 10:43 p.m.7 views

GHSA-63CW-R7XF-JMWR CoreDNS DoH GET oversized dns= query parameter causes pre-validation CPU and memory amplification

Summary CoreDNS's DNS-over-HTTPS DoH GET path accepts oversized dns= query values and performs substantial request parsing, query unescaping, base64 decoding, and message unpacking work before returning 400 Bad Request. A remote, unauthenticated attacker can repeatedly send oversized DoH GET...

8.7CVSS5.6AI score0.00672EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/04/27 12:0 a.m.11 views

SourceCodester Pharmacy Sales and Inventory System 注入漏洞

SourceCodester Pharmacy Sales and Inventory System is an open-source medication sales and inventory management system developed by SourceCodester. Version 1.0 of the SourceCodester Pharmacy Sales and Inventory System has a SQL injection vulnerability, which stems from the handling of parameter ID...

7.5CVSS7.2AI score0.00254EPSS
Exploits0References1
OSV
OSV
added 2026/04/21 7:21 p.m.3 views

CVE-2026-40878 mailcow-dockerized Login Page has Reflected Parameter Injection / Wrong-Context XSS Escaping

mailcow: dockerized is an open source groupware/email suite based on docker. In versions prior to 2026-03b, the mailcow web interface passes the raw $SERVER'REQUESTURI' to Twig as a global template variable and renders it inside a JavaScript string literal in the setLang helper of base.twig,...

2.1CVSS6AI score0.00805EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.11 views

mailcow: dockerized 跨站脚本漏洞

mailcow: dockerized is a Dockerized version of the mailcow open-source application. Versions before 2026-03b of mailcow had a cross-site scripting vulnerability. This vulnerability stemmed from the Web interface passing the original $SERVERREQUESTURI as a global template variable to Twig, and...

2.1CVSS5.6AI score0.00805EPSS
Exploits0References2
Rows per page
Query Builder