Lucene search
K

406 matches found

EUVD
EUVD
added 2026/06/26 7:41 p.m.8 views

EUVD-2026-39855

In the Linux kernel, the following vulnerability has been resolved: nilfs2: reject zero bdoblocknr in nilfsioctlmarkblocksdirty nilfsioctlmarkblocksdirty uses bdoblocknr to detect dead blocks by comparing it with the current block number bdblocknr. If they differ, the block is considered dead and...

5.8AI score0.00121EPSS
Exploits0References8
NVD
NVD
added 2026/06/23 6:18 p.m.12 views

CVE-2026-54006

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, POST /api/v1/calendars/events/eventid/update validates that the caller has write access to the calendar the event currently belongs to, but does not validate the destination calendar...

4.3CVSS0.00179EPSS
Exploits1References1
CVE
CVE
added 2026/06/18 9:18 p.m.23 views

CVE-2026-8100

CVE-2026-8100 affects Chef 360. The issue arises from improper handling of URL-encoded paths during request processing, allowing an authenticated request to bypass standard access controls and access higher-privilege API endpoints under certain conditions. Impact is deployment/configuration depen...

9.4CVSS5.2AI score0.00401EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.17 views

PT-2026-50803

Name of the Vulnerable Software and Affected Versions Chef 360 versions prior to 1.7.1 Description Improper handling of URL-encoded paths during request processing can allow unauthorized access to protected API endpoints. An authenticated request may bypass standard access controls to gain...

9.4CVSS5.9AI score0.00401EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2026/06/10 12:0 a.m.2 views

The vulnerability in the built-in reverse proxy server of the Go programming language allows a hacker to perform an SSRF attack.

The vulnerability of the built-in reverse proxy server in the Go programming language is related to insufficient checking of requests on the server side. Exploiting this vulnerability allows a remote attacker to perform an SSRF attack...

5.3CVSS5.8AI score0.0039EPSS
Exploits0References6Affected Software2
Snyk
Snyk
added 2026/06/04 2:21 p.m.10 views

Allocation of Resources Without Limits or Throttling

Overview axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the fetch adapter when finite size limits are configured but not enforced. An attacker can exhaust server resource...

7.5CVSS5.5AI score0.0063EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.9 views

Typebot 安全漏洞

Typebot is an open-source chat bot builder developed by Baptiste Arnaud. Versions of Typebot 3.15.2 and earlier contained a security vulnerability. This vulnerability stemmed from the fact that HTTP request blocks and code blocks validated the initial request URL using validateHttpReqUrl. However...

7.7CVSS5.9AI score0.00239EPSS
Exploits0References2
Redos
Redos
added 2026/05/07 12:0 a.m.11 views

ROS-20260507-73-0005

Vulnerability in roundcubemail related to lack of validation of received requests. Exploitation of the vulnerability could allow a remote attacker to disclose protected information...

6.5CVSS5.8AI score0.0031EPSS
Exploits0
Snyk
Snyk
added 2026/04/02 6:19 p.m.7 views

Improper Validation of Syntactic Correctness of Input

Overview rack is a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a singl...

6.5CVSS5.9AI score0.00192EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2026/03/27 10:51 p.m.11 views

CVE-2026-32857

Firecrawl version 2.8.0 and prior contain a server-side request forgery SSRF protection bypass vulnerability in the Playwright scraping service where network policy validation is applied only to the initial user-supplied URL and not to subsequent redirect destinations. Attackers can supply an...

8.6CVSS5.9AI score0.00407EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:13 p.m.7 views

CVE-2017-20221

Telesquare SKT LTE Router SDT-CS3B1 version 1.2.0 contains a cross-site request forgery vulnerability that allows authenticated attackers to execute arbitrary system commands by exploiting missing request validation. Attackers can craft malicious web pages that perform administrative actions when...

5.3CVSS6.1AI score0.00286EPSS
Exploits2References1
Redos
Redos
added 2026/03/19 12:0 a.m.4 views

ROS-20260319-73-0032

Vulnerability in glpi related to insufficient validation of incoming requests. Exploitation of the vulnerability could allow a remote attacker to launch an ssrf attack...

9.1CVSS5.9AI score0.00317EPSS
Exploits0
EUVD
EUVD
added 2026/03/18 2:50 a.m.5 views

EUVD-2026-12749

Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation, and client-server communication. Prior to version 1.4.27, an Elysia cookie can be overridden by prototype pollution , eg. proto. This issue is patched in 1.4.27. As a workaround, use t.Cookie validatio...

6.5CVSS5.8AI score0.00232EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/16 1:28 a.m.6 views

CVE-2017-20221 Telesquare SKT LTE Router SDT-CS3B1 CSRF System Command Execution

Telesquare SKT LTE Router SDT-CS3B1 version 1.2.0 contains a cross-site request forgery vulnerability that allows authenticated attackers to execute arbitrary system commands by exploiting missing request validation. Attackers can craft malicious web pages that perform administrative actions when...

5.3CVSS6.1AI score0.00286EPSS
Exploits2References6
ATTACKERKB
ATTACKERKB
added 2026/03/16 1:28 a.m.4 views

CVE-2017-20221

Telesquare SKT LTE Router SDT-CS3B1 version 1.2.0 contains a cross-site request forgery vulnerability that allows authenticated attackers to execute arbitrary system commands by exploiting missing request validation. Attackers can craft malicious web pages that perform administrative actions when...

6.1AI score0.00286EPSS
Exploits2References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.6 views

PT-2026-25739

Telesquare SKT LTE Router SDT-CS3B1 version 1.2.0 contains a cross-site request forgery vulnerability that allows authenticated attackers to execute arbitrary system commands by exploiting missing request validation. Attackers can craft malicious web pages that perform administrative actions when...

5.3CVSS6.1AI score0.00286EPSS
Exploits2References7
RedhatCVE
RedhatCVE
added 2026/03/05 7:31 p.m.6 views

CVE-2026-20069

A vulnerability in the VPN web services component of Cisco Secure Firewall Adaptive Security Appliance ASA Software and Cisco Secure Firewall Threat Defense FTD Software could allow an unauthenticated, remote attacker to conduct browser-based attacks against users of an affected device. This...

4.3CVSS5.8AI score0.00273EPSS
Exploits0References1
NVD
NVD
added 2026/03/04 6:16 p.m.8 views

CVE-2026-20069

A vulnerability in the VPN web services component of Cisco Secure Firewall Adaptive Security Appliance ASA Software and Cisco Secure Firewall Threat Defense FTD Software could allow an unauthenticated, remote attacker to conduct browser-based attacks against users of an affected device. This...

4.3CVSS0.00273EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/04 5:51 p.m.2 views

CVE-2026-20069 Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software VPN Web Services Client-Side Request Smuggling Vulnerability

A vulnerability in the VPN web services component of Cisco Secure Firewall Adaptive Security Appliance ASA Software and Cisco Secure Firewall Threat Defense FTD Software could allow an unauthenticated, remote attacker to conduct browser-based attacks against users of an affected device. This...

4.3CVSS5.8AI score0.00273EPSS
Exploits0References1
Cisco
Cisco
added 2026/03/04 4:0 p.m.10 views

Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software VPN Web Services Client-Side Request Smuggling Vulnerability

A vulnerability in the VPN web services component of Cisco Secure Firewall Adaptive Security Appliance ASA Software and Cisco Secure Firewall Threat Defense FTD Software could allow an unauthenticated, remote attacker to conduct browser-based attacks against users of an affected device. This...

4.3CVSS5.8AI score0.00273EPSS
Exploits0References1
Rows per page
Query Builder