Lucene search
K

121637 matches found

OSV
OSV
added 2026/04/23 2:28 p.m.11 views

GHSA-RHF7-WVW3-VJVM goshs has Cross-Origin Arbitrary File Write via Missing CSRF on PUT and Wildcard CORS

Summary The PUT upload handler httpserver/updown.go lacks the CSRF token validation that was added to the POST upload handler during the GHSA-jrq5-hg6x-j6g3 fix. Combined with the unconditional Access-Control-Allow-Origin: on the OPTIONS preflight handler httpserver/server.go, any website can wri...

6.5CVSS5.9AI score0.00165EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/04/23 1:45 p.m.6 views

CVE-2026-41461 SocialEngine <= 7.8.0 Blind SSRF via /core/link/preview

SocialEngine versions 7.8.0 and prior contain a blind server-side request forgery vulnerability in the /core/link/preview endpoint where user-supplied input passed via the uri request parameter is not sanitized before being used to construct outbound HTTP requests. Authenticated remote attackers...

8.5CVSS5.9AI score0.00302EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/04/23 1:45 p.m.3 views

CVE-2026-41461

SocialEngine versions 7.8.0 and prior contain a blind server-side request forgery vulnerability in the /core/link/preview endpoint where user-supplied input passed via the uri request parameter is not sanitized before being used to construct outbound HTTP requests. Authenticated remote attackers...

8.5CVSS5.9AI score0.00302EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/04/23 1:45 p.m.38 views

CVE-2026-41461 SocialEngine <= 7.8.0 Blind SSRF via /core/link/preview

SocialEngine versions 7.8.0 and prior contain a blind server-side request forgery vulnerability in the /core/link/preview endpoint where user-supplied input passed via the uri request parameter is not sanitized before being used to construct outbound HTTP requests. Authenticated remote attackers...

8.5CVSS0.00302EPSS
Exploits1References3
NVD
NVD
added 2026/04/23 1:16 p.m.7 views

CVE-2025-66286

An API design flaw in WebKitGTK and WPE WebKit allows untrusted web content to unexpectedly perform IP connections, DNS lookups, and HTTP requests. Applications expect to use the WebPage::send-request signal handler to approve or reject all network requests. However, certain types of HTTP request...

4.7CVSS0.00233EPSS
Exploits0References3
CVE
CVE
added 2026/04/23 12:33 p.m.15 views

CVE-2025-66286

Technical details about CVE-2025-66286 are not publicly available in the provided documents. Monitor for updates from Red Hat, WebKitGTK, and WPE WebKit for affected products, versions, impact, and fixes.

4.7CVSS5.8AI score0.00233EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/23 12:33 p.m.4 views

CVE-2025-66286 Webkitgtk: authorization bypass through webpage::send-request signal handler

An API design flaw in WebKitGTK and WPE WebKit allows untrusted web content to unexpectedly perform IP connections, DNS lookups, and HTTP requests. Applications expect to use the WebPage::send-request signal handler to approve or reject all network requests. However, certain types of HTTP request...

4.7CVSS5.8AI score0.00233EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/23 12:33 p.m.34 views

CVE-2025-66286 Webkitgtk: authorization bypass through webpage::send-request signal handler

An API design flaw in WebKitGTK and WPE WebKit allows untrusted web content to unexpectedly perform IP connections, DNS lookups, and HTTP requests. Applications expect to use the WebPage::send-request signal handler to approve or reject all network requests. However, certain types of HTTP request...

4.7CVSS0.00233EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/04/23 12:33 p.m.5 views

CVE-2025-66286

An API design flaw in WebKitGTK and WPE WebKit allows untrusted web content to unexpectedly perform IP connections, DNS lookups, and HTTP requests. Applications expect to use the WebPage::send-request signal handler to approve or reject all network requests. However, certain types of HTTP request...

4.7CVSS5.8AI score0.00233EPSS
Exploits0References4
SUSE Linux
SUSE Linux
added 2026/04/23 12:11 p.m.4 views

Security update for haproxy

This update for haproxy fixes the following issue: CVE-2026-33555: Request smuggling via HTTP/3 parser desynchronization bsc1262103. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run th...

6.3CVSS5.7AI score0.00297EPSS
Exploits1References4
OSV
OSV
added 2026/04/23 12:11 p.m.4 views

SUSE-SU-2026:1568-1 Security update for haproxy

This update for haproxy fixes the following issue: - CVE-2026-33555: Request smuggling via HTTP/3 parser desynchronization bsc1262103...

5.8CVSS5.3AI score0.00297EPSS
Exploits1References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/23 11:3 a.m.11 views

Security Bulletin: Vulnerability in libsoup affects IBM Netezza Appliance

Summary The libsoup package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVECVE-2025-14523 Vulnerability Details CVEID:CVE-2025-14523 DESCRIPTION: A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a request and returns the last...

8.2CVSS5.8AI score0.00496EPSS
Exploits0Affected Software1
Microsoft CVE
Microsoft CVE
added 2026/04/23 8:9 a.m.5 views

media: mc, v4l2: serialize REINIT and REQBUFS with req_queue_mutex

...

7.8CVSS5.2AI score0.00126EPSS
Exploits0
OSV
OSV
added 2026/04/23 8:9 a.m.8 views

OPENSUSE-SU-2026:20618-1 Security update for haproxy

This update for haproxy fixes the following issues: Security issue: - CVE-2026-33555: Request smuggling via HTTP/3 parser desynchronization bsc1262103. - bug in SLZ compression bsc1261626...

5.8CVSS5.2AI score0.00297EPSS
Exploits1References3
OSV
OSV
added 2026/04/23 8:6 a.m.5 views

SUSE-SU-2026:21353-1 Security update for haproxy

This update for haproxy fixes the following issues: Security issue: - CVE-2026-33555: Request smuggling via HTTP/3 parser desynchronization bsc1262103. - bug in SLZ compression bsc1261626...

5.8CVSS5.2AI score0.00297EPSS
Exploits1References4
OSV
OSV
added 2026/04/23 8:5 a.m.3 views

SUSE-SU-2026:21390-1 Security update for haproxy

This update for haproxy fixes the following issues: Security issue: - CVE-2026-33555: Request smuggling via HTTP/3 parser desynchronization bsc1262103. - bug in SLZ compression bsc1261626...

5.8CVSS5.2AI score0.00297EPSS
Exploits1References4
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/23 6:56 a.m.11 views

Security Bulletin: Due to use of jetty-server-12.0.16.jar, IBM Sterling Connect:Direct Web Services is affected by response not compressed issue for corresponding HTTP request, causing the leak.

Summary jetty-server-12.0.16.jar is used by IBM Sterling Connect:Direct Web Services CVE-2026-1605. Vulnerability Details CVEID:CVE-2026-1605 DESCRIPTION: In Eclipse Jetty, versions 12.0.0-12.0.31 and 12.1.0-12.0.5, class GzipHandler exposes a vulnerability when a compressed HTTP request, with...

7.5CVSS5.7AI score0.00625EPSS
Exploits0Affected Software1
GithubExploit
GithubExploit
added 2026/04/23 2:25 a.m.106 views

hospital-waf-mcp

Hospital WAF Management System Release: v1.0.0 Languag...

5.8AI score
Exploits0
SUSE CVE
SUSE CVE
added 2026/04/23 1:25 a.m.5 views

SUSE CVE-2026-31473

In the Linux kernel, the following vulnerability has been resolved: media: mc, v4l2: serialize REINIT and REQBUFS with reqqueuemutex MEDIAREQUESTIOCREINIT can run concurrently with VIDIOCREQBUFS0 queue teardown paths. This can race request object cleanup against vb2 queue cancellation and lead to...

7CVSS5.6AI score0.00126EPSS
Exploits0References15
SUSE CVE
SUSE CVE
added 2026/04/23 1:25 a.m.4 views

SUSE CVE-2026-31506

In the Linux kernel, the following vulnerability has been resolved: net: bcmasp: fix double free of WoL irq We do not need to free wolirq since it was instantiated with devmrequestirq. So devres will free for us...

5.6AI score0.00129EPSS
Exploits0References3
Rows per page
Query Builder