Lucene search
K

121698 matches found

CNNVD
CNNVD
added 2026/04/17 12:0 a.m.10 views

Nomios GREENmod 安全漏洞

Nomios GREENmod is an industrial control system developed by the Polish company Nomios, designed for monitoring and managing energy and power infrastructure. Nomios GREENmod has a security vulnerability, which stems from incorrect configuration of the name pipe access control list, potentially...

6.9CVSS5.8AI score0.00426EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/17 12:0 a.m.10 views

PT-2026-37012

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.12 Description An issue exists in the QQBot reply media URL handling that allows server-side request forgery SSRF, a flaw where a server is tricked into making requests to an unintended location. Attackers can...

8.3CVSS5.9AI score0.00251EPSS
Exploits0References10
Snyk
Snyk
added 2026/04/17 12:0 a.m.10 views

HTTP Request Smuggling

Overview org.springframework:spring-webmvc is a package that provides Model-View-Controller MVC architecture and ready components that can be used to develop flexible and loosely coupled web applications. Affected versions of this package are vulnerable to HTTP Request Smuggling via the static...

5.9CVSS5.7AI score0.00236EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/17 12:0 a.m.11 views

HTTP Request Smuggling

Overview org.springframework:spring-webflux is a Spring Framework module that contains support for reactive HTTP and WebSocket clients as well as for reactive server web applications including REST, HTML browser, and WebSocket style interactions. Affected versions of this package are vulnerable t...

5.9CVSS5.7AI score0.00236EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/17 12:0 a.m.15 views

PT-2026-37028

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.10 Description A server-side request forgery SSRF policy bypass exists in existing-session browser interaction routes. This allows attackers to bypass navigation guards to interact with or navigate to...

7.7CVSS5.8AI score0.00253EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/04/17 12:0 a.m.12 views

PT-2026-37008

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.14 Description Improper access control in browser snapshot, screenshot, and tab routes allows authenticated callers to bypass Server-Side Request Forgery SSRF restrictions. This occurs because the system fails...

7.7CVSS5.8AI score0.00266EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/04/17 12:0 a.m.10 views

PT-2026-37013

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.14 Description A server-side request forgery SSRF issue exists in the browser SSRF policy that allows private-network navigation by default. This misconfiguration enables attackers to access internal services ...

7.7CVSS5.8AI score0.0028EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/04/17 12:0 a.m.3 views

PT-2026-33449

Name of the Vulnerable Software and Affected Versions QueryMine sms versions up to 7ab5a9ea196209611134525ffc18de25c57d9593 Description Remote SQL injection is possible via the GET Request Parameter Handler in the 'admin/editcourse.php' file. The issue occurs when the ID argument is manipulated,...

6.5CVSS6.9AI score0.00196EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/04/17 12:0 a.m.5 views

PT-2026-33422

Name of the Vulnerable Software and Affected Versions cms-fuer-motorrad-werkstaetten versions prior to 1.0.1 Description The cms-fuer-motorrad-werkstaetten plugin for WordPress is susceptible to Cross-Site Request Forgery. This occurs because eight AJAX deletion handlers lack nonce validation and...

4.3CVSS5.4AI score0.00225EPSS
Exploits0References22
Vulnrichment
Vulnrichment
added 2026/04/17 12:0 a.m.8 views

CVE-2026-31317

Craftql v1.3.7 and before is vulnerable to Server-Side Request Forgery SSRF which allows an attacker to execute arbitrary code via the vendor/markhuot/craftql/src/Listeners/GetAssetsFieldSchema.php file...

6.1AI score0.00463EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/17 12:0 a.m.9 views

PT-2026-37120

Name of the Vulnerable Software and Affected Versions YARD versions prior to 0.9.42 Description A path traversal issue exists when using yard server to serve documentation. This flaw allows unsanitized HTTP requests to access arbitrary files on the host machine under certain conditions. Path...

7.5CVSS6AI score0.00388EPSS
Exploits0References25
Positive Technologies
Positive Technologies
added 2026/04/17 12:0 a.m.12 views

PT-2026-36793

Name of the Vulnerable Software and Affected Versions Totolink N300RH version 3.2.4-B20220812 Description A buffer overflow can be triggered remotely via the POST Request Handler component. The issue exists in the setUpgradeFW function within the '/cgi-bin/cstecgi.cgi' endpoint when manipulating...

9CVSS7.5AI score0.00463EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2026/04/17 12:0 a.m.7 views

PT-2026-33461

Name of the Vulnerable Software and Affected Versions prasathmani TinyFileManager versions prior to 2.7 Description An issue in the File Upload Handler component allows for server-side request forgery, a flaw where an attacker can induce the server to make requests to an unintended location. This...

6.5CVSS6.5AI score0.00267EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/04/17 12:0 a.m.6 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007366)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007366 advisory. In the Linux kernel, the following vulnerability has been resolved: caif: fix memory leak in cfctrllinkuprequest When linktype is unknown or kzalloc failed in...

5.5CVSS5.8AI score0.00136EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/17 12:0 a.m.13 views

MiracleLinux 9 : nodejs:24 (AXSA:2026-449:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-449:01 advisory. nodejs: Nodejs denial of service CVE-2026-21637 brace-expansion: brace-expansion: Denial of Service via unbounded brace range expansion CVE-2026-2554...

9.8CVSS7AI score0.26356EPSS
Exploits1References19
Tenable Nessus
Tenable Nessus
added 2026/04/17 12:0 a.m.2 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007240)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007240 advisory. In the Linux kernel, the following vulnerability has been resolved: arp: Prevent overflow in arpreqget. syzkaller reported an overflown write in arpreqget. 0 When...

5.5CVSS6.5AI score0.00256EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/04/17 12:0 a.m.2 views

Cisco Unity Connection Arbitrary File Download (cisco-sa-unity-file-download-RmKEVWPx)

According to its self-reported version, Cisco Unity Connection is affected by multiple arbitrary file download vulnerabilities: - Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker to download arbitrary files from an affected system. To exploit these...

6.5CVSS5.9AI score0.00388EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/04/17 12:0 a.m.6 views

Unity Linux 20.1070a Security Update: libsoup (UTSA-2026-007256)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007256 advisory. A flaw in libsoups HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing. Common front proxies...

8.2CVSS5.8AI score0.00496EPSS
Exploits0References4
OSV
OSV
added 2026/04/16 11:45 p.m.2 views

BIT-OAUTH2-PROXY-2026-34457 OAuth2 Proxy: Health Check User-Agent Matching Bypasses Authentication in auth_request Mode

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions prior to 7.15.2 contain a configuration-dependent authentication bypass in deployments where OAuth2 Proxy is used with an authrequest-style integration such as nginx authrequest and either...

9.1CVSS5.8AI score0.00475EPSS
Exploits0References3
OSV
OSV
added 2026/04/16 11:38 p.m.10 views

BIT-DJANGO-2026-3902 ASGI header spoofing via underscore/hyphen conflation

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGIRequest allows a remote attacker to spoof headers by exploiting an ambiguous mapping of two header variants with hyphens or with underscores to a single version with underscores. Earlier, unsupported Django...

7.5CVSS5.7AI score0.00436EPSS
Exploits0References4
Rows per page
Query Builder