Lucene search
K

121789 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/14 3:46 p.m.8 views

CVE-2026-42281

MagicMirror² is an open source modular smart mirror platform. Prior to 2.36.0, an unauthenticated Server-Side Request Forgery SSRF vulnerability in the /cors endpoint allows any remote attacker to force the MagicMirror² server to perform arbitrary HTTP requests to internal networks, cloud metadat...

9.2CVSS6AI score0.01623EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/14 3:34 p.m.10 views

CVE-2026-42597 Gotenberg: Chromium URL conversion routes read arbitrary files under /tmp via file:// scheme

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the /forms/chromium/convert/url and /forms/chromium/screenshot/url routes accept url=file:///tmp/... from anonymous callers. The default Chromium deny-list intentionally exempts file:///tmp/ so HTML/Markdown routes can lo...

5.9CVSS5.8AI score0.00251EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/14 3:33 p.m.8 views

CVE-2026-42595 Gotenberg: Server-Side Request Forgery via Chromium URL Endpoint with Redirect-Based Deny-List Bypass

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, Gotenberg's Chromium URL-to-PDF endpoint /forms/chromium/convert/url has no default protection against HTTP/HTTPS-based SSRF. The default deny-list regex only blocks file:// URIs. An unauthenticated attacker can point...

8.6CVSS5.8AI score0.00313EPSS
Exploits1References1
CVE
CVE
added 2026/05/14 3:33 p.m.12 views

CVE-2026-42595

CVE-2026-42595 describes an SSRF flaw in Gotenberg’s Chromium URL endpoint (/forms/chromium/convert/url) prior to version 8.32.0. The default deny-list blocks only file:// URIs, leaving HTTP/HTTPS targets—including internal IPs and cloud metadata endpoints—unrestricted. An unauthenticated attacke...

8.6CVSS5.8AI score0.00313EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/05/14 3:31 p.m.6 views

GHSA-Q23M-VM9R-5745 podinfo: cross-site scripting vulnerability in the /echo and /api/echo endpoints

podinfo through 6.11.2 contains a reflected cross-site scripting vulnerability in the /echo and /api/echo endpoints where the echoHandler writes request body content directly to the response without setting explicit Content-Type or X-Content-Type-Options headers. Attackers can craft cross-origin...

5.4CVSS5.7AI score0.00195EPSS
Exploits2References8
ATTACKERKB
ATTACKERKB
added 2026/05/14 3:20 p.m.7 views

CVE-2026-42591

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the LibreOffice conversion endpoint /forms/libreoffice/convert passes uploaded documents directly to LibreOffice without inspecting their content. LibreOffice then fetches any embedded external URLs on its own, completely...

8.2CVSS5.8AI score0.00245EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/14 3:20 p.m.7 views

CVE-2026-42591 Gotenberg: Server-Side Request Forgery (SSRF) in github.com/gotenberg/gotenberg/v8

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the LibreOffice conversion endpoint /forms/libreoffice/convert passes uploaded documents directly to LibreOffice without inspecting their content. LibreOffice then fetches any embedded external URLs on its own, completely...

8.2CVSS5.8AI score0.00245EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/14 3:20 p.m.11 views

EUVD-2026-30309

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the LibreOffice conversion endpoint /forms/libreoffice/convert passes uploaded documents directly to LibreOffice without inspecting their content. LibreOffice then fetches any embedded external URLs on its own, completely...

8.2CVSS5.8AI score0.00245EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/14 3:19 p.m.46 views

CVE-2026-42596 Gotenberg: Unauthenticated SSRF via default deny-list bypass in downloadFrom and webhook

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, the default deny-lists used by Gotenberg's downloadFrom feature and webhook feature are bypassable. Because the filter is regex-based and case-sensitive, an unauthenticated attacker can supply URLs such as...

9.4CVSS0.00352EPSS
Exploits1References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/14 2:9 p.m.13 views

Security Bulletin: IBM Integration Bus for z/OS is vulnerable to multiple vulnerabilities due to Apache Tomcat

Summary IBM Integration Bus for z/OS is vulnerable to multiple vulnerabilities due to Apache Tomcat. Vulnerability Details CVEID:CVE-2026-24880 DESCRIPTION: Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in Apache Tomcat via invalid chunk extension...

9.1CVSS6AI score0.03494EPSS
Exploits2Affected Software1
OSV
OSV
added 2026/05/14 1:18 p.m.5 views

GHSA-Q58J-G3F4-H26H CoreShop Vulnerable to Remote Code Execution (RCE) via Insecure `pull_request_target` Configuration

Summary The GitHub Actions workflow .github/workflows/static.yml uses the pullrequesttarget trigger but dangerously checks out the unverified code from the pull request head ref: $ github.event.pullrequest.head.ref . Subsequently, it executes a script bin/console from this untrusted checkout. Thi...

8.2CVSS6.1AI score0.00433EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/05/14 1:18 p.m.10 views

CoreShop Vulnerable to Remote Code Execution (RCE) via Insecure `pull_request_target` Configuration

Summary The GitHub Actions workflow .github/workflows/static.yml uses the pullrequesttarget trigger but dangerously checks out the unverified code from the pull request head ref: $ github.event.pullrequest.head.ref . Subsequently, it executes a script bin/console from this untrusted checkout. Thi...

8.2CVSS6.1AI score0.00433EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/05/14 7:16 a.m.41 views

CVE-2026-5365

The LatePoint plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 5.3.2. This is due to missing nonce verification on the requestcancellation function. This makes it possible for unauthenticated attackers to cancel a logged-in customer's bookings v...

4.3CVSS0.00105EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/14 6:44 a.m.10 views

CVE-2026-5365 LatePoint <= 5.3.2 - Cross-Site Request Forgery via 'customer_cabinet__request_cancellation' AJAX Route

The LatePoint plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 5.3.2. This is due to missing nonce verification on the requestcancellation function. This makes it possible for unauthenticated attackers to cancel a logged-in customer's bookings v...

4.3CVSS5.8AI score0.00105EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/14 6:44 a.m.59 views

CVE-2026-5365 LatePoint <= 5.3.2 - Cross-Site Request Forgery via 'customer_cabinet__request_cancellation' AJAX Route

The LatePoint plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 5.3.2. This is due to missing nonce verification on the requestcancellation function. This makes it possible for unauthenticated attackers to cancel a logged-in customer's bookings v...

4.3CVSS0.00105EPSS
Exploits0References2
CVE
CVE
added 2026/05/14 6:44 a.m.16 views

CVE-2026-5365

CVE-2026-5365 affects the WordPress LatePoint plugin up to version 5.3.2. The issue is a Cross-Site Request Forgery caused by missing nonce verification in request_cancellation(), allowing unauthenticated attackers to cancel a logged-in customer’s bookings via a forged request (requires user inte...

4.3CVSS5.8AI score0.00105EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/14 6:23 a.m.12 views

Security Bulletin: Erlang OTP inets httpd HTTP Request Smuggling via Duplicate Content-Length Handling

Summary Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in Erlang OTP inets httpd module allows HTTP Request Smuggling. This vulnerability is associated with program files lib/inets/src/httpserver/httpdrequest.erl and program routines httpdrequest:parseheaders/...

9.4CVSS7.1AI score0.00528EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/05/14 6:16 a.m.10 views

CVE-2026-6883

GitLab has remediated an issue in GitLab EE affecting all versions from 15.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to bypass merge request approval requirements due to improper cleanup of orphaned policy records...

4.3CVSS0.00146EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/05/14 6:16 a.m.8 views

CVE-2026-4527

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to create unauthorized Jira subscriptions for a targeted user's namespace via a specially crafted link due...

6.5CVSS5.8AI score0.00153EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/05/14 6:16 a.m.7 views

CVE-2026-6883

GitLab has remediated an issue in GitLab EE affecting all versions from 15.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to bypass merge request approval requirements due to improper cleanup of orphaned policy records...

4.3CVSS5.8AI score0.00146EPSS
Exploits0References3
Rows per page
Query Builder