Lucene search
K

121628 matches found

NVD
NVD
added 2026/04/01 6:16 p.m.8 views

CVE-2026-34076

Clerk JavaScript is the official JavaScript repository for Clerk authentication. In @clerk/hono from versions 0.1.0 to before 0.1.5, @clerk/express from versions 2.0.0 to before 2.0.7, @clerk/backend from versions 3.0.0 to before 3.2.3, and @clerk/fastify from versions 3.1.0 to before 3.1.5, the...

7.4CVSS0.00309EPSS
Exploits0References1
NVD
NVD
added 2026/04/01 5:16 p.m.14 views

CVE-2024-43028

A command injection vulnerability in the component /jmreport/show of jeecg boot v3.0.0 to v3.5.3 allows attackers to execute arbitrary code via a crafted HTTP request...

9.8CVSS0.01531EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/01 5:4 p.m.7 views

CVE-2026-34574

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.69 and 9.7.0-alpha.14, an authenticated user can bypass the immutability guard on session fields expiresAt, createdWith by sending a null value in a PUT request to the...

5.4CVSS5.7AI score0.0021EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/01 5:3 p.m.3 views

CVE-2026-34163

FastGPT is an AI Agent building platform. Prior to version 4.14.9.5, FastGPT's MCP Model Context Protocol tools endpoints /api/core/app/mcpTools/getTools and /api/core/app/mcpTools/runTool accept a user-supplied URL parameter and make server-side HTTP requests to it without validating whether the...

7.7CVSS5.8AI score0.00283EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/04/01 5:3 p.m.3 views

CVE-2026-4267

The Query Monitor – The developer tools panel for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘$SERVER'REQUESTURI'’ parameter in all versions up to, and including, 3.20.3 due to insufficient input sanitization and output escaping. This makes it possible...

7.2CVSS6AI score0.00302EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/01 4:59 p.m.3 views

CVE-2026-34076 Clerk JavaScript: SSRF in the opt-in clerkFrontendApiProxy feature may leak secret keys to unintended host

Clerk JavaScript is the official JavaScript repository for Clerk authentication. In @clerk/hono from versions 0.1.0 to before 0.1.5, @clerk/express from versions 2.0.0 to before 2.0.7, @clerk/backend from versions 3.0.0 to before 3.2.3, and @clerk/fastify from versions 3.1.0 to before 3.1.5, the...

7.4CVSS5.8AI score0.00309EPSS
Exploits0References1
CVE
CVE
added 2026/04/01 4:59 p.m.28 views

CVE-2026-34076

The CVE-2026-34076 issue is a SSRF in Clerk JavaScript’s opt-in clerkFrontendApiProxy feature. Affected packages and fix versions are: @clerk/backend (3.0.0–3.2.2; fixed in 3.2.3), @clerk/express (2.0.0–2.0.6; fixed in 2.0.7), @clerk/hono (0.1.0–0.1.4; fixed in 0.1.5), and @clerk/fastify (3.1.0–3...

7.4CVSS5.8AI score0.00309EPSS
Exploits0References1
OSV
OSV
added 2026/04/01 4:48 p.m.5 views

CLSA-2026-1775062103 squid34: Fix of 2 CVEs

CVE-2026-33526: fix heap Use-After-Free in ICP traffic handling causing DoS - CVE-2026-32748: fix HttpRequest lifetime in ICP v3 queries preventing Use-After-Free DoS...

9.2CVSS5.8AI score0.08942EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/01 4:27 p.m.18 views

CVE-2026-20041 Cisco Nexus Dashboard Server Side Request Forgery Vulnerability

A vulnerability in Cisco Nexus Dashboard and Cisco Nexus Dashboard Insights could allow an unauthenticated, remote attacker to conduct a server-side request forgery SSRF attack through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attack...

6.1CVSS0.00242EPSS
Exploits0References1
NVD
NVD
added 2026/04/01 4:23 p.m.5 views

CVE-2026-4925

Improper access control in the users MFA feature in Devolutions Server allows an authenticated user to bypass administrator-enforced restrictions and remove their own multi-factor authentication MFA configuration via a crafted request. This issue affects Server: from 2026.1.6 through 2026.1.11...

5CVSS0.00194EPSS
Exploits0References1
NVD
NVD
added 2026/04/01 4:23 p.m.10 views

CVE-2026-4828

Improper authentication in the OAuth login functionality in Devolutions Server 2026.1.11 and earlier allows a remote attacker with valid credentials to bypass multi-factor authentication via a crafted login request...

8.2CVSS0.0026EPSS
Exploits0References1
Cisco
Cisco
added 2026/04/01 4:0 p.m.13 views

Cisco Nexus Dashboard and Nexus Dashboard Insights Server-Side Request Forgery Vulnerability

A vulnerability in Cisco Nexus Dashboard and Cisco Nexus Dashboard Insights could allow an unauthenticated, remote attacker to conduct a server-side request forgery SSRF attack through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attack...

6.1CVSS6.2AI score0.00242EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/01 3:7 p.m.19 views

CVE-2026-4989

Improper input validation in the gateway health check feature in Devolutions Server allows a low-privileged authenticated user to perform server-side request forgery SSRF, potentially leading to information disclosure, via a crafted API request. This issue affects Server: from 2026.1.1 through...

0.00162EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/01 3:2 p.m.2 views

CVE-2026-4925

Improper access control in the users MFA feature in Devolutions Server allows an authenticated user to bypass administrator-enforced restrictions and remove their own multi-factor authentication MFA configuration via a crafted request. This issue affects Server: from 2026.1.6 through 2026.1.11...

5.9AI score0.00194EPSS
Exploits0References1
OSV
OSV
added 2026/04/01 10:43 a.m.6 views

CLSA-2026-1775040191 squid: Fix of CVE-2026-32748

CVE-2026-32748: fix HttpRequest lifetime for ICP v3 queries...

8.7CVSS5.8AI score0.08931EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/01 6:51 a.m.7 views

CVE-2026-34441

A flaw was found in cpp-httplib, a C++11 HTTP/HTTPS library. This vulnerability, known as HTTP Request Smuggling, allows a remote attacker to embed an arbitrary HTTP request within the body of a GET request. The server's static file handler fails to consume the entire request body, leaving unread...

6.5CVSS6AI score0.00196EPSS
Exploits1References2
EUVD
EUVD
added 2026/04/01 3:31 a.m.3 views

EUVD-2026-17767

Addressed a potential insecure direct object reference IDOR vulnerability in the signing invitation acceptance process. Under certain conditions, this issue could have allowed an attacker to access or modify unauthorized resources by manipulating user-supplied object identifiers, potentially...

7.1CVSS5.9AI score0.00174EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/01 1:40 a.m.2 views

CVE-2026-4947

Addressed a potential insecure direct object reference IDOR vulnerability in the signing invitation acceptance process. Under certain conditions, this issue could have allowed an attacker to access or modify unauthorized resources by manipulating user-supplied object identifiers, potentially...

7.1CVSS5.9AI score0.00174EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/04/01 1:5 a.m.9 views

HTTP Request Smuggling

Overview Affected versions of this package are vulnerable to HTTP Request Smuggling via the static file handler when it serves GET responses without consuming the request body. An attacker can inject and have the server process unintended HTTP requests by embedding arbitrary HTTP requests inside...

6.5CVSS6AI score0.00196EPSS
Exploits1References2
EUVD
EUVD
added 2026/04/01 12:3 a.m.3 views

EUVD-2026-17502

Parse Server has a session field immutability bypass via falsy-value guard...

5.3CVSS5.9AI score0.0021EPSS
Exploits0References6
Rows per page
Query Builder