Lucene search
K

688 matches found

NVD
NVD
added 4 days ago8 views

CVE-2026-41482

Frappe is a full-stack web application framework. Prior to 16.18.3, possible path traversal and local file inclusion were possible through secure local resource access in the Chrome PDF Generator. This issue is fixed in version 16.18.3...

7.1CVSS0.00338EPSS
Exploits0References6
CVE
CVE
added 4 days ago24 views

CVE-2026-55884

Tilt HUD server in github.com/tilt-dev/tilt is affected in versions 0.20.8–0.37.3 where the HUD HTTP server registers handlers on a gorilla/mux router without authentication. When bound to a non-loopback address, an unauthenticated network caller can trigger developer-defined Tiltfile resources, ...

9.2CVSS6.2AI score0.00397EPSS
Exploits0References4
CVE
CVE
added 4 days ago86 views

CVE-2026-55229

Gotenberg prior to 8.34.0 contains an SSRF/local-file disclosure in the /forms/libreoffice/convert endpoint. A specially crafted DOCX can cause LibreOffice to fetch external HTTP(S) resources (blind SSRF) and load local image resources during conversion, potentially exposing internal endpoints an...

7.5CVSS6.1AI score0.00355EPSS
Exploits0References3
NVD
NVD
added 5 days ago8 views

CVE-2026-58305

Access of resource using incompatible type 'type confusion' vulnerability in Samsung Open Source Escargot allows Pointer Manipulation. This issue affects Escargot: before 779f6bedf58f334dec64b0a51ebb724b4708b84a...

6.1CVSS0.00105EPSS
Exploits0References2
CVE
CVE
added 5 days ago11 views

CVE-2026-58305

CVE-2026-58305 describes a type-confusion vulnerability in Samsung Open Source Escargot, allowing pointer manipulation. Affected are Escargot builds before 779f6bedf58f334dec64b0a51ebb724b4708b84a. CVSS (3.1) base 6.1 (LOCAL, NONE/LOW/LOW to HIGH vector) with user interaction required. No exploit...

6.1CVSS5.9AI score0.00105EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added last week6 views

CVE-2026-57172

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, ShareSecretManage uses a hardcoded default share link signature key, allowing an attacker who can obtain a passwordless share for a resource and user to use the known key link-pwd-fit2cloud to forge linkToken JWTs,...

8.3CVSS5.9AI score0.00289EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/07/03 9:17 p.m.10 views

CVE-2026-58285

Access of resource using incompatible type 'type confusion' in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...

8.3CVSS0.00438EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/03 8:35 p.m.6 views

CVE-2026-58290

Access of resource using incompatible type 'type confusion' in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...

7.5CVSS6.1AI score0.00249EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/07/03 8:35 p.m.9 views

EUVD-2026-41583

Access of resource using incompatible type 'type confusion' in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...

8.3CVSS6.1AI score0.00438EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2026/07/03 2:0 p.m.6 views

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

Access of resource using incompatible type 'type confusion' in Microsoft Edge Chromium-based allows an unauthorized attacker to bypass a security feature over a network...

8.3CVSS5.9AI score0.00372EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/07/03 2:0 p.m.13 views

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Access of resource using incompatible type 'type confusion' in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...

7.5CVSS6.1AI score0.00429EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.18 views

PT-2026-55636

Name of the Vulnerable Software and Affected Versions Microsoft Edge Chromium-based affected versions not specified Description An issue involving type confusion, which occurs when a program accesses a resource using an incompatible data type, allows an unauthorized attacker to execute arbitrary...

7.5CVSS6.3AI score0.00249EPSS
Exploits0References10
Cvelist
Cvelist
added 2026/06/30 7:51 p.m.40 views

CVE-2026-10564 SSRF Vulnerability in Langflow OSS Legacy Components Bypasses Protection

IBM Langflow OSS 1.0.0 through 1.9.6 contains a Server-Side Request Forgery SSRF. The legacy RSSReaderComponent in rss.py and SearXNG component in searxng.py make unvalidated HTTP requests to user-controlled URLs, bypassing SSRF protections introduced in version 1.9.3. An authenticated attacker c...

8.2CVSS0.00199EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.7 views

PT-2026-53959

Name of the Vulnerable Software and Affected Versions IBM Langflow OSS versions 1.0.0 through 1.9.6 Description An authenticated attacker can perform a Server-Side Request Forgery SSRF, which occurs when a server is tricked into making requests to an unintended location. The issue exists because...

8.2CVSS6AI score0.00199EPSS
Exploits0References6
Snyk
Snyk
added 2026/06/29 10:23 p.m.12 views

Improper Authorization

Overview org.apache.tomcat:tomcat-catalina is a Tomcat Servlet Engine Core Classes and Standard implementations. Affected versions of this package are vulnerable to Improper Authorization due to the improper enforcement of security constraints in the default servlet when certain HTTP methods or...

6.5CVSS5.8AI score0.0041EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/29 5:13 p.m.35 views

CVE-2026-56285 Nitter - Server-Side Request Forgery in /video Media Proxy Endpoint

Nitter's /video media proxy endpoint fails to validate target URLs against Twitter/X domains and uses a hardcoded default HMAC key, allowing unauthenticated attackers to compute valid HMACs for arbitrary URLs. Attackers can retrieve HTTP responses from any host reachable by the server, including...

8.6CVSS0.0036EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/25 6:32 p.m.8 views

LangGraph SDK has unsafe URL path construction

Summary langgraph-sdk constructs HTTP request paths for resource operations by interpolating caller-supplied identifier values into URL templates. Without sanitization of those values, identifiers that contain characters with special meaning in URL paths could cause the resulting request to addre...

9.1CVSS5.7AI score0.00216EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/06/25 6:32 p.m.3 views

GHSA-W39P-VH2G-G8G5 LangGraph SDK has unsafe URL path construction

Summary langgraph-sdk constructs HTTP request paths for resource operations by interpolating caller-supplied identifier values into URL templates. Without sanitization of those values, identifiers that contain characters with special meaning in URL paths could cause the resulting request to addre...

4.2CVSS5.7AI score0.00216EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/25 5:36 p.m.4 views

keycloak: Keycloak: Unauthorized access to resources via UMA permission ticket bypass

A flaw was found in org.keycloak.authorization. An authenticated user with a granted User-Managed Access UMA permission ticket for one resource can exploit this by using a specific permission request prefix to bypass per-resource access control. This allows the user to gain unauthorized access to...

4.6CVSS5.7AI score0.00166EPSS
Exploits0References4
CVE
CVE
added 2026/06/25 4:17 p.m.16 views

CVE-2026-9799

Affects Keycloak’s authorization component (org.keycloak.authorization). The vulnerability allows an authenticated user with a granted UMA permission ticket for one resource to bypass per-resource access control by using a specific permission request prefix, granting access to all resources of th...

4.6CVSS5.8AI score0.00166EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder