Lucene search
K

9809 matches found

NVD
NVD
added 4 days ago6 views

CVE-2026-12352

This vulnerability allows an unauthenticated actor to bypass authentication and gain access to restricted resources on the device...

5.9CVSS0.00259EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-42047

This vulnerability allows an unauthenticated actor to bypass authentication and gain access to restricted resources on the device...

5.9CVSS6AI score0.00259EPSS
Exploits0References1
CVE
CVE
added 4 days ago15 views

CVE-2026-12352

Technical details (affected products/versions, root cause, exploit conditions, or remediation) are not publicly provided in the supplied documents. Monitor for updates on CVE-2026-12352.

5.9CVSS6AI score0.00259EPSS
Exploits0References1
Snyk
Snyk
added 4 days ago4 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the notification URL validation process. An attacker can access internal network resources and potentially expose sensitive internal data by configuring notification URLs to point to hostnames that...

7.7CVSS6AI score0.00437EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 4 days ago7 views

CVE-2026-8377

Missing Authorization vulnerability in Armiya Information Technologies Ltd. Co. Access Control System GKS allows Collect Data from Common Resource Locations. This issue affects Access Control System GKS: before Version 2...

8.2CVSS5.9AI score0.00198EPSS
Exploits0References2
NVD
NVD
added 4 days ago10 views

CVE-2026-34037

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, the cloneTo Livewire action in ResourceOperations.php authorizes the source resource but resolves destination resources with unscoped Eloquent lookups, allowing an...

9.9CVSS0.00247EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago5 views

EUVD-2026-41983

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the Livewire component Server\Resources exposes public methods startUnmanaged, stopUnmanaged, restartUnmanaged that accept a container ID parameter directly from the browse...

8.8CVSS6.2AI score0.00352EPSS
Exploits0References4
Cvelist
Cvelist
added 5 days ago33 views

CVE-2026-50135 Hugo: Symlink confinement bypass in resources.Get

Hugo is a static site generator. From 0.123.0 to 0.161.1, a regression made RootMappingFs.statRoot use Stat follows symlinks instead of Lstat , so a direct resources.Get of a symlink pointing outside its mount returned the target's contents — letting a symlink planted in a local mount e.g. a...

6.9CVSS0.00275EPSS
Exploits0References3
CVE
CVE
added 5 days ago14 views

CVE-2026-50135

Summary: Hugo up to v0.161.1 is affected by a symlink confinement bypass in the virtual filesystem used by Hugo’s resources.Get. Root cause: A regression in RootMappingFs.statRoot caused it to call Stat (which follows symlinks) instead of Lstat, allowing a symlink inside a mounted directory (e.g....

6.9CVSS5.9AI score0.00275EPSS
Exploits0References3Affected Software1
NVD
NVD
added 5 days ago8 views

CVE-2026-7185

A validation vulnerability has been identified in certain web features related to file management or upload in several products of the TAO 2.0 suite. This vulnerability could allow an attacker capable of interacting with the affected feature to attempt to access file system resources outside the...

6CVSS0.00292EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 5 days ago9 views

CVE-2026-7185

A validation vulnerability has been identified in certain web features related to file management or upload in several products of the TAO 2.0 suite. This vulnerability could allow an attacker capable of interacting with the affected feature to attempt to access file system resources outside the...

6CVSS5.8AI score0.00292EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/03 8:35 p.m.11 views

EUVD-2026-41599

Operation on a resource after expiration or release in Microsoft Edge Chromium-based allows an unauthorized attacker to disclose information over a network...

6.1CVSS5.9AI score0.00586EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/07/03 3:26 p.m.9 views

CVE-2026-14614

A flaw was found in the ClientResource component of Keycloak's admin services when Fine-Grained Admin Permissions FGAP v2 is enabled. This issue allows a delegated administrator, who should only have limited control over specific clients, to attach or remove hidden client scopes that they are not...

5.4CVSS5.9AI score0.00146EPSS
Exploits0References3
Snyk
Snyk
added 2026/07/03 12:17 p.m.5 views

Server-side Request Forgery (SSRF)

Overview @theia/core is a the main extension for all Theia-based applications, and provides the main framework for all dependent extensions. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the request-service process. An attacker can access sensitive...

8.5CVSS6AI score0.00297EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 12:17 p.m.7 views

Server-side Request Forgery (SSRF)

Overview @theia/request is a Theia Proxy-Aware Request Service Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the request-service process. An attacker can access sensitive internal resources by sending crafted URLs to the backend, which then performs...

8.5CVSS5.9AI score0.00297EPSS
Exploits0References2
CVE
CVE
added 2026/07/03 10:30 a.m.25 views

CVE-2026-10055

CVE-2026-10055 affects Eclipse Theia (since 1.26.0). The issue arises in the backend /services/request-service RPC, which accepts an attacker-controlled URL from any client connected to the standard /services messaging endpoint, then performs the HTTP request server-side and returns the full resp...

8.5CVSS6AI score0.00297EPSS
Exploits0References2
F5 Networks
F5 Networks
added 2026/07/02 8:45 a.m.9 views

K000162041: Spring Framework vulnerabilities CVE-2026-41843 and CVE-2026-41846

Security Advisory Description CVE-2026-41843 Spring MVC and WebFlux applications are vulnerable to Path Traversal attacks when resolving static resources. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48. CVE-2026-41846 Spri...

6.1CVSS5.9AI score0.00341EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/07/02 12:3 a.m.5 views

io.quarkus/quarkus-vertx-http: Quarkus: Authorization bypass in HTTP path-based policies via encoded characters

A flaw was found in Quarkus. A remote attacker could bypass HTTP path-based authorization policies by using specially crafted encoded semicolons, slashes, or backslashes in HTTP requests. This could allow unauthorized access to protected static resources, leading to information disclosure...

7.5CVSS6AI score0.00463EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.15 views

PT-2026-55301

Name of the Vulnerable Software and Affected Versions AutoBangumi versions prior to 3.2.8 Description An unauthenticated remote attacker can probe internal network services via a server-side request forgery SSRF issue. By providing arbitrary host values to the 'POST /api/v1/setup/test-downloader'...

6.9CVSS6.2AI score0.00321EPSS
Exploits0References10
OSV
OSV
added 2026/07/02 12:0 a.m.4 views

UBUNTU-CVE-2026-54786

Wasmtime is a runtime for WebAssembly. All versions prior to 24.0.10; versions 25.0.0 through those before 36.0.11; versions 37.0.0 through those before 44.0.3; and versions 45.0.0 and 45.0.1 contain a native implementation of WASIp1 which suffers from a leak in the fdrenumber function where the...

5CVSS5.7AI score0.00217EPSS
Exploits0References3
Rows per page
Query Builder