Lucene search
+L

20233 matches found

Nuclei
Nuclei
added 13 hours ago119 views

CData API Server < 23.4.8844 - Path Traversal

A path traversal vulnerability exists in the Java version of CData API Server 23.4.8844 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain complete administrative access to the application. id: CVE-2024-31848 info: name: CData API Server...

9.8CVSS8.5AI score0.08151EPSS
Exploits1References5
Nuclei
Nuclei
added 13 hours ago69 views

Dify User Enumeration via Observable Response Discrepancy

Dify is an open-source LLM app development platform. Prior to 1.9.0, responses from the Dify API to existing and non-existent accounts differ, allowing an attacker to enumerate email addresses registered with Dify. Version 1.9.0 fixes the issue. id: CVE-2026-28288 info: name: Dify User Enumeratio...

6.9CVSS5.2AI score0.00635EPSS
Exploits1References2
Nuclei
Nuclei
added 13 hours ago72 views

Reprise License Manager 14.2 - Cross-Site Scripting

Reprise License Manager 14.2 contains a cross-site scripting vulnerability in the /goform/activateprocess "count" parameter via GET. id: CVE-2021-45422 info: name: Reprise License Manager 14.2 - Cross-Site Scripting author: edoardottt severity: medium description: | Reprise License Manager 14.2...

6.1CVSS5.8AI score0.03241EPSS
Exploits3References5
Nuclei
Nuclei
added 13 hours ago260 views

SuiteCRM - SQL Injection

SuiteCRM is an open-source Customer Relationship Management CRM software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in events response entry point allows for a SQL injection attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue. id: CVE-2024-36412 info: name: SuiteC...

10CVSS8.6AI score0.05692EPSS
Exploits1References2
Nuclei
Nuclei
added 13 hours ago58 views

Emlog Pro v2.1.14 - Cross-Site Scripting

Cross Site Scripting XSS vulnerability in Emlog Pro v2.1.14 via /admin/store.php. id: CVE-2023-41621 info: name: Emlog Pro v2.1.14 - Cross-Site Scripting author: ritikchaddha severity: medium description: | Cross Site Scripting XSS vulnerability in Emlog Pro v2.1.14 via /admin/store.php. impact: ...

6.1CVSS6AI score0.01146EPSS
Exploits1References2
CVE
CVE
added yesterday35 views

CVE-2026-49284

The CVE affects SimpleSAMLphp SP: the ACS path permits a response from an unexpected IdP when an unsigned Response/InResponseTo combines with a signed assertion lacking SubjectConfirmationData/InResponseTo. A response from IdP B can be bound to SP state created for IdP A, allowing bypass of IdP-s...

7.1CVSS5.3AI score
Exploits0References3
Cvelist
Cvelist
added yesterday31 views

CVE-2026-49284 SimpleSAMLphp SP accepts a response from an unexpected IdP when unsigned `Response/InResponseTo` is combined with a signed assertion lacking `SubjectConfirmationData/InResponseTo`

SimpleSAMLphp versions before 1.18.6 contain an information disclosure vulnerability. Prior to 2.4.7 and 2.5.2, SimpleSAMLphp's SAML SP ACS path does not enforce the IdP selected for an SP-initiated login when unsigned Response/InResponseTo is combined with a signed assertion lacking...

7.1CVSS
Exploits0References3
EUVD
EUVD
added yesterday7 views

EUVD-2026-45194

Dendrite through 0.13.8 contains a server-side request forgery vulnerability that allows unauthenticated attackers to cause the server to open outbound TLS connections to arbitrary hosts and ports by supplying an unvalidated serverName parameter to the legacy media download endpoint. Attackers ca...

6.9CVSS5.5AI score
Exploits0References2
EUVD
EUVD
added yesterday6 views

EUVD-2024-55658

HCL Aftermarket EPC is affected by Business Logic Vulnerability using which a non valid user of the application can obtain passwords from the server and redirect them to their own email address by manipulating the server's response. The application includes checks in the initial requests to verif...

9.1CVSS5.3AI score
Exploits0References1
Cvelist
Cvelist
added yesterday32 views

CVE-2024-23564

HCL Aftermarket EPC is affected by Business Logic Vulnerability using which a non valid user of the application can obtain passwords from the server and redirect them to their own email address by manipulating the server's response. The application includes checks in the initial requests to verif...

9.1CVSS
Exploits0References1
NVD
NVD
added 2 days ago6 views

CVE-2026-62299

CoreDNS is a DNS server written in Go. Prior to 1.14.5, the CoreDNS rewrite plugin supports edns0 rewrite rules with an optional revert flag, and two response rules, edns0SetResponseRule and edns0ReplaceResponseRuleT in plugin/rewrite/edns0.go, call res.IsEdns0 and immediately dereference the...

5.3CVSS0.00301EPSS
Exploits0References4
CVE
CVE
added 2 days ago6 views

CVE-2026-62299

CoreDNS (rewrite plugin, edns0.go) prior to version 1.14.5 could panic when a downstream plugin returns a response with no OPT record. The code path in edns0.go dereferenced a DNS OPT without a nil check, triggered by a query matching a rewrite edns0 rule (local/nsid/subnet with set/append/replac...

5.3CVSS6.1AI score0.00301EPSS
Exploits0References4
NVD
NVD
added 2 days ago7 views

CVE-2026-56453

HCL DFXAnalytics is affected by an Account Takeover via Response Manipulation vulnerability. A remote attacker can intercept and alter the contents of the server's HTTP responses before they reach the client application, allowing them to manipulate the authentication or authorization logic to...

9.8CVSS0.00163EPSS
Exploits0References1
EUVD
EUVD
added 2 days ago8 views

EUVD-2026-44921

HCL DFXAnalytics is affected by an Account Takeover via Response Manipulation vulnerability. A remote attacker can intercept and alter the contents of the server's HTTP responses before they reach the client application, allowing them to manipulate the authentication or authorization logic to...

5.5CVSS6.1AI score0.00163EPSS
Exploits0References1
CVE
CVE
added 2 days ago10 views

CVE-2026-56453

Affected software: HCL DFXAnalytics. Vulnerability: Account Takeover via Response Manipulation, where a remote attacker can intercept and alter server HTTP responses before they reach the client, enabling manipulation of authentication/authorization logic. Impact (as described): Potential unautho...

9.8CVSS6.1AI score0.00163EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2 days ago30 views

CVE-2026-59249 Sign-tolerant HTTP/1 chunk-size parser in Mint enables response smuggling against strict intermediaries on pooled connections

Inconsistent interpretation of HTTP requests HTTP response smuggling vulnerability in elixir-mint mint allows a malicious HTTP/1 server to desynchronize a strict intermediary and the Mint client on the same pooled connection, enabling response-queue poisoning against subsequent requests that shar...

6.3CVSS0.00301EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2 days ago5 views

CVE-2026-59249 Sign-tolerant HTTP/1 chunk-size parser in Mint enables response smuggling against strict intermediaries on pooled connections

Inconsistent interpretation of HTTP requests HTTP response smuggling vulnerability in elixir-mint mint allows a malicious HTTP/1 server to desynchronize a strict intermediary and the Mint client on the same pooled connection, enabling response-queue poisoning against subsequent requests that shar...

6.3CVSS6.1AI score0.00301EPSS
Exploits0References4
OSV
OSV
added 2 days ago5 views

EEF-CVE-2026-59249 Sign-tolerant HTTP/1 chunk-size parser in Mint enables response smuggling against strict intermediaries on pooled connections

Summary Inconsistent interpretation of HTTP requests HTTP response smuggling vulnerability in elixir-mint mint allows a malicious HTTP/1 server to desynchronize a strict intermediary and the Mint client on the same pooled connection, enabling response-queue poisoning against subsequent requests...

6.3CVSS6.1AI score0.00301EPSS
Exploits0References4
OSV
OSV
added 2 days ago2 views

CVE-2026-59249 Sign-tolerant HTTP/1 chunk-size parser in Mint enables response smuggling against strict intermediaries on pooled connections

Inconsistent interpretation of HTTP requests HTTP response smuggling vulnerability in elixir-mint mint allows a malicious HTTP/1 server to desynchronize a strict intermediary and the Mint client on the same pooled connection, enabling response-queue poisoning against subsequent requests that shar...

6.3CVSS5.5AI score0.00301EPSS
Exploits0References9
CVE
CVE
added 2 days ago10 views

CVE-2026-59249

The CVE concerns the Elixir Mint library (mint) and its HTTP/1.1 decoding path. Specifically, Mint.HTTP1.decode_body/5 parses chunk-size lines using Integer.parse(data, 16), which accepts a leading + or - despite RFC 7230 requiring unsigned hex digits. This leads to a mismatch with RFC-strict int...

6.3CVSS6.1AI score0.00301EPSS
Exploits0References4
Rows per page
Query Builder