Lucene search
K

20548 matches found

Nuclei
Nuclei
added yesterday80 views

Oracle Weblogic - Server-Side Request Forgery

An unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0 and 10.3.6.0 allows remote attackers to affect confidentiality via vectors related to WLS - Web Services. id: CVE-2014-4210 info: name: Oracle Weblogic - Server-Side Request Forgery author:...

5CVSS7.1AI score0.38152EPSS
Exploits8References5
Nuclei
Nuclei
added yesterday66 views

Vite server.fs.deny Bypass - Local File Inclusion

Vite is a frontend tooling framework for javascript. The contents of arbitrary files can be returned to the browser. By adding ?.svg with ?.wasm?init or with sec-fetch-dest- script header, the server.fs.deny restriction was able to bypass. This bypass is only possible if the file is smaller than...

5.3CVSS6.7AI score0.38685EPSS
Exploits7References5
RedHat Linux
RedHat Linux
added 5 days ago5 views

golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: Security bypass due to improper handling of key restrictions

A flaw was found in golang.org/x/crypto/ssh/agent. When a key was added to a remote agent, security restrictions, known as constraint extensions, were not properly processed during the request. This allowed these restrictions to be silently removed when keys were forwarded, leading to the...

9.1CVSS6AI score0.00525EPSS
Exploits0References8
NVD
NVD
added 6 days ago8 views

CVE-2026-58211

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, a client could be registered as the configured noauthuser through a parser path used when the first client operation was not CONNECT, bypassing user-level connection...

5.4CVSS0.00292EPSS
Exploits0References1
NVD
NVD
added 6 days ago7 views

CVE-2026-36028

A protection mechanism failure in the Code 27 Companion Hub allows an attacker with physical access to completely bypass kiosk restrictions via a factory reset...

6.8CVSS0.00237EPSS
Exploits0References3
CVE
CVE
added 6 days ago11 views

CVE-2026-58211

CVE-2026-58211 affects NATS Server. A vulnerable path allows a client to be registered as the configured no_auth_user via a parser path when the first client operation is not CONNECT, bypassing user-level connection restrictions such as allowed_connection_types or proxy_required. This could enabl...

5.4CVSS6AI score0.00292EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 6 days ago33 views

CVE-2026-58211 NATS Server: `no_auth_user` pre-CONNECT fast path bypasses user connection restrictions

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, a client could be registered as the configured noauthuser through a parser path used when the first client operation was not CONNECT, bypassing user-level connection...

5.4CVSS0.00292EPSS
Exploits0References1
CVE
CVE
added 6 days ago12 views

CVE-2026-8801

Technical details about CVE-2026-8801 are not publicly available in the provided documents. Monitor for further updates from vendors and standard CVE sources.

9.8CVSS5.9AI score0.00311EPSS
Exploits0References1Affected Software1
RedHat Linux
RedHat Linux
added 6 days ago10 views

golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: Security bypass due to improper handling of key restrictions

A flaw was found in golang.org/x/crypto/ssh/agent. When a key was added to a remote agent, security restrictions, known as constraint extensions, were not properly processed during the request. This allowed these restrictions to be silently removed when keys were forwarded, leading to the...

9.1CVSS6AI score0.00525EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 6 days ago6 views

golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the Root.Chmod function is replaced with a symbolic link during execution, specifically after Root.Chmod checks the target but before acting, the chmod operation will be performed on the file the...

6.4CVSS6.8AI score0.00292EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 6 days ago4 views

CVE-2026-55956

A flaw was found in Apache Tomcat where access control rules for the default servlet are improperly handled. An attacker can exploit this issue to bypass specific HTTP method restrictions, potentially gaining unauthorized access to protected application resources. Mitigation Review your...

6.5CVSS5.9AI score0.0041EPSS
Exploits0References4
Cvelist
Cvelist
added 6 days ago31 views

CVE-2026-60125 importModule function in MISP ignores per-organisation import module restrictions

MISP’s importModule path used getEnabledModule to resolve a single import module by name, but this lookup did not enforce the per-organisation module restriction checked by getEnabledModules. As a result, an authenticated user from an organisation that was not allowed to use a module restricted v...

5.3CVSS0.00207EPSS
Exploits0References1
CVE
CVE
added 6 days ago10 views

CVE-2026-60125

CVE-2026-60125 affects MISP: the importModule() path used getEnabledModule() to resolve a module by name, but did not enforce per-organisation restrictions implemented by getEnabledModules(). This can allow an authenticated user from an organisation not allowed to use a restricted module (Plugin....

5.3CVSS5.9AI score0.00207EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 6 days ago6 views

CVE-2026-60125

MISP’s importModule path used getEnabledModule to resolve a single import module by name, but this lookup did not enforce the per-organisation module restriction checked by getEnabledModules. As a result, an authenticated user from an organisation that was not allowed to use a module restricted v...

5.3CVSS5.9AI score0.00207EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 6 days ago5 views

PT-2026-56535

Name of the Vulnerable Software and Affected Versions Code 27 Companion Hub affected versions not specified Description A protection mechanism failure allows an attacker with physical access to completely bypass kiosk restrictions by performing a factory reset. Recommendations At the moment, ther...

6.8CVSS6.1AI score0.00237EPSS
Exploits0References6
Cvelist
Cvelist
added 6 days ago30 views

CVE-2026-36028

A protection mechanism failure in the Code 27 Companion Hub allows an attacker with physical access to completely bypass kiosk restrictions via a factory reset...

0.00237EPSS
Exploits0References3
CVE
CVE
added 6 days ago6 views

CVE-2026-36028

Technical details are not publicly available in the provided documents. Monitor for updates as no specific affected components, versions, or remediation are disclosed here.

6.8CVSS6AI score0.00237EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added last week5 views

CVE-2026-42504

A flaw was found in the Golang MIME Multipurpose Internet Mail Extensions package. A remote attacker could exploit this vulnerability by sending a maliciously-crafted MIME header containing many invalid encoded-words. This could lead to excessive CPU consumption, resulting in a Denial of Service...

7.5CVSS7.1AI score0.0056EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added last week9 views

golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: Security bypass due to improper handling of key restrictions

A flaw was found in golang.org/x/crypto/ssh/agent. When a key was added to a remote agent, security restrictions, known as constraint extensions, were not properly processed during the request. This allowed these restrictions to be silently removed when keys were forwarded, leading to the...

9.1CVSS6AI score0.00525EPSS
Exploits0References8
OSV
OSV
added 2026/07/07 11:45 a.m.5 views

PYSEC-2026-2004 vantage6's CORS settings overly permissive

Impact The vantage6 server has no restrictions on CORS settings. It should be possible for people to set the allowed origins of the server. The impact is limited because v6 does not use session cookies Patches No Workarounds No...

4.2CVSS5.9AI score0.00311EPSS
Exploits0References6
Rows per page
Query Builder