Lucene search
+L

3916 matches found

Positive Technologies
Positive Technologies
added 2 days ago7 views

PT-2026-60856

Name of the Vulnerable Software and Affected Versions WordPress versions 6.9.0 through 6.9.4 WordPress versions 7.0.0 through 7.0.1 Description An unauthenticated remote code execution flaw exists in the WordPress core REST batch API. The issue stems from a route confusion problem in the batch...

9.8CVSS6.9AI score0.08946EPSS
Exploits38References79
NVD
NVD
added 3 days ago9 views

CVE-2026-63089

WireGuard Easy through 15.3.0, fixed in commit 66b292b, contains a cryptographically weak one-time link token generation vulnerability that allows unauthenticated network attackers to recover WireGuard peer credentials by brute-forcing a keyspace of at most 1000 candidate tokens per client ID, as...

9.3CVSS0.00238EPSS
Exploits0References3
OSV
OSV
added 3 days ago5 views

CVE-2026-63089 WireGuard Easy Weak Token Generation Information Disclosure via OTL Route

WireGuard Easy through 15.3.0, fixed in commit 66b292b, contains a cryptographically weak one-time link token generation vulnerability that allows unauthenticated network attackers to recover WireGuard peer credentials by brute-forcing a keyspace of at most 1000 candidate tokens per client ID, as...

9CVSS5.3AI score0.00238EPSS
Exploits0References6
Cvelist
Cvelist
added 3 days ago39 views

CVE-2026-63089 WireGuard Easy Weak Token Generation Information Disclosure via OTL Route

WireGuard Easy through 15.3.0, fixed in commit 66b292b, contains a cryptographically weak one-time link token generation vulnerability that allows unauthenticated network attackers to recover WireGuard peer credentials by brute-forcing a keyspace of at most 1000 candidate tokens per client ID, as...

9.3CVSS0.00238EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 3 days ago11 views

Envoy Gateway: Nil-dereference when SecurityPolicy targets TCPRoute without spec.authorization

Vulnerability report without repro case. Repro case may be added later after harness is complete. Preconditions 4: - Tenant has SecurityPolicy + TCPRoute RBAC baseline - Tenant namespace permitted to attach TCPRoute to a Gateway listener - spec.authorization omitted the trigger - No admission...

6.1AI score0.00121EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 3 days ago8 views

Envoy Gateway custom backendRef cross-namespace ReferenceGrant bypass

Impact Envoy Gateway accepts extension-managed custom backendRefs from an HTTPRoute to a backend resource in another namespace without requiring a matching Gateway API ReferenceGrant in the target namespace. This breaks the Gateway API cross-namespace consent model: the namespace that owns the...

6.1AI score0.00043EPSS
Exploits0References2Affected Software1
Nuclei
Nuclei
added 3 days ago164 views

MasterStudy LMS WordPress Plugin <= 3.2.5 - SQL Injection

The MasterStudy LMS WordPress Plugin for Online Courses and Education plugin for WordPress is vulnerable to union based SQL Injection via the 'user' parameter of the /lms/stm-lms/order/items REST route in all versions up to, and including, 3.2.5 due to insufficient escaping on the user supplied...

9.8CVSS7AI score0.77729EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 3 days ago9 views

PT-2026-60690

Impact Envoy Gateway accepts extension-managed custom backendRefs from an HTTPRoute to a backend resource in another namespace without requiring a matching Gateway API ReferenceGrant in the target namespace. This breaks the Gateway API cross-namespace consent model: the namespace that owns the...

6.4CVSS6.1AI score0.00043EPSS
Exploits0References3
OSV
OSV
added 4 days ago5 views

CVE-2026-49352 9Router: Hardcoded Default fallback JWT Secret Allows Authentication Bypass

9Router is an AI router & token saver. From 0.2.21 until 0.4.44, 9Router used the hardcoded fallback JWT secret 9router-default-secret-change-me in src/app/api/auth/login/route.js, src/middleware.js, and later src/lib/auth/dashboardSession.js, allowing attackers to forge an authtoken cookie when...

9.8CVSS6.1AI score0.00601EPSS
Exploits1References5
EUVD
EUVD
added 4 days ago5 views

EUVD-2026-44739

A flaw was found in the AAP Gateway Envoy proxy configuration. The non-mTLS route to EDA event streams does not remove the Subject HTTP header from client requests, despite the source code defining requestHeadersToRemove for this header. An unauthenticated remote attacker can inject a spoofed...

8.2CVSS6.2AI score0.00338EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 4 days ago6 views

CVE-2026-12382

A flaw was found in the AAP Gateway Envoy proxy configuration. The non-mTLS route to EDA event streams does not remove the Subject HTTP header from client requests, despite the source code defining requestHeadersToRemove for this header. An unauthenticated remote attacker can inject a spoofed...

8.2CVSS6.2AI score0.00338EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 4 days ago5 views

SUSE CVE-2026-58253

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.0, 2.12.7, and 2.11.16, when noauthuser was configured, a parser fast path intended for ordinary client connections could also apply to route or leafnode listeners, allowing an...

8.8CVSS7.9AI score0.00368EPSS
Exploits0References3
CVE
CVE
added 5 days ago14 views

CVE-2026-15738

The CVE-2026-15738 issue affects the AWS Load Balancer Controller prior to version 3.4.2, where incorrect behavior order in Gateway API listener-rule generation can let an authenticated remote user intercept, spoof, or deny another namespace’s gRPC traffic on a shared Gateway via a crafted HTTPRo...

8.5CVSS6.2AI score0.00373EPSS
Exploits0References2
Cvelist
Cvelist
added 5 days ago40 views

CVE-2026-15738 Cross-namespace traffic interception via incorrect route precedence ordering in AWS Load Balancer Controller

Incorrect behavior order in the Gateway API listener-rule generation in Amazon AWS Load Balancer Controller before 3.4.2 might allow an authenticated remote user to intercept, spoof, or deny another namespace's gRPC traffic on a shared Gateway via a crafted HTTPRoute resource. To mitigate this...

8.5CVSS0.00373EPSS
Exploits0References2
OSV
OSV
added 5 days ago8 views

CVE-2026-15738 Cross-namespace traffic interception via incorrect route precedence ordering in AWS Load Balancer Controller

Incorrect behavior order in the Gateway API listener-rule generation in Amazon AWS Load Balancer Controller before 3.4.2 might allow an authenticated remote user to intercept, spoof, or deny another namespace's gRPC traffic on a shared Gateway via a crafted HTTPRoute resource. To mitigate this...

5.8CVSS6.2AI score0.00373EPSS
Exploits0References4
NVD
NVD
added 5 days ago4 views

CVE-2026-48784

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.53, 6.4.41, 7.4.13, and 8.0.13, UrlGenerator::doGenerate used strtr dot-segment encoding that skipped every other chained ../ or ./ segment, allowing attacker-controlled route parameters...

6.1CVSS0.00267EPSS
Exploits0References5
OSV
OSV
added 5 days ago4 views

CVE-2026-48784 Symfony: UrlGenerator Dot-Segment Encoding Skips Every Other Chained `../` or `./` → Generated URL Collapses Off-Route Under RFC 3986 Normalization

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.53, 6.4.41, 7.4.13, and 8.0.13, UrlGenerator::doGenerate used strtr dot-segment encoding that skipped every other chained ../ or ./ segment, allowing attacker-controlled route parameters...

5.1CVSS6.1AI score0.00267EPSS
Exploits0References7
CVE
CVE
added 5 days ago80 views

CVE-2026-45065

CVE-2026-45065 affects Symfony’s UrlGenerator in the Symfony PHP framework. Prior to versions 5.4.52, 6.4.40, 7.4.12, and 8.0.12, UrlGenerator validates route parameters with a pattern built as ^ + raw requirement + $, and ungrouped alternations can cause middle alternatives to match as unanchore...

6.1CVSS6.1AI score0.00261EPSS
Exploits0References5Affected Software1
OSV
OSV
added 5 days ago4 views

CVE-2026-45065 Symfony: UrlGenerator Route-Requirement Bypass via Unanchored Regex Alternation → Off-Site //host URL Injection

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, UrlGenerator validates route parameters against a pattern built as ^ plus the raw requirement plus $; with ungrouped alternations, middle alternatives mat...

2.3CVSS6.1AI score0.00261EPSS
Exploits0References7
OSV
OSV
added 5 days ago3 views

BIT-NATS-2026-58253 NATS Server: Route API Auth Bypass

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.0, 2.12.7, and 2.11.16, when noauthuser was configured, a parser fast path intended for ordinary client connections could also apply to route or leafnode listeners, allowing an...

8.8CVSS6.1AI score0.00368EPSS
Exploits0References8
Rows per page
Query Builder