3096 matches found
PT-2026-48880
Name of the Vulnerable Software and Affected Versions Nuxt versions 3.11.0 through 3.21.6 Nuxt versions 4.0.0 through 4.4.6 Description A route-rule middleware bypass exists due to a case-sensitivity mismatch between vue-router and the routeRules matcher. Recommendations Update to version 3.21.7...
PT-2026-48859
Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, the automod add command trims user input but does not reject an empty result. Adding a rule containing only whitespace stores an empty word. The message listener later checks content.includes"", which is always true, causing the bot ...
Linux Distros Unpatched Vulnerability : CVE-2026-44249
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netty is a network application framework for development of protocol servers and clients. In netty-handler prior to versions 4.1.135.Final and 4.2.15.Final, an...
DEBIAN-CVE-2026-44249
Netty is a network application framework for development of protocol servers and clients. In netty-handler prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can bypass IPv6 subnet rules due to an incorrect masking operation in IpSubnetFilterRule.compareTo. Valid public IP addresses ca...
UBUNTU-CVE-2026-44249
Netty is a network application framework for development of protocol servers and clients. In netty-handler prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can bypass IPv6 subnet rules due to an incorrect masking operation in IpSubnetFilterRule.compareTo. Valid public IP addresses ca...
CVE-2026-44249 Netty has an IPv6 Subnet Filter Bypass via Incorrect Comparator Masking
Netty is a network application framework for development of protocol servers and clients. In netty-handler prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can bypass IPv6 subnet rules due to an incorrect masking operation in IpSubnetFilterRule.compareTo. Valid public IP addresses ca...
EUVD-2026-36327
Netty is a network application framework for development of protocol servers and clients. In netty-handler prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can bypass IPv6 subnet rules due to an incorrect masking operation in IpSubnetFilterRule.compareTo. Valid public IP addresses ca...
CVE-2026-44249
Netty is a network application framework for development of protocol servers and clients. In netty-handler prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can bypass IPv6 subnet rules due to an incorrect masking operation in IpSubnetFilterRule.compareTo. Valid public IP addresses ca...
CVE-2026-47189 Quest Bot: AutoMod removal can delete rules from another guild by global rule ID
Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.5, the AutoMod remove flow looks up and deletes rules by global database ID without verifying that the rule belongs to the guild where the command is executed. A user can learn a victim...
CVE-2026-47189
CVE-2026-47189 — Quest Bot AutoMod removal : The issue affects Quest Bot (Discord bot) prior to version 1.0.5, where the AutoMod remove flow looks up and deletes rules by a global database ID without verifying that the rule belongs to the guild where the command runs. An attacker can learn a vict...
EUVD-2026-36279
Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.5, the AutoMod remove flow looks up and deletes rules by global database ID without verifying that the rule belongs to the guild where the command is executed. A user can learn a victim...
CVE-2026-47189 Quest Bot: AutoMod removal can delete rules from another guild by global rule ID
Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.5, the AutoMod remove flow looks up and deletes rules by global database ID without verifying that the rule belongs to the guild where the command is executed. A user can learn a victim...
GHSA-2GR4-PPC7-7MHX CodeIgniter4 has a validation bypass when uploading file extensions via `ext_in` rule
Impact The extin upload validation rule checked the MIME-derived guessed extension instead of the client-provided filename extension. As a result, an uploaded file named shell.php containing GIF-like content could pass validation such as:...
Netty 访问控制错误漏洞
Netty is a non-blocking I/O client-server framework from the Netty community. It is primarily used for developing Java network applications, such as protocol servers and clients. Versions of Netty prior to 4.1.135.Final and 4.2.15.Final contained an access control vulnerability. This vulnerabilit...
CVE-2026-45556 Roxy-WI: Authenticated arbitrary file write on every managed load balancer (and downstream RCE) via WAF rule save `config_file_name`
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, POST /waf///rule//save accepts a configfilename form field that is passed straight through to configmod.masterslaveuploadandrestart... as the destination path. The validation chai...
CVE-2026-45556
Roxy-WI (versions <= 8.2.6.4) is affected by CVE-2026-45556. The vulnerability arises in POST /waf///rule//save: the config_file_name field is passed to config_mod.master_slave_upload_and_restart(...) as the destination path. The validation only checks that the path contains a service substrin...
Your Automated Pentest Looks Clean. See What It Missed in This Expert Webinar
Your pentest report looks clean. That might be the problem. Run automated pentesting long enough, and the new findings start to dry up. By the third or fourth run, fewer issues appear. The report looks stable. Leadership reads "stable" as "secure." It usually isn't. The work slows down. The risk...
Fulcrum-OSINT-monitor
FULCRUM — Architecture Technique v3.1 Vue d'ensemble FULC...
PT-2026-48436
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, POST /waf///rule//save accepts a config file name form field that is passed straight through to config mod.master slave upload and restart... as the destination path. The validati...
Roxy-WI 输入验证错误漏洞
Roxy-WI is an open-source web interface designed for managing Haproxy, Nginx, and Keepalived servers. Versions of Roxy-WI 8.2.6.4 and earlier contain a vulnerability related to input validation errors. This vulnerability stems from the POST /waf///rule//save endpoint accepting the configfilename...