Lucene search
K

72 matches found

CVE
CVE
added 3 days ago9 views

CVE-2026-57954

Vulnerability summary (CVE-2026-57954) Elide 7.1.17 has a flaw in SortingImpl.getValidSortingRules where @ReadPermission is not enforced on client-supplied sort expressions. This allows attackers to sort collections by forbidden fields and infer hidden field values via row ordering analysis, leak...

5.3CVSS5.8AI score0.00168EPSS
Exploits0References2
Nuclei
Nuclei
added 4 days ago65 views

Adobe AEM Dispatcher <4.15 - Rules Bypass

Dispatcher before 4.1.5 in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 does not properly implement a URL filter, which allows remote attackers to bypass dispatcher rules via unspecified vectors. id: CVE-2016-0957 info: name: Adobe AEM Dispatcher 4.15 - Rules Bypass author: geeknik severity:...

7.8CVSS7.2AI score0.5071EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Audit: Added fchmodat2 to the “change attributes” class. fchmodat2, introduced in version 6.6, is currently not included in the “change attributes” class of audit. Calling fchmodat2 to change a file’s attributes in the same way a...

5.5CVSS5.3AI score0.00124EPSS
Exploits0References1
OSV
OSV
added 2026/06/18 9:28 p.m.5 views

MGASA-2026-0226 Updated ruby-rack packages fix security vulnerabilities

CVE-2026-26961 Greedy multipart boundary parsing can cause parser differentials and WAF bypass. Forwarded header semicolon injection enables Host and Scheme spoofing. CVE-2026-34230 Quadratic complexity in Rack::Utils.selectbestencoding via wildcard Accept-Encoding header. CVE-2026-34763 Root...

7.5CVSS5.2AI score0.00475EPSS
Exploits1References14
Mageia
Mageia
added 2026/06/18 9:28 p.m.8 views

Updated ruby-rack packages fix security vulnerabilities

CVE-2026-26961 Greedy multipart boundary parsing can cause parser differentials and WAF bypass. Forwarded header semicolon injection enables Host and Scheme spoofing. CVE-2026-34230 Quadratic complexity in Rack::Utils.selectbestencoding via wildcard Accept-Encoding header. CVE-2026-34763 Root...

7.5CVSS5AI score0.00475EPSS
Exploits1References13
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.22 views

PT-2026-47545

Summary An attacker can bypass IPv6 subnet rules due to an incorrect masking operation in IpSubnetFilterRule.compareTo. Valid public IP addresses can bypass the restrictions. Details io.netty.handler.ipfilter.IpSubnetFilterRulecompareTojava.net.InetSocketAddress method performs a bitwise AND...

8.1CVSS5.5AI score
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.9 views

EulerOS Virtualization 2.10.1 : util-linux (EulerOS-SA-2026-2038)

According to the versions of the util-linux packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in util-linux. Improper hostname canonicalization in the login1 utility, when invoked with the -h option, can...

5.3CVSS5.5AI score0.00436EPSS
Exploits0References2
CVE
CVE
added 2026/05/13 6:14 p.m.14 views

CVE-2026-0235

CVE-2026-0235 is a race-condition vulnerability in Palo Alto Networks Prisma Browser. The description states that a locally authenticated non-admin user can bypass certain access and data control policies due to this race condition. No specific vulnerable components, versions, or root-cause detai...

5.8CVSS5.8AI score0.00173EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/30 11:17 p.m.6 views

EUVD-2026-26458

Route Services can be leveraged to send app traffic to network destinations outside of an app's configured egress rules. As a result, a malicious developer with access to Cloudfoundry could configure a route-service that would allow it to send requests to HTTP services on internal networks...

5CVSS5.3AI score0.00199EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/24 2:52 a.m.3 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the PageRules::create process in the page rules component. An attacker can publish a page without the required status-change permission by creating it as a non-draft. This lets a user who is allowed to create...

6.5CVSS5.4AI score0.00275EPSS
Exploits0References2
CVE
CVE
added 2026/04/02 4:44 p.m.14 views

CVE-2026-34786

Vulnerability summary: CVE-2026-34786 affects Rack’s static file serving. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Static#applicable_rules compares header_rules against the raw URL-encoded PATH_INFO while the file path is decoded for serving. This can allow a URL-encoded path variant to...

5.3CVSS5.7AI score0.00195EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.2 views

PT-2026-29919

Summary Rack::Staticapplicable rules evaluates several header rules types against the raw URL-encoded PATH INFO, while the underlying file-serving path is decoded before the file is served. As a result, a request for a URL-encoded variant of a static path can serve the same file without the heade...

5.3CVSS5.9AI score0.00195EPSS
Exploits0References4
OSV
OSV
added 2026/03/29 3:37 p.m.3 views

GHSA-46WH-3698-F2CX Traefik: Deny Rule Bypass via Unauthenticated Malicious gRPC Requests in gRPC-Go Dependency (CVE-2026-33186)

Summary There is a potential vulnerability in Traefik due to its dependency on an affected version of gRPC-Go CVE-2026-33186. A remote, unauthenticated attacker can send gRPC requests with a malformed HTTP/2 :path pseudo-header omitting the mandatory leading slash e.g., Service/Method instead of...

7.8CVSS5.9AI score
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/03/28 12:26 a.m.4 views

SUSE CVE-2026-32758

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Versions 2.61.2 and below are vulnerable to Path Traversal through the resourcePatchHandler http/resource.go. The destination path in resourcePatchHandler is...

6.5CVSS5.7AI score0.00387EPSS
Exploits0References3
CVE
CVE
added 2026/03/19 11:22 p.m.15 views

CVE-2026-32758

The CVE-2026-32758 entry concerns File Browser, where versions 2.61.2 and earlier are vulnerable to Path Traversal via the resourcePatchHandler in http/resource.go. The flaw allows an authenticated user with Create or Rename permissions to bypass deny rules by injecting .. sequences in the destin...

6.5CVSS5.7AI score0.00387EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/19 11:22 p.m.3 views

CVE-2026-32758 File Browser has an Access Rule Bypass via Path Traversal in Copy/Rename Destination Parameter

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Versions 2.61.2 and below are vulnerable to Path Traversal through the resourcePatchHandler http/resource.go. The destination path in resourcePatchHandler is...

6.5CVSS5.7AI score0.00387EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/17 9:11 a.m.30 views

CVE-2025-71239 audit: add fchmodat2() to change attributes class

In the Linux kernel, the following vulnerability has been resolved: audit: add fchmodat2 to change attributes class fchmodat2, introduced in version 6.6 is currently not in the change attribute class of audit. Calling fchmodat2 to change a file attribute in the same fashion than chmod or fchmodat...

0.00124EPSS
Exploits0References6
OSV
OSV
added 2026/03/17 9:11 a.m.5 views

CVE-2025-71239 audit: add fchmodat2() to change attributes class

In the Linux kernel, the following vulnerability has been resolved: audit: add fchmodat2 to change attributes class fchmodat2, introduced in version 6.6 is currently not in the change attribute class of audit. Calling fchmodat2 to change a file attribute in the same fashion than chmod or fchmodat...

5.5CVSS5.7AI score0.00124EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2026/03/17 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2025-71239

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - audit: add fchmodat2 to change attributes class fchmodat2, introduced in version 6.6 is currently not in the change attribute class of audit. Calling fchmodat2 ...

5.5CVSS6.1AI score0.00124EPSS
Exploits0References2
OSV
OSV
added 2026/03/16 8:45 p.m.5 views

GHSA-9F3R-2VGW-M8XP File Browser has an Access Rule Bypass via Path Traversal in Copy/Rename Destination Parameter

Description The resourcePatchHandler in http/resource.go validates the destination path against configured access rules before the path is cleaned/normalized. The rules engine rules/rules.go uses literal string prefix matching strings.HasPrefix or regex matching against the raw path. The actual...

6.5CVSS5.8AI score0.00387EPSS
Exploits0References5
Rows per page
Query Builder