Lucene search
K

117 matches found

OSV
OSV
added 2026/06/25 1:1 p.m.4 views

CVE-2026-52690 Spoofed answers can mark an authoritative non-EDNS capable

Spoofing replies to Recursor might mark an IP of an authoritative server as not supporting EDNS, causing valdiation of DNSSEC records served by that server to fail...

5.9CVSS5.9AI score0.00352EPSS
Exploits0References5
OSV
OSV
added 2026/06/23 12:13 p.m.3 views

CVE-2026-56275 Flowise - Server-Side Request Forgery via Execute Flow Base URL

Flowise before 3.1.0 contains a server-side request forgery vulnerability in the Execute Flow node that allows attackers to bypass security validation by providing intranet addresses through the base URL field. Attackers can initiate HTTP requests to internal network addresses, access cloud...

6CVSS6AI score0.00183EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2026/05/02 1:25 a.m.14 views

SUSE CVE-2026-31709

In the Linux kernel, the following vulnerability has been resolved: smb: client: validate the whole DACL before rewriting it in cifsacl buildsecdesc and idmodetocifsacl derive a DACL pointer from a server-supplied dacloffset and then use the incoming ACL to rebuild the chmod/chown security...

8.8CVSS5.8AI score0.00259EPSS
Exploits0References7
NVD
NVD
added 2026/04/10 5:17 p.m.11 views

CVE-2026-35652

OpenClaw before 2026.3.22 contains an authorization bypass vulnerability in interactive callback dispatch that allows non-allowlisted senders to execute action handlers. Attackers can bypass sender authorization checks by dispatching callbacks before normal security validation completes, enabling...

9.1CVSS0.0042EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/10 4:3 p.m.3 views

EUVD-2026-21450

OpenClaw before 2026.3.22 contains an authorization bypass vulnerability in interactive callback dispatch that allows non-allowlisted senders to execute action handlers. Attackers can bypass sender authorization checks by dispatching callbacks before normal security validation completes, enabling...

6.9CVSS5.9AI score0.0042EPSS
Exploits0References4
NVD
NVD
added 2026/03/25 2:16 p.m.4 views

CVE-2026-1519

If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU. Authoritative-only servers are generally unaffected, although there are circumstances where authoritative servers may make recursive queries see:...

7.5CVSS0.01545EPSS
Exploits0References28
OSV
OSV
added 2026/03/11 7:29 p.m.7 views

GHSA-3WF5-G532-RCRR Argo Workflows: WorkflowTemplate Security Bypass via podSpecPatch in Strict/Secure Reference Mode

Summary A user who can submit Workflows can completely bypass all security settings defined in a WorkflowTemplate by including a podSpecPatch field in their Workflow submission. This works even when the controller is configured with templateReferencing: Strict, which is specifically documented as...

8.9CVSS5.8AI score0.00413EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/02/24 1:44 a.m.7 views

CVE-2025-70045

An issue pertaining to CWE-295: Improper Certificate Validation was discovered in jxcore jxm master. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in HTTPS request options when 'jxobj.IsSecure' is true...

7.4CVSS5.3AI score0.00169EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2025/12/09 9:2 a.m.14 views

Bluetooth: hci_event: validate skb length for unknown CC opcode

...

7.1CVSS7AI score0.00162EPSS
Exploits0
EUVD
EUVD
added 2025/11/17 6:30 p.m.8 views

EUVD-2025-197811

GoSign Desktop through 2.4.1 disables TLS certificate validation when configured to use a proxy server. This can be problematic if the GoSign Desktop user selects an arbitrary proxy server without consideration of whether outbound HTTPS connections from the proxy server to Internet servers succee...

3.2CVSS6.3AI score0.00108EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/10/31 2:23 p.m.13 views

CVE-2025-64385 INCORRECT SECURITY VALIDATION IN SENDING UDP FRAMES

The equipment initially can be configured using the manufacturer's application, by Wi-Fi, by the web server or with the manufacturer’s software. Using the manufacturer's software, the device can be configured via UDP. Analyzing this communication, it has been observed that any aspect of the initi...

9.2CVSS0.00498EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2025/10/22 11:55 a.m.12 views

Bridging the Remediation Gap: Introducing Pentera Resolve

From Detection to Resolution: Why the Gap Persists A critical vulnerability is identified in an exposed cloud asset. Within hours, five different tools alert you about it: your vulnerability scanner, XDR, CSPM, SIEM, and CMDB each surface the issue in their own way, with different severity levels...

6.7AI score
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2019-2628

Malware in sbrugna...

9.8CVSS9.5AI score0.01438EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-7416

Malware in sbrugna...

9.8CVSS9.5AI score0.02259EPSS
Exploits3References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2019-15786

Malware in sbrugna...

7.5CVSS8.3AI score0.02138EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.11 views

EUVD-2017-6979

Malware in sbrugna...

6.8CVSS7AI score0.01095EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-30469

Malicious code in bioql PyPI...

5.4CVSS6.4AI score0.00308EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2023-27442

Malicious code in bioql PyPI...

7.1CVSS7AI score0.00171EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-43678

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00313EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-24348

Malicious code in bioql PyPI...

5.4CVSS5.7AI score0.00608EPSS
Exploits1References3
Rows per page
Query Builder