Lucene search
K

12037 matches found

CVE
CVE
added 1 hour ago3 views

CVE-2026-58523

Improper access control in Microsoft Edge for Android allows an unauthorized attacker to bypass a security feature over a network...

6.5CVSS5.9AI score
Exploits0References1
Nuclei
Nuclei
added 20 hours ago15 views

Adobe Experience Manager ≤ 6.5.23.0 - XML Injection

Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an XML Injection vulnerability that could result in a Security feature bypass. id: CVE-2025-54251 info: name: Adobe Experience Manager ≤ 6.5.23.0 - XML Injection author: DhiyaneshDK,assetnote severity: medium description: |...

4.3CVSS5.9AI score0.01609EPSS
Exploits0
Nuclei
Nuclei
added 20 hours ago8 views

Starlette - Improper Validation of Unsafe Equivalence in Input

A flaw was found in Starlette, a lightweight ASGI Asynchronous Server Gateway Interface framework. A remote attacker could exploit this vulnerability by sending a specially crafted HTTP Host request header. This malformed header could cause the request.url to be incorrectly reconstructed, leading...

6.5CVSS6.3AI score0.01438EPSS
Exploits2References2
RedHat Linux
RedHat Linux
added yesterday4 views

next.js: Next.js: Information disclosure via security fix bypass in middleware with Turbopack

A flaw was found in Next.js. A remote unauthenticated attacker could exploit a bypass in a security fix when using middleware.ts with Turbopack. This vulnerability could lead to the disclosure of sensitive information...

7.5CVSS5.9AI score0.00505EPSS
Exploits0References5
Nuclei
Nuclei
added 2 days ago16 views

SolarWinds Web Help Desk < 12.8.8 Hotfix 1 (HF1) - Security Control Bypass

SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could allow an unauthenticated attacker to gain access to certain restricted functionality. id: CVE-2025-40536 info: name: SolarWinds Web Help Desk 12.8.8 Hotfix 1 HF1 - Security...

9.8CVSS7.5AI score0.8413EPSS
Exploits4References3
RedhatCVE
RedhatCVE
added 3 days ago8 views

CVE-2026-54516

A flaw was found in jackson-databind. This vulnerability allows a remote attacker to bypass security controls by exploiting an issue in how properties are handled when both @JsonProperty for renaming and @JsonIgnore for ignoring annotations are used. By supplying a specially crafted JSON key, an...

5.3CVSS5.7AI score0.00282EPSS
Exploits0References8
NVD
NVD
added 3 days ago6 views

CVE-2025-36327

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to bypass security controls and perform unauthorized actions due to client-side enforcement of sever-side security...

6.5CVSS0.00375EPSS
Exploits0References1
CVE
CVE
added 3 days ago9 views

CVE-2025-36327

CVE-2025-36327 affects IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, and 5.3.0. An authenticated user can bypass security controls and perform unauthorized actions due to client-side enforcement of server-side security. The issue is described as a failure of client-side controls to enforce s...

6.5CVSS5.8AI score0.00375EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago29 views

CVE-2025-36327 Vulnerabilities found in Watson Data Intelligence

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to bypass security controls and perform unauthorized actions due to client-side enforcement of sever-side security...

6.5CVSS0.00375EPSS
Exploits0References1
EUVD
EUVD
added 3 days ago5 views

EUVD-2025-210378

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to bypass security controls and perform unauthorized actions due to client-side enforcement of sever-side security...

6.5CVSS5.8AI score0.00375EPSS
Exploits0References1
NVD
NVD
added 3 days ago8 views

CVE-2026-48314

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to gain limited read and write access to...

6.5CVSS0.00333EPSS
Exploits0References1
NVD
NVD
added 3 days ago7 views

CVE-2026-48285

ColdFusion versions 2025.9, 2023.20 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue...

8.6CVSS0.00439EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago32 views

CVE-2026-48285 ColdFusion | Server-Side Request Forgery (SSRF) (CWE-918)

ColdFusion versions 2025.9, 2023.20 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue...

8.6CVSS0.00439EPSS
Exploits0References1
NVD
NVD
added 3 days ago6 views

CVE-2026-12388

A flaw was found in the Identity Provider IdP mapper component of Keycloak, which is used to manage how user information from external services is mapped to Keycloak users. An administrator with limited permissions to manage identity providers can exploit this flaw by creating a "Hardcoded Role"...

6.5CVSS0.00233EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 3 days ago5 views

CVE-2026-12388

A flaw was found in the Identity Provider IdP mapper component of Keycloak, which is used to manage how user information from external services is mapped to Keycloak users. An administrator with limited permissions to manage identity providers can exploit this flaw by creating a "Hardcoded Role"...

6.5CVSS5.6AI score0.00233EPSS
Exploits0References3
Cvelist
Cvelist
added 3 days ago30 views

CVE-2026-14209 Keycloak-admin-ui: keycloak-admin-ui: keycloak: admin ui extension brute-force-user endpoint bypasses fgapv2 user view restrictions

A vulnerability was discovered in Keycloak's Admin UI extension that allows certain administrative users to bypass security restrictions. When Fine-Grained Admin Permissions FGAPv2 are enabled, an administrator who should only be able to search for users but not view their full details can use a...

4.3CVSS0.00173EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 3 days ago4 views

vim: arbitrary command execution via modeline sandbox bypass

A flaw was found in Vim. A modeline is used to set specific editor options directly from a text file. However, the complete, guitabtooltip, printheader options and the mapset function lack proper security checks, allowing an attacker to bypass restrictions and cause arbitrary OS command execution...

8.2CVSS5.9AI score0.0047EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 3 days ago8 views

CVE-2026-53537

A flaw was found in Python-Multipart. This vulnerability allows a remote attacker to bypass security controls by exploiting a difference in how Content-Disposition and Content-Type headers are parsed. Specifically, the parseoptionsheader function incorrectly applies RFC 2231/5987 decoding, which ...

5.3CVSS5.8AI score0.00177EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 3 days ago19 views

CVE-2026-53434

A flaw was found in Apache Tomcat. When configuring Certificate Revocation Lists CRLs for a FFM presumably a specific type of connector, the system fails to detect and act upon an error condition. This oversight could lead to unexpected behavior or a security bypass, as the intended security...

9.1CVSS5.7AI score0.00285EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 4 days ago4 views

gnutls: gnutls: Security bypass due to incorrect name constraint handling

A flaw was found in gnutls. This vulnerability occurs because permitted name constraints were incorrectly ignored when previous Certificate Authorities CAs only had excluded name constraints. A remote attacker could exploit this to bypass critical name constraint checks during certificate...

7.4CVSS5.8AI score0.00475EPSS
Exploits0References5
Rows per page
Query Builder