Lucene search
+L

12183 matches found

vulnrichment
vulnrichment
added 2026/07/03 8:35 p.m.7 views

CVE-2026-57983 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

...

8.7CVSS5.9AI score0.00463EPSS
Exploits0References1
osv
osv
added 2026/07/03 8:19 p.m.4 views

CVE-2026-26292 Gitea LFS mirror synchronization bypasses migration HTTP transport restrictions

Gitea versions before 1.25.5 do not use the migration HTTP transport for LFS push and sync mirror operations, bypassing the configured migration transport protections for those LFS requests...

9.8CVSS5.9AI score0.00482EPSS
Exploits0References6
mscve
mscve
added 2026/07/03 2:0 p.m.10 views

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

Improper authorization in Microsoft Edge Chromium-based allows an unauthorized attacker to bypass a security feature over a network...

10CVSS5.9AI score0.00463EPSS
Exploits0
kaspersky
kaspersky
added 2026/07/03 12:0 a.m.8 views

KLA91127 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service, execute arbitrary code, obtain sensitive information, spoof user interface. Below is a complete list of vulnerabilities: 1. A remot...

6.5AI score
Exploits0References330
redhat
redhat
added 2026/07/02 3:43 p.m.3 views

libcurl: libcurl: Security feature bypass due to improper mTLS connection reuse

A flaw was found in curl. The libcurl library, used for transferring data with URLs, could improperly reuse existing network connections. This occurred even when changes to mutual Transport Layer Security mTLS settings, particularly those for client certificates, should have prevented such reuse...

7.5CVSS6.2AI score0.00368EPSS
Exploits1References7
redhat
redhat
added 2026/07/02 12:3 a.m.5 views

next.js: Next.js: Information disclosure via security fix bypass in middleware with Turbopack

A flaw was found in Next.js. A remote unauthenticated attacker could exploit a bypass in a security fix when using middleware.ts with Turbopack. This vulnerability could lead to the disclosure of sensitive information...

7.5CVSS5.9AI score0.00544EPSS
Exploits0References5
osv
osv
added 2026/07/01 8:35 p.m.5 views

GHSA-864G-863M-VCVQ Fleet has PSS Bypass through addLabelsFromOptions in Fleet Agent

Impact A vulnerability has been identified in Fleet's agent-side deployer, which did not filter security-sensitive keys from namespaceLabels in fleet.yaml or BundleDeployment.spec.options.namespaceLabels when applying them to the target namespace. An attacker with git push access to a...

8.8CVSS5.8AI score0.00508EPSS
Exploits0References2
redhat
redhat
added 2026/07/01 9:31 a.m.6 views

httpd: Apache HTTP Server: Buffer overflow in mod_proxy_html allows security bypass

A vulnerability has been identified in the Apache HTTP Server. If the server is configured to connect to a malicious or compromised backend server, an attacker could exploit this flaw to bypass security controls or run unauthorized code on the system...

7.5CVSS5.9AI score0.00805EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/07/01 12:0 a.m.18 views

PT-2026-54763

Name of the Vulnerable Software and Affected Versions Rancher Fleet affected versions not specified Description An authentication bypass exists in the webhook component. Additionally, a Pod Security Standard PSS bypass can be achieved through the manipulation of namespace labels. Recommendations ...

8.8CVSS5.7AI score0.00508EPSS
Exploits0References10
ptsecurity
ptsecurity
added 2026/07/01 12:0 a.m.6 views

PT-2026-55215

Name of the Vulnerable Software and Affected Versions Repomix versions prior to 1.14.1 Description Repomix is vulnerable to argument injection via the --remote-branch CLI option. The application passes the value of the remoteBranch variable directly to git fetch and git checkout subprocesses with...

8.8CVSS6.3AI score0.00697EPSS
Exploits0References5
redhatcve
redhatcve
added 2026/06/30 9:36 p.m.19 views

CVE-2026-54516

A flaw was found in jackson-databind. This vulnerability allows a remote attacker to bypass security controls by exploiting an issue in how properties are handled when both @JsonProperty for renaming and @JsonIgnore for ignoring annotations are used. By supplying a specially crafted JSON key, an...

5.3CVSS5.7AI score0.00282EPSS
Exploits0References8
nvd
nvd
added 2026/06/30 9:16 p.m.10 views

CVE-2025-36327

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to bypass security controls and perform unauthorized actions due to client-side enforcement of sever-side security...

6.5CVSS0.0036EPSS
Exploits0References1
euvd
euvd
added 2026/06/30 8:17 p.m.8 views

EUVD-2025-210378

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to bypass security controls and perform unauthorized actions due to client-side enforcement of sever-side security...

6.5CVSS5.8AI score0.0036EPSS
Exploits0References1
cve
cve
added 2026/06/30 8:17 p.m.19 views

CVE-2025-36327

CVE-2025-36327 affects IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, and 5.3.0. An authenticated user can bypass security controls and perform unauthorized actions due to client-side enforcement of server-side security. The issue is described as a failure of client-side controls to enforce s...

6.5CVSS5.8AI score0.0036EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2026/06/30 8:17 p.m.36 views

CVE-2025-36327 Vulnerabilities found in Watson Data Intelligence

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to bypass security controls and perform unauthorized actions due to client-side enforcement of sever-side security...

6.5CVSS0.0036EPSS
Exploits0References1
nvd
nvd
added 2026/06/30 4:16 p.m.10 views

CVE-2026-48314

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to gain limited read and write access to...

6.5CVSS0.00333EPSS
Exploits0References1
nvd
nvd
added 2026/06/30 4:16 p.m.9 views

CVE-2026-48285

ColdFusion versions 2025.9, 2023.20 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue...

8.6CVSS0.00439EPSS
Exploits0References1
osv
osv
added 2026/06/30 3:54 p.m.3 views

CVE-2026-58172 Ocelot - IP Allow/Block List Bypass for WebSocket Upgrade Requests

Ocelot through 24.1.0, fixed in commit f156fd4, contains a security control bypass vulnerability that allows denied clients to circumvent IP-based access restrictions by sending WebSocket upgrade requests. The WebSocket upgrade pipeline branch configured via MapWhen in OcelotPipelineExtensions.cs...

9.3CVSS5.9AI score0.00412EPSS
Exploits0References7
cvelist
cvelist
added 2026/06/30 3:12 p.m.45 views

CVE-2026-48285 ColdFusion | Server-Side Request Forgery (SSRF) (CWE-918)

ColdFusion versions 2025.9, 2023.20 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue...

8.6CVSS0.00439EPSS
Exploits0References1
nvd
nvd
added 2026/06/30 1:17 p.m.13 views

CVE-2026-12388

A flaw was found in the Identity Provider IdP mapper component of Keycloak, which is used to manage how user information from external services is mapped to Keycloak users. An administrator with limited permissions to manage identity providers can exploit this flaw by creating a "Hardcoded Role"...

6.5CVSS0.00233EPSS
Exploits0References2
Rows per page
Query Builder