Lucene search
K

28228 matches found

CVE
CVE
added 2026/06/22 9:4 p.m.10 views

CVE-2026-56266

CVE-2026-56266 affects Crawl4AI prior to 0.8.7. The vulnerability is a server-side request forgery in the /crawl, /crawl/stream, /md, and /llm endpoints that fetch arbitrary user‑supplied URLs without validation. Unauthenticated attackers can bypass the internal-address blocklist using IPv6‑mappe...

9.2CVSS6AI score0.00276EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/06/22 9:4 p.m.5 views

EUVD-2026-38366

Crawl4AI before 0.8.7 contains a server-side request forgery vulnerability in the /crawl, /crawl/stream, /md, and /llm endpoints that fetch arbitrary user-supplied URLs without validation. Unauthenticated attackers can bypass the internal-address blocklist using IPv6-mapped IPv4 addresses to reac...

9.2CVSS6AI score0.00276EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/22 9:1 p.m.9 views

openstack-keystone: OpenStack Keystone: Unauthorized access and privilege escalation via AWS signature validation flaw

A flaw was found in OpenStack Keystone. This vulnerability allows an attacker to obtain a valid OpenStack's Keystone token, leading to access to unauthorized resources or privilege escalation within the OpenStack instance via sending a valid AWS Amazon Web Services signature to the /v3/ec2tokens ...

7.5CVSS5.8AI score0.00196EPSS
Exploits0References6
NVD
NVD
added 2026/06/22 6:16 p.m.13 views

CVE-2026-54287

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, on AWS Lambda, the ALB single-header response and the VPC Lattice v2 response join multiple Set-Cookie headers into one comma-separated value. Because commas also appear inside cookie attribute...

5.3CVSS0.00186EPSS
Exploits0References1
NVD
NVD
added 2026/06/22 6:16 p.m.13 views

CVE-2026-54289

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, on AWS Lambda@Edge, CloudFront delivers a request header that appears more than once as several separate entries. The adapter writes each value with Headers.set instead of Headers.append, so...

4.8CVSS0.00114EPSS
Exploits0References1
NVD
NVD
added 2026/06/22 6:16 p.m.11 views

CVE-2026-12249

An issue was discovered in Canonical ADSys upstream versions through v0.16.2. During Active Directory Certificate Services AD CS certificate auto-enrollment via the vendored Samba client script internal/policies/certificate/python/vendorsamba/gp/gpcertautoenrollext.py, ADSys utilizes a plaintext...

9.5CVSS0.00111EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/22 5:25 p.m.3 views

Security Bulletin: SPSS Collaboration and Deployment Services is affected by Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc

Summary SPSS Collaboration and Deployment Services is affected by Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2026-3505 DESCRIPTION: Allocation of resources without limits o...

8.7CVSS5.7AI score0.00758EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2026/06/22 5:18 p.m.30 views

CVE-2026-54288 Hono: Body Limit Middleware can be bypassed on AWS Lambda by understating `Content-Length`

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, the Body Limit Middleware trusts the request's Content-Length header to decide whether a body is within the limit. On AWS Lambda API Gateway v1/v2, ALB, VPC Lattice, and Lambda@Edge the body is...

6.5CVSS0.00103EPSS
Exploits0References1
CVE
CVE
added 2026/06/22 5:18 p.m.21 views

CVE-2026-54288

The CVE-2026-54288 issue affects the Hono Web framework prior to version 4.12.25, where the Body Limit Middleware trusts the request Content-Length header. On AWS Lambda environments (API Gateway v1/v2, ALB, VPC Lattice, and Lambda@Edge), the body is fully buffered and the adapter builds the requ...

6.5CVSS5.8AI score0.00103EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/22 5:13 p.m.32 views

CVE-2026-54287 Hono: AWS Lambda adapter merges multiple `Set-Cookie` headers into one value, dropping cookies on ALB single-header and Lattice

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, on AWS Lambda, the ALB single-header response and the VPC Lattice v2 response join multiple Set-Cookie headers into one comma-separated value. Because commas also appear inside cookie attribute...

5.3CVSS0.00186EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/22 5:13 p.m.4 views

CVE-2026-54287

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, on AWS Lambda, the ALB single-header response and the VPC Lattice v2 response join multiple Set-Cookie headers into one comma-separated value. Because commas also appear inside cookie attribute...

5.3CVSS5.9AI score0.00186EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/06/22 4:16 p.m.7 views

CVE-2026-10845

IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to bypass authentication and gain unauthorized access to JAX-WS applications...

7.3CVSS0.00337EPSS
Exploits0References1
CVE
CVE
added 2026/06/22 3:43 p.m.21 views

CVE-2026-12249

Canonical ADSys upstream versions up to v0.16.2 expose a flaw in AD CS auto-enrollment where the vendored Samba client uses plaintext HTTP (GETCACert) to fetch the CA certificate, enabling a network attacker in a MITM position to supply an attacker-controlled Root CA. This leads to automatic enro...

9.5CVSS6AI score0.00111EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/22 3:43 p.m.4 views

CVE-2026-12249

An issue was discovered in Canonical ADSys upstream versions through v0.16.2. During Active Directory Certificate Services AD CS certificate auto-enrollment via the vendored Samba client script internal/policies/certificate/python/vendorsamba/gp/gpcertautoenrollext.py, ADSys utilizes a plaintext...

9.5CVSS6AI score0.00111EPSS
Exploits0References3Affected Software5
Cvelist
Cvelist
added 2026/06/22 3:43 p.m.30 views

CVE-2026-12249 Canonical ADSys Trust Store Poisoning via Plaintext HTTP Certificate Auto-Enrollment

An issue was discovered in Canonical ADSys upstream versions through v0.16.2. During Active Directory Certificate Services AD CS certificate auto-enrollment via the vendored Samba client script internal/policies/certificate/python/vendorsamba/gp/gpcertautoenrollext.py, ADSys utilizes a plaintext...

9.5CVSS0.00111EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/22 3:43 p.m.7 views

EUVD-2026-38297

An issue was discovered in Canonical ADSys upstream versions through v0.16.2. During Active Directory Certificate Services AD CS certificate auto-enrollment via the vendored Samba client script internal/policies/certificate/python/vendorsamba/gp/gpcertautoenrollext.py, ADSys utilizes a plaintext...

9.5CVSS6AI score0.00111EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/22 3:21 p.m.9 views

EUVD-2026-38266

IBM Watson Speech Services Cartridge is vulnerable to Server-Side Request Forgery SSRF in Sterling File Gateway, due to a flaw which may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

5.3CVSS5.8AI score0.002EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/22 3:18 p.m.8 views

Important: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.62 SP4 security update

Red Hat JBoss Core Services Apache HTTP Server 2.4.62 Service Pack 4 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.8CVSS6.5AI score0.11471EPSS
Exploits8References12
RedHat Linux
RedHat Linux
added 2026/06/22 3:13 p.m.10 views

Important: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.62 SP4 security update

Red Hat JBoss Core Services Apache HTTP Server 2.4.62 Service Pack 4 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.8CVSS6.5AI score0.11471EPSS
Exploits9References15
Cvelist
Cvelist
added 2026/06/22 2:43 p.m.42 views

CVE-2026-10845 IBM WebSphere Application Server is affected by an authentication bypass vulnerability

IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to bypass authentication and gain unauthorized access to JAX-WS applications...

0.00337EPSS
Exploits0References1
Rows per page
Query Builder