Lucene search
+L

9800 matches found

nuclei
nuclei
added 7 hours ago9 views

Rclone RC - Broken Access Control

Rclone = 1.45.0 and = 1.45.0 and 1.73.5 contains a broken access control vulnerability caused by unauthenticated access to the RC endpoint options/set allowing mutation of global runtime configuration, letting unauthenticated attackers access sensitive administrative functions, exploit requires R...

9.8CVSS6.1AI score0.34734EPSS
Exploits1References2
nvd
nvd
added yesterday5 views

CVE-2026-48795

AdonisJS is a TypeScript-first web framework. From 10.1.3 until 10.1.5 and 11.0.3, AdonisJS @adonisjs/bodyparser incompletely fixed CVE-2026-25754 because nested multipart field payloads such as user.proto.polluted and constructor.prototype still caused lodash .set via @poppinss/utils to create...

8.6CVSS0.00148EPSS
Exploits0References5
redhat
redhat
added yesterday4 views

undici: undici: Weakening of cookie SameSite policy due to incorrect parsing of Set-Cookie header

A flaw was found in undici. When undici processes Set-Cookie headers, it incorrectly interprets the SameSite attribute, accepting partial matches instead of exact ones. This allows a malicious server to downgrade a cookie's SameSite policy to a less secure setting, potentially leading to unintend...

3.7CVSS6.9AI score0.00248EPSS
Exploits0References6
cve
cve
added 2 days ago6 views

CVE-2026-15694

The CVE covers Tenda BE12 Pro (v16.03.66.23). A stack-based overflow exists in the SetIpBind function (fromSetIpBind) when processing the argument page of /goform/SetIpBind. This vulnerability can be triggered remotely, and public exploits are reported. The impact is consistent with a high-severi...

9CVSS7.5AI score0.00796EPSS
Exploits0References6
osv
osv
added 2 days ago3 views

ROOT-OS-UBUNTU-2404-CVE-2022-49940 CVE-2022-49940 in rootio-linux - Patched by Root

Root has patched CVE-2022-49940 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

5.5CVSS7.6AI score0.0019EPSS
Exploits0
attackerkb
attackerkb
added 2 days ago4 views

CVE-2026-15076

In versions up to and including 4.5.29 4.x branch and 5.1.4 5.x branch, the WebClientSession component of Eclipse Vert.x Web Client does not validate that the Domain attribute of a Set-Cookie response header matches the originating server's domain, in violation of RFC 6265 section 5.3. An attacke...

8.2CVSS6.1AI score0.00157EPSS
Exploits0References2Affected Software1
cve
cve
added 2 days ago12 views

CVE-2026-15076

Vulnerability context: CVE-2026-15076 affects Eclipse Vert.x Web Client’s WebClientSession (versions up to 4.5.29 and 5.1.4). The issue is that the Domain attribute of a Set-Cookie header is not validated against the originating server’s domain. Root cause: WebClientSession stores cookies without...

8.2CVSS6.1AI score0.00157EPSS
Exploits0References1Affected Software1
euvd
euvd
added 2 days ago6 views

EUVD-2026-43637

In versions up to and including 4.5.29 4.x branch and 5.1.4 5.x branch, the WebClientSession component of Eclipse Vert.x Web Client does not validate that the Domain attribute of a Set-Cookie response header matches the originating server's domain, in violation of RFC 6265 section 5.3. An attacke...

8.2CVSS6.1AI score0.00157EPSS
Exploits0References1
cvelist
cvelist
added 2 days ago27 views

CVE-2026-15076

In versions up to and including 4.5.29 4.x branch and 5.1.4 5.x branch, the WebClientSession component of Eclipse Vert.x Web Client does not validate that the Domain attribute of a Set-Cookie response header matches the originating server's domain, in violation of RFC 6265 section 5.3. An attacke...

8.2CVSS0.00157EPSS
Exploits0References1
osv
osv
added 2 days ago2 views

CVE-2026-15076

In versions up to and including 4.5.29 4.x branch and 5.1.4 5.x branch, the WebClientSession component of Eclipse Vert.x Web Client does not validate that the Domain attribute of a Set-Cookie response header matches the originating server's domain, in violation of RFC 6265 section 5.3. An attacke...

8.2CVSS6.1AI score0.00157EPSS
Exploits0References4
nvd
nvd
added 2 days ago11 views

CVE-2026-44770

SAP Create Single Payment does not perform necessary authorization checks for an authenticated user, a restricted user could access specific entity set keys resulting in disclosure of information. This has low impact on confidentiality, with no impact on integrity and availability of the...

4.3CVSS0.00168EPSS
Exploits0References2
euvd
euvd
added 2 days ago4 views

EUVD-2026-43553

A weakness has been identified in antv layout 2.0.0. This impacts the function setNestedValue in the library lib/util/object.js. Executing a manipulation of the argument path can lead to improperly controlled modification of object prototype attributes. The attack can be launched remotely. The...

6.5CVSS6.5AI score0.00313EPSS
Exploits0References6
euvd
euvd
added 2 days ago7 views

EUVD-2026-43594

SAP Create Single Payment does not perform necessary authorization checks for an authenticated user, a restricted user could access specific entity set keys resulting in disclosure of information. This has low impact on confidentiality, with no impact on integrity and availability of the...

4.3CVSS6.1AI score0.00168EPSS
Exploits0References2
cvelist
cvelist
added 2 days ago29 views

CVE-2026-44770 Missing Authorization check in SAP S/4 HANA (Create Single Payment)

SAP Create Single Payment does not perform necessary authorization checks for an authenticated user, a restricted user could access specific entity set keys resulting in disclosure of information. This has low impact on confidentiality, with no impact on integrity and availability of the...

4.3CVSS0.00168EPSS
Exploits0References2
nessus
nessus
added 2 days ago2 views

openSUSE 16 Security Update : python-Django (openSUSE-SU-2026:21313-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:21313-1 advisory. Changes in python-Django: - CVE-2026-48588: Potential exposure of private data via cached Set-Cookie response bsc1271029 - CVE-2026-53877: Heap...

6.3CVSS6.8AI score0.00375EPSS
Exploits0References9
nvd
nvd
added 3 days ago4 views

CVE-2026-15598

A weakness has been identified in antv layout 2.0.0. This impacts the function setNestedValue in the library lib/util/object.js. Executing a manipulation of the argument path can lead to improperly controlled modification of object prototype attributes. The attack can be launched remotely. The...

6.5CVSS0.00313EPSS
Exploits0References5
redhat
redhat
added 3 days ago7 views

openssl: Heap Use-After-Free in OpenSSL PKCS7_verify()

A flaw was found in OpenSSL. When processing a specially crafted PKCS7 or S/MIME Secure/Multipurpose Internet Mail Extensions signed message, a heap use-after-free vulnerability in the PKCS7verify function can be triggered. This occurs if the SignedData digestAlgorithms field is present as an emp...

8.8CVSS7AI score0.02719EPSS
Exploits0References4
cve
cve
added 3 days ago32 views

CVE-2026-13221

CVE-2026-13221 affects Perl versions through 5.43.9. When an alternation of more than 65,535 fixed-string branches is compiled into a trie in Perl_study_chunk, the 16‑bit delta between the first branch and the shared tail overflows. The trie’s match decision table is truncated with no warning, pr...

9.1CVSS6.1AI score0.00606EPSS
Exploits0References3Affected Software1
nvd
nvd
added 3 days ago7 views

CVE-2026-57801

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes SetSail setsail allows PHP Local File Inclusion.This issue affects SetSail: from n/a through = 2.1...

7.5CVSS0.00496EPSS
Exploits0References1
osv
osv
added 3 days ago2 views

SUSE-SU-2026:2878-1 Security update for libpng15

This update for libpng15 fixes the following issue - CVE-2026-25646: heap buffer overflow vulnerability in pngsetdither/pngsetquantize bsc1258020...

8.3CVSS6.2AI score0.00955EPSS
Exploits1References3
Rows per page
Query Builder