Lucene search
K

54 matches found

Tenable Nessus
Tenable Nessus
added 6 days ago8 views

libcurl 7.12.0 < 8.21.0 Cross-Proxy Digest Auth State Leak

The version of libcurl installed on the remote host is 7.12.0 prior to 8.21.0. It is, therefore, affected by a proxy credential disclosure vulnerability: - When reusing a libcurl handle for sequential transfers driven by environment-variable proxy configuration, libcurl fails to clear the proxy...

5.8AI score
Exploits0References2
Cvelist
Cvelist
added 2026/06/23 5:19 p.m.33 views

CVE-2026-49406 Deno: BYONM module resolution allows `package.json` main path traversal to bypass `--allow-read` restrictions

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.7.12, when Deno was run in BYONM mode nodeModulesDir: "manual", the module resolver did not validate that a package's resolved entrypoint stayed within its nodemodules// directory. A malicious package.json whose main field...

5.5CVSS0.00135EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2026/06/23 3:5 p.m.7 views

CVE-2026-55767

Guzzle is an extensible PHP HTTP client. Prior to 7.12.1, CookieJar incorrectly accepts cookies with a dot-only Domain attribute and whitespace-padded variants. SetCookie::matchesDomain removes leading dots from the cookie domain, normalizing dot-only values to the empty string; SetCookie::valida...

5.8CVSS5.9AI score0.00111EPSS
Exploits0
NVD
NVD
added 2026/06/22 7:17 p.m.8 views

CVE-2026-53663

React Router is a router for React. From 7.12.0 until 7.15.1, certain CSRF checks in React Router v7 Framework Mode were insufficient and run on POST requests, but were bypassed on PUT/PATCH/DELETE requests. This is a low severity vulnerability because modern browser protections CORS preflight,...

3.1CVSS0.00106EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/22 5:39 p.m.7 views

EUVD-2026-38338

React Router is a router for React. From 7.12.0 until 7.15.1, certain CSRF checks in React Router v7 Framework Mode were insufficient and run on POST requests, but were bypassed on PUT/PATCH/DELETE requests. This is a low severity vulnerability because modern browser protections CORS preflight,...

3.1CVSS5.9AI score0.00106EPSS
Exploits0References1
CVE
CVE
added 2026/06/22 5:39 p.m.17 views

CVE-2026-53663

React Router (v7 Framework Mode) is affected in versions 7.12.0–7.15.0 where CSRF checks run on POST but not on PUT/PATCH/DELETE; this could enable cross-origin state changes. The issue is considered low severity due to browser protections (CORS preflight, SameSite cookies). It has been fixed in ...

3.1CVSS5.9AI score0.00106EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/15 8:19 p.m.6 views

CVE-2026-49770 WordPress WP Travel Engine plugin <= 6.7.12 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in WP Travel Engine = 6.7.12 versions...

9.8CVSS5.3AI score0.00383EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/04 1:26 p.m.9 views

WordPress WP Travel Engine plugin <= 6.7.12 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by daroo in WordPress Plugin WP Travel Engine versions = 6.7.12...

9.8CVSS5.5AI score0.00383EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/16 3:18 p.m.5 views

CVE-2025-71222

A flaw was found in the Linux kernel's wifi: wlcore component. A local attacker with low privileges could exploit a vulnerability related to insufficient skb socket buffer headroom before a skbpush operation within the wl1271txwork function. This could lead to an skbunderpanic kernel panic,...

5.5CVSS5.7AI score0.00128EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/02/09 1:32 a.m.5 views

keylime: Keylime: Authentication bypass allows unauthorized administrative operations due to missing client-side TLS authentication

A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security TLS authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing...

9.8CVSS5.7AI score0.0575EPSS
Exploits0References4
OSV
OSV
added 2026/02/06 10:34 p.m.3 views

GHSA-4JQP-9QJV-57M2 Keylime Missing Authentication for Critical Function and Improper Authentication

Impact The Keylime registrar does not enforce mutual TLS mTLS client certificate authentication since version 7.12.0. The registrar's TLS context is configured with ssl.CERTOPTIONAL instead of ssl.CERTREQUIRED, allowing any client to connect to protected API endpoints without presenting a valid...

9.4CVSS5.6AI score0.0575EPSS
Exploits0References9
OSV
OSV
added 2026/02/06 8:16 p.m.9 views

PYSEC-2026-74

A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security TLS authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing...

9.8CVSS5.8AI score0.0575EPSS
Exploits0References6
OSV
OSV
added 2026/02/06 8:16 p.m.5 views

CVE-2026-1709

A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security TLS authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing...

9.8CVSS5.7AI score0.0575EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.4 views

PT-2026-6781

Name of the Vulnerable Software and Affected Versions Keylime versions 7.12.0 and later Description A flaw exists in Keylime where the registrar does not enforce client-side Transport Layer Security TLS authentication. This allows unauthenticated clients with network access to perform...

9.8CVSS5.4AI score0.0575EPSS
Exploits0References44
CNNVD
CNNVD
added 2026/02/06 12:0 a.m.9 views

Keylime 安全漏洞

Keylime is an open-source scalable trust system developed using TPM technology. Versions of Keylime 7.12.0 and earlier contain security vulnerabilities. These vulnerabilities stem from the lack of enforcement of client-side TLS authentication, which may allow unverified clients to execute...

9.8CVSS5.9AI score0.0575EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.4 views

MiracleLinux 7 : qemu-kvm-1.5.3-126.el7 (AXSA:2016-1109:04)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2016-1109:04 advisory. qemu-kvm is an open source virtualizer that provides hardware emulation for the KVM hypervisor. qemu-kvm acts as a virtual machine monitor together...

5.5CVSS6.7AI score0.00513EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/11/06 12:0 a.m.4 views

SuiteCRM 安全漏洞

SuiteCRM is a customer relationship management system from the SuiteCRM team. A security vulnerability exists in SuiteCRM versions prior to 7.12.6 that stems from a type confusion when handling the module parameter in the deleteAttachment function, which could allow an unauthenticated, remote...

8.8CVSS6.6AI score0.00324EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/10/27 12:0 a.m.6 views

PT-2025-43800

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Debuggers Studio Marquee Addons for Elementor marquee-addons-for-elementor allows DOM-Based XSS.This issue affects Marquee Addons for Elementor: from n/a through = 3.7.12...

6.1CVSS6.4AI score0.00186EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/21 8:3 p.m.4 views

EUVD-2025-35236

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are 7.1.12 and 7.2.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromis...

8.2CVSS6AI score0.00187EPSS
Exploits0References1
OSV
OSV
added 2025/10/01 8:18 p.m.3 views

UBUNTU-CVE-2025-59147

Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. Versions 7.0.11 and below, as well as 8.0.0, are vulnerable to detection bypass when crafted traffic sends multiple SYN packets with different sequence numbers with...

7.5CVSS5.8AI score0.00344EPSS
Exploits0References8
Rows per page
Query Builder