Lucene search
+L

34362 matches found

cve
cve
added yesterday9 views

CVE-2026-55652

Wekan prior to v9.46 is vulnerable to a header-login bypass: the server trusts X-Forwarded-For via HEADER_LOGIN_TRUSTED_IPS in getRequestIp(), allowing unauthenticated users to request a login for any username and obtain a meteor_login_token (including admin), enabling full account takeover. The ...

9.8CVSS6.1AI score
Exploits0References3
cve
cve
added yesterday32 views

CVE-2026-49353

Summary (CVE-2026-49353): 9Router before 0.4.46 has a local‑only access gate in src/dashboardGuard.js that relies on Host and Origin headers to classify requests as local. In proxied/tunneled deployments (reverse proxy, Cloudflare Tunnel, Tailscale), these headers are attacker‑controlled, enablin...

7.5CVSS6.1AI score0.00058EPSS
Exploits0References4
cvelist
cvelist
added yesterday20 views

CVE-2026-12382 Aap-gateway: missing requestheaderstoremove allows mtls bypass via subject header spoofing

A flaw was found in the AAP Gateway Envoy proxy configuration. The non-mTLS route to EDA event streams does not remove the Subject HTTP header from client requests, despite the source code defining requestHeadersToRemove for this header. An unauthenticated remote attacker can inject a spoofed...

8.2CVSS
Exploits0References3
cve
cve
added yesterday8 views

CVE-2026-12382

The CVE-2026-12382 issue affects the AAP Gateway Envoy proxy. The non-mTLS route to EDA event streams fails to remove the Subject header despite requestHeadersToRemove, allowing an unauthenticated attacker to spoof a Subject header that matches a legitimate client certificate DN and bypass mTLS t...

8.2CVSS6.2AI score
Exploits0References3
vulnrichment
vulnrichment
added yesterday5 views

CVE-2026-12382 Aap-gateway: missing requestheaderstoremove allows mtls bypass via subject header spoofing

A flaw was found in the AAP Gateway Envoy proxy configuration. The non-mTLS route to EDA event streams does not remove the Subject HTTP header from client requests, despite the source code defining requestHeadersToRemove for this header. An unauthenticated remote attacker can inject a spoofed...

8.2CVSS6.2AI score
Exploits0References3
cvelist
cvelist
added yesterday20 views

CVE-2026-45150 Zen Browser - Missing Fullscreen Security Notification Allows Origin Spoofing

Zen is a firefox-based browser. Prior to 1.19.13b, Zen Browser did not provide a persistent, clearly visible security notification when a webpage entered fullscreen mode, allowing an attacker-controlled page to hide the real browser UI and origin information, imitate a trusted website UI, and...

6.3CVSS0.00027EPSS
Exploits0References1
euvd
euvd
added yesterday4 views

EUVD-2026-44703

Zen is a firefox-based browser. Prior to 1.19.13b, Zen Browser did not provide a persistent, clearly visible security notification when a webpage entered fullscreen mode, allowing an attacker-controlled page to hide the real browser UI and origin information, imitate a trusted website UI, and...

6.3CVSS6.1AI score0.00027EPSS
Exploits0References1
cve
cve
added yesterday5 views

CVE-2026-45150

Zen Browser is a Firefox-based browser. The CVE-2026-45150 issue affects Zen prior to version 1.19.13b, where there was no persistent, clearly visible security notification when a page entered fullscreen. This could allow an attacker-controlled page to hide the real browser UI and origin informat...

6.3CVSS6.1AI score0.00027EPSS
Exploits0References1
nvd
nvd
added yesterday8 views

CVE-2026-61435

PraisonAI before 4.6.78 contains an authentication bypass in the Call API agent invocation endpoints src/praisonai/praisonai/api/agentinvoke.py when PRAISONAICALLAUTH=disabled is configured. The safeguard intended to restrict the disabled-auth opt-out to localhost binding derives the bind host fr...

8.8CVSS
Exploits0References4
cvelist
cvelist
added yesterday17 views

CVE-2026-61435 PraisonAI before 4.6.78 Authentication Bypass via Host Header Spoofing

PraisonAI before 4.6.78 contains an authentication bypass in the Call API agent invocation endpoints src/praisonai/praisonai/api/agentinvoke.py when PRAISONAICALLAUTH=disabled is configured. The safeguard intended to restrict the disabled-auth opt-out to localhost binding derives the bind host fr...

8.8CVSS
Exploits0References4
redhatcve
redhatcve
added yesterday5 views

CVE-2026-47737

A flaw was found in Puma, a Ruby/Rack web server. When setremoteaddress proxyprotocol: :v1 is enabled and persistent connections are used, Puma incorrectly re-parses PROXY protocol headers after each keep-alive request on the same connection. This allows a remote attacker to inject a second PROXY...

7.5CVSS6.1AI score0.00177EPSS
Exploits0References10
nvd
nvd
added yesterday7 views

CVE-2026-12281

The Shibboleth WordPress plugin before 2.5.4 does not fail closed when its HTTP header identity mode is enabled without an anti-spoofing key, treating any request that carries identity headers as an authenticated session without verifying them. On a deployment where untrusted client headers reach...

8.1CVSS0.00149EPSS
Exploits0References1
cve
cve
added yesterday13 views

CVE-2026-12281

The vulnerability CVE-2026-12281 affects the Shibboleth WordPress plugin before 2.5.4. When HTTP header identity mode is enabled without an anti-spoofing key, the plugin does not fail closed and treats any request carrying identity headers as authenticated without verification. This allows an una...

8.1CVSS6.1AI score0.00149EPSS
Exploits0References1
attackerkb
attackerkb
added yesterday3 views

CVE-2026-12281

The Shibboleth WordPress plugin before 2.5.4 does not fail closed when its HTTP header identity mode is enabled without an anti-spoofing key, treating any request that carries identity headers as an authenticated session without verifying them. On a deployment where untrusted client headers reach...

8.1CVSS6.1AI score0.00149EPSS
Exploits0References1
cvelist
cvelist
added yesterday21 views

CVE-2026-12281 Shibboleth < 2.5.4 - Unauthenticated Administrator Account Creation via Identity Header Spoofing

The Shibboleth WordPress plugin before 2.5.4 does not fail closed when its HTTP header identity mode is enabled without an anti-spoofing key, treating any request that carries identity headers as an authenticated session without verifying them. On a deployment where untrusted client headers reach...

0.00149EPSS
Exploits0References1
nuclei
nuclei
added yesterday9 views

Service Finder Bookings - Authentication Bypass

Service Finder Bookings WordPress plugin = 6.0 contains a privilege escalation caused by improper validation of user cookie in servicefinderswitchback function, letting unauthenticated attackers login as any user including admins. id: CVE-2025-5947 info: name: Service Finder Bookings -...

9.8CVSS7.1AI score0.04469EPSS
Exploits2References4
nvd
nvd
added yesterday8 views

CVE-2026-13385

An Improper Validation of Integrity Check Value and Improper Certificate Validation in certain ASUS router models allows a remote man-in-the-middleMITM user to make the router download and execute arbitrary command via a spoofed server. Refer to the ' Security Update for ASUS Router Firmware '...

9.5CVSS0.00103EPSS
Exploits0References1
talosblog
talosblog
added 2 days ago5 views

Microsoft Patch Tuesday for July 2026 — Snort rules and prominent vulnerabilities

Microsoft has released its monthly security update for July 2026, which includes 622 vulnerabilities affecting a range of products, including 57 that Microsoft marked as "critical." Microsoft notes that two of the vulnerabilities disclosed this month have been exploited in the wild. CVE-2026-5615...

9.9CVSS7.6AI score0.1972EPSS
Exploits1
nvd
nvd
added 2 days ago8 views

CVE-2026-50659

Improper encoding or escaping of output in .NET allows an authorized attacker to perform spoofing over a network...

6.5CVSS0.00415EPSS
Exploits0References1
nvd
nvd
added 2 days ago4 views

CVE-2026-48760

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 6.1.0 until 6.4.41, 7.4.13, and 8.0.13, UrlSanitizer::parse rejected raw BiDi formatting characters but not percent-encoded forms and used an ASCII-only whitespace check, allowing sanitized URLs...

6.1CVSS0.00412EPSS
Exploits0References5
Rows per page
Query Builder