Lucene search
+L

390265 matches found

EUVD
EUVD
added 1 hour ago2 views

EUVD-2026-45278

IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated users to override component parameters at runtime via the API. A critical security flaw exists in the parameter filtering mechanism within the applytweaks function...

8.8CVSS5.3AI score
Exploits0References2
NVD
NVD
added 1 hour ago5 views

CVE-2026-54497

viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 4.0.0 until 4.12.0, ViewComponent::Base instances retain render-scoped objects across calls to renderin; if the same component, collection, or spacer component instance is reused...

6.8CVSS
Exploits0References3
NVD
NVD
added 1 hour ago4 views

CVE-2026-52203

An issue in MCMS v.6.1.1 allows a remote attacker to obtain sensitive information via the source parameter...

Exploits0References1
NVD
NVD
added 1 hour ago3 views

CVE-2026-44891

Netty is a network application framework for development of protocol servers and clients. Prior to 4.1.136.Final and 4.2.16.Final, io.netty.handler.codec.stomp.StompSubframeDecoder fails to limit the total number of headers or their cumulative size per frame, and the maxLineLength parameter only...

7.5CVSS
Exploits0References7
Cvelist
Cvelist
added 2 hours ago4 views

CVE-2026-54497 view_component: Reused Component Instances Retain Stale Render Context

viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 4.0.0 until 4.12.0, ViewComponent::Base instances retain render-scoped objects across calls to renderin; if the same component, collection, or spacer component instance is reused...

6.8CVSS
Exploits0References3
CVE
CVE
added 2 hours ago9 views

CVE-2026-54497

CVE-2026-54497 (ViewComponent, Ruby on Rails) : Affected through ViewComponent::Base from 4.0.0 to 4.11.x where render_in can retain render-scoped objects across invocations. Reusing the same component instance (or collection/spacer) across requests/threads can cause stale request context, helper...

6.8CVSS5.3AI score
Exploits0References3
EUVD
EUVD
added 2 hours ago2 views

EUVD-2026-45332

viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 4.0.0 until 4.12.0, ViewComponent::Base instances retain render-scoped objects across calls to renderin; if the same component, collection, or spacer component instance is reused...

6.8CVSS
Exploits0References3
GithubExploit
GithubExploit
added 2 hours ago1 views

Exploit for CVE-2026-63030

wp2shell-poc Proof-of-concept for an unauthenticated SQL inje...

7.5CVSS
Exploits1
NVD
NVD
added 2 hours ago3 views

CVE-2026-8056

IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated users to override component parameters at runtime via the API. A critical security flaw exists in the parameter filtering mechanism within the applytweaks function...

8.8CVSS
Exploits0References1
NVD
NVD
added 2 hours ago3 views

CVE-2026-60137

WordPress 6.8.x before 6.8.6, 6.9.x before 6.9.5, and 7.0.x before 7.0.2 does not properly sanitise the authornotin parameter of WPQuery, which could allow SQL Injection when a plugin or theme passes untrusted input to the parameter...

9.1CVSS
Exploits0References2
NVD
NVD
added 2 hours ago2 views

CVE-2026-49284

SimpleSAMLphp versions before 1.18.6 contain an information disclosure vulnerability. Prior to 2.4.7 and 2.5.2, SimpleSAMLphp's SAML SP ACS path does not enforce the IdP selected for an SP-initiated login when unsigned Response/InResponseTo is combined with a signed assertion lacking...

7.1CVSS
Exploits0References3
NVD
NVD
added 2 hours ago3 views

CVE-2026-44974

@hapi/content provided HTTP Content- headers parsing. Prior to 6.0.2, Content.disposition retained the last occurrence of each duplicate parameter while Content.type retained the first occurrence of duplicate charset and boundary parameters, creating a parameter-smuggling primitive when another...

7.7CVSS0.00052EPSS
Exploits0References2
Cvelist
Cvelist
added 2 hours ago4 views

CVE-2026-44891 Netty: Denial of Service via Unbounded Headers in StompSubframeDecoder

Netty is a network application framework for development of protocol servers and clients. Prior to 4.1.136.Final and 4.2.16.Final, io.netty.handler.codec.stomp.StompSubframeDecoder fails to limit the total number of headers or their cumulative size per frame, and the maxLineLength parameter only...

7.5CVSS
Exploits0References7
CVE
CVE
added 2 hours ago37 views

CVE-2026-44891

CVE-2026-44891 affects Netty’s StompSubframeDecoder. Prior to 4.1.136.Final and 4.2.16.Final, StompSubframeDecoder does not cap total headers or cumulative size per frame; maxLineLength only bounds individual header lines. An attacker can submit many small headers that accumulate in DefaultStompH...

7.5CVSS5.3AI score
Exploits0References7
EUVD
EUVD
added 2 hours ago2 views

EUVD-2026-45316

Netty is a network application framework for development of protocol servers and clients. Prior to 4.1.136.Final and 4.2.16.Final, io.netty.handler.codec.stomp.StompSubframeDecoder fails to limit the total number of headers or their cumulative size per frame, and the maxLineLength parameter only...

7.5CVSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2 hours ago2 views

CVE-2026-44974

@hapi/content provided HTTP Content- headers parsing. Prior to 6.0.2, Content.disposition retained the last occurrence of each duplicate parameter while Content.type retained the first occurrence of duplicate charset and boundary parameters, creating a parameter-smuggling primitive when another...

7.7CVSS5.2AI score0.00052EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2 hours ago38 views

CVE-2026-44974

CVE-2026-44974 affects the @hapi/content header parser. Before v6.0.2, Content.disposition() kept the last value for duplicate parameters while Content.type() kept the first for duplicate charset/boundary parameters, creating a parameter-smuggling primitive when duplicates are resolved inconsiste...

7.7CVSS5.2AI score0.00052EPSS
Exploits0References2
Cvelist
Cvelist
added 2 hours ago3 views

CVE-2026-44974 Parameter smuggling in @hapi/content header parser allows upload-filter bypass via duplicate parameters

@hapi/content provided HTTP Content- headers parsing. Prior to 6.0.2, Content.disposition retained the last occurrence of each duplicate parameter while Content.type retained the first occurrence of duplicate charset and boundary parameters, creating a parameter-smuggling primitive when another...

7.7CVSS0.00052EPSS
Exploits0References2
EUVD
EUVD
added 2 hours ago1 views

EUVD-2026-45313

@hapi/content provided HTTP Content- headers parsing. Prior to 6.0.2, Content.disposition retained the last occurrence of each duplicate parameter while Content.type retained the first occurrence of duplicate charset and boundary parameters, creating a parameter-smuggling primitive when another...

7.7CVSS0.00052EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2 hours ago5 views

Exploit for Deserialization of Untrusted Data in Snakeyaml_Project Snakeyaml

Sean's Surf & Skate Co. — Seal Security Demo Maven / Java A...

9.8CVSS7.8AI score0.99615EPSS
Exploits10
Rows per page
Query Builder