Lucene search
+L

329 matches found

CakePHP
CakePHP
added 6 days ago12 views

CakePHP 5.3.7 Released

CakePHP 5.3.7 Released The CakePHP core team is happy to announce the immediate availability of CakePHP 5.3.5. This is a maintenance release for the 5.3 branch that fixes community reported issues and three security issues. Advisories will be published for the issues over the next week as...

6.1AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/07/10 12:0 a.m.7 views

PT-2026-57370

Name of the Vulnerable Software and Affected Versions Excon versions prior to 1.5.0 Description The RedirectFollower middleware fails to strip sensitive headers when following redirects and lacks a mechanism to define a custom list of headers to be removed. This behavior can lead to the inadverte...

6.5CVSS5.2AI score0.00446EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/07/08 6:55 a.m.7 views

CVE-2026-46726

A flaw was found in the Apache Camel Vertx Websocket component. This vulnerability allows an unauthenticated remote attacker to inject malicious query parameters into a WebSocket connection. This can lead to Server-Side Request Forgery SSRF, where the server is coerced into making requests to...

8.2CVSS6AI score0.00536EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/06/27 12:0 a.m.8 views

SUSE SLES12 Security Update : google-osconfig-agent (SUSE-SU-2026:2665-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2665-1 advisory. - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo- header...

10CVSS7.4AI score0.01557EPSS
Exploits1References44
SUSE Linux
SUSE Linux
added 2026/06/26 2:5 p.m.4 views

Security update for google-osconfig-agent

This update for google-osconfig-agent fixes the following issues: CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo- header bsc1260264. CVE-2026-39821: Update golang.org/x/net/idna dependency bsc1266603. CVE-2026-39827: Update...

9.1CVSS6.6AI score0.01557EPSS
Exploits1References50
OSV
OSV
added 2026/06/26 2:5 p.m.2 views

SUSE-SU-2026:2665-1 Security update for google-osconfig-agent

This update for google-osconfig-agent fixes the following issues: - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo- header bsc1260264. - CVE-2026-39821: Update golang.org/x/net/idna dependency bsc1266603. - CVE-2026-39827: Update...

10CVSS7.3AI score0.01557EPSS
Exploits1References26
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.8 views

SUSE SLES15 Security Update : google-osconfig-agent (SUSE-SU-2026:2611-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2611-1 advisory. This update for google-osconfig-agent fixes the following issue - CVE-2026-33186: Update google.golang.org/grpc dependency...

10CVSS6.6AI score0.01557EPSS
Exploits1References38
OSV
OSV
added 2026/06/24 9:0 a.m.2 views

SUSE-SU-2026:2611-1 Security update for google-osconfig-agent

This update for google-osconfig-agent fixes the following issue - CVE-2026-33186: Update google.golang.org/grpc dependency bsc1260264. - CVE-2026-39821: Update golang.org/x/net/idna dependency bsc1266603. - CVE-2026-39827: Update golang.org/x/crypto dependency bsc1266171. - CVE-2026-39828: Update...

10CVSS6.7AI score0.01557EPSS
Exploits1References22
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-52846

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, Caddy's stripHTML template function cannot reliably remove all HTML tags from...

4.2CVSS6AI score0.00153EPSS
Exploits1References3
NVD
NVD
added 2026/06/23 6:18 p.m.14 views

CVE-2026-52846

Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, Caddy’s stripHTML template function cannot reliably remove all HTML tags from input strings. Certain malformed HTML, such as img src=x onerror=alert, can bypass the tag-stripping logic, potentially leaving dangerous...

4.2CVSS0.00153EPSS
Exploits1References1
CVE
CVE
added 2026/06/23 5:47 p.m.30 views

CVE-2026-52846

Summary: CVE-2026-52846 affects Caddy's stripHTML template function, which cannot reliably strip certain malformed HTML (e.g., <img src=x onerror=alert()>). This can bypass tag-stripping and may enable client-side XSS when untrusted strings are rendered as HTML. The issue originates in func...

4.2CVSS5.8AI score0.00153EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/06/23 1:27 p.m.5 views

SUSE-SU-2026:2584-1 Security update for exiv2

This update for exiv2 fixes the following issues - CVE-2021-34334: DoS due to integer overflow in loop counter bsc1189338. - CVE-2026-25884: out-of-bounds read in CrwMap: decode0x0805 bsc1259083. - CVE-2026-27596: integer overflow in LoaderNative: getData leads to out-of-bounds read bsc1259084. -...

8.1CVSS6.6AI score0.01104EPSS
Exploits1References9
SUSE Linux
SUSE Linux
added 2026/06/23 1:25 p.m.7 views

Security update for google-guest-agent

This update for google-guest-agent fixes the following issues: CVE-2026-39827: Update golang.org/x/crypto dependency bsc1266171. CVE-2026-39828: Update golang.org/x/crypto dependency bsc1266171. CVE-2026-39829: Update golang.org/x/crypto dependency bsc1266171. CVE-2026-39830: Update...

9.1CVSS6.9AI score0.91969EPSS
Exploits4References74
Cvelist
Cvelist
added 2026/06/22 3:42 p.m.39 views

CVE-2026-50184 Angular: Request Credential & Cache Policy Stripping in Angular Service Worker

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23, an issue in the @angular/service-worker package compromises the integrity of request-policy enforcement during...

5.7CVSS0.0015EPSS
Exploits0References2
OSV
OSV
added 2026/06/22 12:8 p.m.2 views

SUSE-SU-2026:2487-1 Security update for rmt-server

This update for rmt-server fixes the following issues - CVE-2026-26961: rack: mismatch in header handling can allow to smuggle multipart content bsc1261398. - CVE-2026-26962: rack: improper unfolding of folded multipart headers can lead to header injection or response splitting bsc1261471. -...

7.5CVSS5.9AI score0.0043EPSS
Exploits0References22
Vulnrichment
Vulnrichment
added 2026/06/22 11:43 a.m.8 views

CVE-2026-56422 MISP Core: Mass Assignment and Object Re-ownership via Unvalidated Request Fields

Multiple MISP core controllers and model capture paths accepted client-controlled request fields such as primary keys id and ownership/scope foreign keys eventid, orgid, userid, sharinggroupid, galaxyclusteruuid, organisationuuid, and related nested object identifiers without consistently...

9.4CVSS6AI score0.00362EPSS
Exploits0References16
CVE
CVE
added 2026/06/22 11:43 a.m.29 views

CVE-2026-56422

CVE-2026-56422 affects MISP core controllers and models where client-controlled fields (ids and ownership/scope keys such as event_id, org_id, user_id, sharing_group_id, galaxy_cluster_uuid, organisation_uuid, etc.) were not consistently stripped or revalidated, enabling an authenticated user to ...

9.4CVSS6AI score0.00362EPSS
Exploits0References16
OSV
OSV
added 2026/06/22 11:43 a.m.3 views

CVE-2026-56422 MISP Core: Mass Assignment and Object Re-ownership via Unvalidated Request Fields

Multiple MISP core controllers and model capture paths accepted client-controlled request fields such as primary keys id and ownership/scope foreign keys eventid, orgid, userid, sharinggroupid, galaxyclusteruuid, organisationuuid, and related nested object identifiers without consistently...

9.4CVSS6.1AI score0.00362EPSS
Exploits0References19
Github Security Blog
Github Security Blog
added 2026/06/16 9:28 p.m.11 views

Caddy: stripHTML template function bypass

Summary Caddy’s stripHTML template function cannot reliably remove all HTML tags from input strings. Certain malformed HTML, such as img src=x onerror=alert, can bypass the tag-stripping logic, potentially leaving dangerous content in the output if it is later rendered as HTML. This may allow...

4.2CVSS5.4AI score0.00153EPSS
Exploits1References2Affected Software2
Tenable Nessus
Tenable Nessus
added 2026/06/14 12:0 a.m.17 views

FreeBSD : caddy -- multiple vulnerabilities (94f93681-6775-11f1-8044-002590af0794)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 94f93681-6775-11f1-8044-002590af0794 advisory. Caddy project reports: Caddy 2.11.4 contains multiple security fixes. GitHub Security Advisory...

8.1CVSS6AI score0.00409EPSS
Exploits3References8
Rows per page
Query Builder