Lucene search
K

784 matches found

Nuclei
Nuclei
added 8 hours ago44 views

Spring Cloud Config Server - Path Traversal

Spring Cloud 3.1.x 3.1.13, 4.1.x 4.1.9, 4.2.x 4.2.3, 4.3.x 4.3.2, and 5.0.x 5.0.2 contain a path traversal caused by profile parameter substitution in Config Server using native file system backend, letting attackers access files outside configured directories, exploit requires crafted request. i...

8.6CVSS7AI score0.0122EPSS
Exploits0References4
Cvelist
Cvelist
added 6 days ago33 views

CVE-2026-54773 CoreWCF: WS-Security signature substitution via document-wide Signature lookup

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF WS-Security signature verification performs a document-wide ds:Signature lookup, allowing an unauthenticated remote attacker to place a SOAP header before wsse:Security an...

5.9CVSS0.00238EPSS
Exploits0References6
CVE
CVE
added 6 days ago19 views

CVE-2026-54773

CoreWCF WS-Security signature substitution vulnerability: prior to versions 1.8.1 and 1.9.1, WS-Security verification performs a document-wide ds:Signature lookup, allowing an unauthenticated remote attacker to place a SOAP header before wsse:Security and cause attacker-supplied ds:Signature to b...

5.9CVSS6AI score0.00238EPSS
Exploits0References6
Cvelist
Cvelist
added 6 days ago32 views

CVE-2026-54590 AsyncSSH AuthorizedKeysFile username substitution bypass through ~ and environment expansion

AsyncSSH is a Python package which provides an asynchronous client and server implementation of the SSHv2 protocol on top of the Python asyncio framework. Version 2.23.0 contains an incomplete fix for CVE-2026-45309 in SSHServerConfig.settokens that blocks /, , and .. before %u substitution in...

5.9CVSS0.00285EPSS
Exploits0References3
EUVD
EUVD
added 6 days ago4 views

EUVD-2026-42140

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, coder open app opens external workspace-app URLs without validating the scheme or host. When an external app URL contains the $SESSIONTOKEN placeholder the...

7.7CVSS6AI score0.00336EPSS
Exploits0References6
Cvelist
Cvelist
added 6 days ago36 views

CVE-2026-55431 Coder's session token leaked to arbitrary hosts via `coder open app` for external workspace apps

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, coder open app opens external workspace-app URLs without validating the scheme or host. When an external app URL contains the $SESSIONTOKEN placeholder the...

7.7CVSS0.00336EPSS
Exploits0References6
Amazon
Amazon
added 6 days ago3 views

Important: samba

Issue Overview: unauthenticated udp packet crashes AD DC nbt server CVE-2026-3238 Samba file servers and classic non-AD domain controllers offer the SamValidatePasswordChange and SamValidatePasswordReset RPC services on the SAMR DCE/RPC service when running over NCACNIPTCP. Both services pass a...

9.8CVSS6.7AI score0.12797EPSS
Exploits9
OSV
OSV
added 2026/07/06 9:7 p.m.4 views

GHSA-V54H-CP2W-9X4G Coder's session token leaked to arbitrary hosts via `coder open app` for external workspace apps

Summary coder open app opens external workspace-app URLs without validating the scheme or host. When an external app URL contains the $SESSIONTOKEN placeholder the CLI replaces it with the user's real session token before handing the URL to the OS open handler. Note: Practical exploitation requir...

7.7CVSS6.1AI score0.00336EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/07/06 9:7 p.m.6 views

Coder's session token leaked to arbitrary hosts via `coder open app` for external workspace apps

Summary coder open app opens external workspace-app URLs without validating the scheme or host. When an external app URL contains the $SESSIONTOKEN placeholder the CLI replaces it with the user's real session token before handing the URL to the OS open handler. Note: Practical exploitation requir...

7.7CVSS6.1AI score0.00336EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/30 6:38 p.m.7 views

GHSA-F5MR-Q85P-6HH6 Fulcio has OIDC Discovery Redirect Following Allows SSRF and JWKS Substitution for Meta-Issuer Paths, with Kubernetes Service-Account Token Leakage

Impact Three security vulnerabilities were identified in the OIDC Discovery client: 1. Blind Server-Side Request Forgery SSRF via Cross-Host Redirects: Fulcio uses an HTTP client to fetch OIDC discovery metadata /.well-known/openid-configuration. Prior to this fix, if a configured issuer returned...

8.7CVSS5.5AI score
Exploits0References2
EUVD
EUVD
added 2026/06/30 6:33 p.m.16 views

EUVD-2026-31975

obanweb missing authorization check on save-job event handler...

5.3CVSS5.8AI score0.0041EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/29 1:12 p.m.8 views

CVE-2026-54370

A time-of-check to time-of-use TOCTOU race condition vulnerability was found in acl. By replacing a pathname component with a symbolic link between a security check and subsequent file operations, an attacker can redirect file access control list operations. This occurs when privileged processes...

7.2CVSS5.7AI score0.00091EPSS
Exploits0References3
OSV
OSV
added 2026/06/26 11:6 a.m.3 views

SUSE-SU-2026:2648-1 Security update for openssl-3

This update for openssl-3 fixes the following issues - CVE-2026-7383: Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion bsc1266340. - CVE-2026-9076: Out-of-Bounds Read in CMS Password-Based Decryption bsc1266341. - CVE-2026-34180: Heap Buffer Over-read in ASN.1 Content Parsing...

8.8CVSS6.3AI score0.02719EPSS
Exploits0References27
EUVD
EUVD
added 2026/06/25 2:39 p.m.5 views

EUVD-2026-39429

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, XInclude substitution performed by Nokogiri::XML::Nodedoxinclude replaced each in place, freeing the include node along with its children such as and its descendants and any namespaces declared on...

5.9CVSS5.9AI score0.00093EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/23 1:16 a.m.4 views

samba: Remote Code Execution in SAMR

A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that use the "check password script" feature. If this script is configured with the %u substitution character, the client-controlled username is passed without proper...

9.8CVSS6AI score0.02501EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/23 1:7 a.m.5 views

samba: Remote Code Execution in SAMR

A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that use the "check password script" feature. If this script is configured with the %u substitution character, the client-controlled username is passed without proper...

9.8CVSS6AI score0.02501EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/23 1:1 a.m.9 views

samba: Remote Code Execution in SAMR

A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that use the "check password script" feature. If this script is configured with the %u substitution character, the client-controlled username is passed without proper...

9.8CVSS6AI score0.02501EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/23 12:46 a.m.11 views

samba: Remote Code Execution in SAMR

A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that use the "check password script" feature. If this script is configured with the %u substitution character, the client-controlled username is passed without proper...

9.8CVSS6AI score0.02501EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.11 views

PT-2026-51637

Name of the Vulnerable Software and Affected Versions Budibase server versions prior to 3.39.1 Description An issue exists where the enrichContext function substitutes parameter values into the raw JSON body of a query and then parses the result using JSON.parse. The validateQueryInputs function...

10CVSS5.9AI score0.00538EPSS
Exploits2References11
AlpineLinux
AlpineLinux
added 2026/06/22 1:18 p.m.6 views

CVE-2026-9029

A user with Editor permissions can place a malicious script in the attribution field of a Geomap panel's XYZ tile layer via a template variable. The script then executes in the browser of any user who views the affected dashboard stored cross-site scripting...

7.3CVSS6AI score0.0025EPSS
Exploits0
Rows per page
Query Builder