Lucene search
K

10 matches found

CVE
CVE
added 2 days ago17 views

CVE-2026-8924

CVE-2026-8924 affects curl due to a flaw in its cookie parsing logic. A malicious HTTP server can set “super cookies” that bypass the Public Suffix List, allowing an attacker-controlled origin to inject cookies that curl scopes and transmits to unrelated third-party domains. The connected documen...

6AI score0.00219EPSS
Exploits0References3
CVE
CVE
added 2026/06/26 8:58 p.m.37 views

CVE-2026-49869

Kestra OSS contains an unauthenticated RCE flaw in the AuthenticationFilter prior to versions 1.0.45 and 1.3.21. The whitelist uses a suffix check (request.getPath().endsWith("/configs")) to bypass Basic Auth, so any API path ending in configs bypasses authentication. An unauthenticated attacker ...

10CVSS6.4AI score0.00684EPSS
Exploits2References1Affected Software1
OSV
OSV
added 2026/03/27 7:10 a.m.2 views

BIT-DISCOURSE-2026-33393 Discourse fixes loose hostname matching in spam host allowlist

Discourse is an open-source discussion platform. Prior to versions 2026.3.0, 2026.2.1, and 2026.1.2, the allowedspamhostdomains check used Stringendwith? without domain boundary validation, allowing domains like attacker-example.com to bypass spam protection when example.com was allowlisted...

4.3CVSS5.9AI score0.00251EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/03/26 3:9 p.m.4 views

CVE-2026-33393

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the allowedspamhostdomains check used Stringendwith? without domain boundary validation, allowing domains like attacker-example.com to bypass spam protection when example.com was...

4.3CVSS5.8AI score0.00251EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/19 10:4 p.m.22 views

CVE-2026-33393 Discourse fixes loose hostname matching in spam host allowlist

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the allowedspamhostdomains check used Stringendwith? without domain boundary validation, allowing domains like attacker-example.com to bypass spam protection when example.com was...

4.3CVSS0.00251EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/19 10:4 p.m.2 views

CVE-2026-33393 Discourse fixes loose hostname matching in spam host allowlist

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the allowedspamhostdomains check used Stringendwith? without domain boundary validation, allowing domains like attacker-example.com to bypass spam protection when example.com was...

4.3CVSS5.8AI score0.00251EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/19 10:4 p.m.3 views

EUVD-2026-13338

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the allowedspamhostdomains check used Stringendwith? without domain boundary validation, allowing domains like attacker-example.com to bypass spam protection when example.com was...

4.3CVSS5.8AI score0.00251EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/19 12:0 a.m.9 views

PT-2026-26425

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2026.3.0-latest.1 Discourse versions prior to 2026.2.1 Discourse versions prior to 2026.1.2 Description Discourse is an open-source discussion platform. The allowed spam host domains check utilized Stringend with?...

4.3CVSS5.9AI score0.00251EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/03/11 12:0 a.m.3 views

CVE-2025-67039

An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The authentication on management pages can be bypassed by appending a specific suffix to the URL and by sending an Authorization header that uses "admin" as the username...

5.8AI score0.00386EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2020/10/08 12:0 a.m.6 views

PT-2020-15518 · Jenkins · Jenkins Audit Trail Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Audit Trail Plugin versions 3.6 and earlier Description: The default regular expression pattern in the Jenkins Audit Trail Plugin could be bypassed by adding a suffix to the URL that would be ignored during request handling. This issu...

5.3CVSS5.2AI score0.00952EPSS
Exploits0References7
Rows per page
Query Builder