Lucene search
K

2778 matches found

NVD
NVD
added 2026/06/30 9:16 a.m.11 views

CVE-2026-45822

decode-uri-component through 0.4.1 is vulnerable to denial of service. The decode function splits input on '%' producing N tokens and calls decodeComponents, exhibiting super-linear parsing time: 200 '%ab' tokens takes approximately 0.7s, 700 tokens approximately 6s, and 1400 tokens approximately...

8.7CVSS0.00304EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/30 8:5 a.m.30 views

CVE-2026-45822

decode-uri-component through 0.4.1 is vulnerable to denial of service. The decode function splits input on '%' producing N tokens and calls decodeComponents, exhibiting super-linear parsing time: 200 '%ab' tokens takes approximately 0.7s, 700 tokens approximately 6s, and 1400 tokens approximately...

8.7CVSS0.00304EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/30 8:5 a.m.9 views

CVE-2026-45822

decode-uri-component through 0.4.1 is vulnerable to denial of service. The decode function splits input on '%' producing N tokens and calls decodeComponents, exhibiting super-linear parsing time: 200 '%ab' tokens takes approximately 0.7s, 700 tokens approximately 6s, and 1400 tokens approximately...

8.7CVSS5.8AI score0.00304EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.9 views

Curl 7.46.0 < 8.21.0 Trailing Dot Domain Super Cookie

The version of curl installed on the remote host is 7.46.0 prior to 8.21.0. It is, therefore, affected by a cookie injection vulnerability: - A flaw in curl's cookie parsing logic allows a malicious HTTP server to set super cookies that bypass the Public Suffix List check. CVE-2026-8924 Note that...

9.1CVSS6AI score0.00649EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.8 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: f2fs: Ensure that node page reads are completed before f2fsputsuper finishes. The Xfstests generic/335 and generic/336 tests sometimes crash with the following message: F2FS-fs dm-0: Detect a reference count leak in the filesyste...

5.5CVSS5.7AI score0.00159EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.3 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: Quota: Fixed a livelock issue between quotactl and freezesuper. When a filesystem is frozen, quotactlblock enters a retry loop, waiting for the filesystem to thaw. It acquires sumount, checks the freeze state, releases sumount, a...

5.5CVSS5.8AI score0.00155EPSS
Exploits0References2
OSV
OSV
added 2026/06/24 8:0 a.m.5 views

CURL-CVE-2026-8924 trailing dot domain super cookie

A flaw in curl’s cookie parsing logic allows a malicious HTTP server to set "super cookies" that bypass the Public Suffix List check. This enables an attacker-controlled origin to inject cookies that curl subsequently scopes and transmits to unrelated third-party domains...

9.1CVSS5.9AI score0.00649EPSS
Exploits1
curl security advisories
curl security advisories
added 2026/06/24 8:0 a.m.6 views

trailing dot domain super cookie

A flaw in curl’s cookie parsing logic allows a malicious HTTP server to set "super cookies" that bypass the Public Suffix List check. This enables an attacker-controlled origin to inject cookies that curl subsequently scopes and transmits to unrelated third-party domains...

9.1CVSS5.9AI score0.00649EPSS
Exploits1References1Affected Software2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.22 views

PT-2026-51747

Name of the Vulnerable Software and Affected Versions curl affected versions not specified Description A flaw in the cookie parsing logic allows a malicious HTTP server to set super cookies that bypass the Public Suffix List check. This enables an attacker-controlled origin to inject cookies that...

9.1CVSS5.8AI score0.00649EPSS
Exploits1References29
Cvelist
Cvelist
added 2026/06/21 1:26 p.m.28 views

CVE-2026-56251 Capgo - Privilege Escalation via Broken Row Level Security in org_users

Capgo before 12.128.2 contains a broken row level security policy in the orgusers table that allows authenticated users to elevate privileges from admin to superadmin. Attackers can exploit the insufficient RLS enforcement to gain unauthorized superadmin access and compromise system security...

7CVSS0.00246EPSS
Exploits0References2
CVE
CVE
added 2026/06/21 1:26 p.m.14 views

CVE-2026-56251

Capgo before 12.128.2 contains a broken row-level security policy in the org_users table that can let authenticated users elevate privileges from admin to super_admin due to insufficient RLS enforcement, enabling unauthorized super_admin access and system compromise. The issue is documented with ...

7CVSS5.8AI score0.00246EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/21 1:26 p.m.6 views

EUVD-2026-38168

Capgo before 12.128.2 contains a broken row level security policy in the orgusers table that allows authenticated users to elevate privileges from admin to superadmin. Attackers can exploit the insufficient RLS enforcement to gain unauthorized superadmin access and compromise system security...

7CVSS5.8AI score0.00246EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.14 views

PT-2026-51222

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description A broken row level security RLS policy in the org users table allows authenticated users to elevate their privileges from admin to super admin. This insufficient RLS enforcement enables attackers to...

7CVSS5.9AI score0.00246EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/20 12:34 a.m.9 views

EUVD-2026-38094

Capgo before 12.128.2 contains a flaw in the Enforce Password Policy feature: after a Super Admin enables the policy and successfully changes their password to a compliant one, the backend does not update the password-compliance state. As a result, the backend continues to treat the account as...

6.9CVSS5.9AI score0.00299EPSS
Exploits0References3
NVD
NVD
added 2026/06/19 10:16 p.m.18 views

CVE-2026-56080

Capgo before 12.128.2 contains a flaw in the Enforce Password Policy feature: after a Super Admin enables the policy and successfully changes their password to a compliant one, the backend does not update the password-compliance state. As a result, the backend continues to treat the account as...

6.9CVSS0.00299EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/06/15 10:0 a.m.84 views

Exploit for CVE-2026-37071

CVE-2026-37071 Arbitrary File Rename Leading to Privilege Esca...

5.4AI score
Exploits0
OSV
OSV
added 2026/06/12 6:27 p.m.12 views

GHSA-9WCP-79G5-5C3C Appsmith Super User Creation Race Condition Allows Multiple Instance Administrators

Summary The /api/v1/users/super endpoint enforces a restriction that only one super user Instance Administrator can be created during initial setup. However, due to a Time-of-Check-Time-of-Use TOCTOU race condition in the signupAndLoginSuper method, concurrent requests can bypass this restriction...

8.1CVSS5.4AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/12 6:27 p.m.41 views

Appsmith Super User Creation Race Condition Allows Multiple Instance Administrators

Summary The /api/v1/users/super endpoint enforces a restriction that only one super user Instance Administrator can be created during initial setup. However, due to a Time-of-Check-Time-of-Use TOCTOU race condition in the signupAndLoginSuper method, concurrent requests can bypass this restriction...

5.3AI score
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:47 p.m.12 views

CVE-2026-6356

A vulnerability in the web application allows standard users to escalate their privileges to those of a super administrator through parameter manipulation, enabling them to access and modify sensitive information...

9.6CVSS5.5AI score0.00287EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:34 p.m.12 views

CVE-2026-10070

A vulnerability was found in macrozheng mall up to 1.0.3. This affects an unknown function of the file /admin/update/ of the component Super Admin Password Handler. Performing a manipulation results in improper authorization. Remote exploitation of the attack is possible. The vendor deleted the...

5.8CVSS5.2AI score0.00218EPSS
Exploits0References1
Rows per page
Query Builder