Lucene search
K

358 matches found

Snyk
Snyk
added 2026/06/29 7:29 p.m.5 views

Sensitive Cookie Without "HttpOnly" Flag

Overview Affected versions of this package are vulnerable to Sensitive Cookie Without "HttpOnly" Flag via missing HttpOnly and Secure attributes on the pinpointJwt session cookie. An attacker can access session tokens by exploiting stored or reflected cross-site scripting to exfiltrate the cookie...

7.6CVSS5.9AI score0.00126EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/26 3:45 p.m.10 views

Malicious code in react-dynammic-table-component (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d47aff9bb18dcd61350fa86e19d97ddee5ee7c5bdf7f0adea4a685e89d58fa4f [email protected] declares a preinstall lifecycle script node dist/setup.js that runs automatically on npm install. The script...

6.1AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.9 views

RHEL 9 : Red Hat Ansible Automation Platform 2.6 Product Security Update (Critical) (RHSA-2026:28377)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:28377 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can...

9.6CVSS6AI score0.0037EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/23 6:53 p.m.9 views

Critical: Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.5 Product Security Update

An update is now available for Red Hat Ansible Automation Platform 2.5 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

9.6CVSS5.9AI score0.0037EPSS
Exploits0References2
CVE
CVE
added 2026/06/19 1:12 p.m.30 views

CVE-2026-44915

CVE-2026-44915 is an Open Redirect vulnerability in Apache APISIX related to the cas-auth plugin in its default configuration. The issue affects Apache APISIX versions 3.0.0 through 3.16.0 and could enable phishing and credential theft. Apache recommends upgrading to version 3.17.0, which contain...

6.1CVSS5.8AI score0.004EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/12 12:51 p.m.29 views

CVE-2026-45670 Nuxt: Dev server exposes built source over LAN to malicious sites (incomplete fix for GHSA-4gf7-ff8x-hq99)

Nuxt is an open-source web development framework for Vue.js. In @nuxt/rspack-builder and @nuxt/webpack-builder versions 3.15.4 to before 3.21.6, and 4.0.0-alpha.1 to before 4.4.6, there is an incomplete fix for GHSA-4gf7-ff8x-hq99. Source code may be stolen during dev when using the webpack /...

5.9CVSS0.00208EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.16 views

Splunk Enterprise 输入验证错误漏洞

Splunk Cloud Platform and Splunk Enterprise are both products of the American company Splunk. Splunk Cloud Platform is a powerful service for data collection, processing, and analysis. Splunk Enterprise is a suite of software for data collection and analysis. There is an input validation...

5.7CVSS5.9AI score0.00247EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:19 p.m.9 views

CVE-2026-49202

Internal multimedia session archives are accessible without authentication, exacerbated by loose Cross-Origin Resource Sharing CORS rules that allow cross-site theft...

8.8CVSS5.3AI score0.00257EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.11 views

GNCC GP5 安全漏洞

GNCC GP5 is a 2K indoor security camera produced by GNCC Corporation. The GNCC GP5 v7.1.76 version contains a security vulnerability. This vulnerability stems from the practice of storing the pre-signed Backblaze B2 upload URL as plain text in the serial console. This could allow physically...

7.1CVSS5.4AI score0.00093EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/28 8:45 p.m.13 views

EUVD-2026-33055

LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, LinkAce contains a stored cross-site scripting vulnerability that allows a low-privilege user to execute arbitrary JavaScript in an administrator's browser session. This affects instances configured with SSO/OAuth...

8.5CVSS5.9AI score0.00306EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 2:25 a.m.41 views

CVE-2026-48999 Stored Cross-Site Scripting (XSS) vulnerability in ZTE ZXUniPOS NDS-LTE product

Attackers carefully craft malicious scripts, such as JavaScript, and inject them into target systems; when other users access pages containing such malicious content, the scripts are automatically loaded and executed in the victim's browser.Attackers can thereby steal user cookies, hijack session...

5.7CVSS0.00169EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/26 8:14 p.m.11 views

CVE-2026-41147

NukeViet CMS is a multi Content Management System. Versions 4.5.07 and prior contain a Stored Cross-Site Scripting XSS vulnerability caused by insufficient server-side input sanitization in the Request class. The application relies primarily on client-side filtering to sanitize HTML tags and...

8.7CVSS5.8AI score0.00349EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/26 6:0 p.m.11 views

Cross-site Scripting (XSS)

Overview @typebot.io/js is a Javascript library to display typebots on your website Affected versions of this package are vulnerable to Cross-site Scripting XSS via the href attribute in anchor tags rendered from user-controlled content. An attacker can execute arbitrary JavaScript in the context...

6.1CVSS5.8AI score0.00241EPSS
Exploits0References2
OSV
OSV
added 2026/05/09 12:31 p.m.11 views

OESA-2026-2218 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. MultiPartParser allows remote attackers to degrade performance by submitting multipart uploads wi...

9.8CVSS5.8AI score0.00879EPSS
Exploits1References9
CNNVD
CNNVD
added 2026/05/09 12:0 a.m.11 views

EZVIZ APP 安全漏洞

EZVIZ APP is a mobile application developed by EZVIZ, a Chinese company, for remote monitoring and management of smart security devices. The EZVIZ APP has a security vulnerability, which stems from the use of outdated cloud function modules and legacy API interfaces. This vulnerability may allow...

5.3CVSS5.8AI score0.00088EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/05/07 9:30 p.m.12 views

Ech0's OAuth redirect URI validation ignores path component, enables exchange-code theft

Summary parseAndValidateClientRedirect at internal/service/auth/auth.go:448 validates OAuth client-redirect URIs by comparing only scheme and host against the admin-configured allowlist. Path, query, and fragment are ignored. The initiator at /oauth/:provider/login embeds the caller-supplied...

5.9AI score
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.15 views

Jupyter多款产品 跨站脚本漏洞

Jupyter Notebook is an open-source web application developed by Project Jupyter, designed for creating and sharing code along with explanatory text documents. JupyterLab is another open-source project developed by JupyterLab, offering an extensible environment for interactive and reproducible...

8.4CVSS5.8AI score0.00476EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.10 views

Twenty 代码问题漏洞

Twenty is an open-source CRM platform developed by Twenty. Versions of Twenty 1.18.0 and earlier have code vulnerabilities. These vulnerabilities stem from a flaw in the SSRF protection mechanism, which can be bypassed by IPv6 addresses mapped via IPv4. The Node.js URL parser standardizes IPv6...

8.3CVSS5.9AI score0.0024EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2026/04/26 12:0 a.m.23 views

Analysis of Personal Data Exposure in Thailand

In the digital era, personal data, particularly sensitive identifiers such as the Social Security Number and National Identification Number, have become a highly valuable asset, raising significant concerns regarding privacy and security. This study examines the risks associated with the online...

5.6AI score
Exploits0
ICS
ICS
added 2026/04/23 6:0 a.m.7 views

Yadea T5 Electric Bicycle

RISK EVALUATION Successful exploitation of this vulnerability could result in an attacker being able to unlock and start the bicycle, leading to vehicle theft. 2. RECOMMENDED PRACTICES CISA provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics...

7.3CVSS5.7AI score0.00275EPSS
Exploits0References10
Rows per page
Query Builder