Lucene search
K

2573 matches found

NVD
NVD
added yesterday5 views

CVE-2026-31985

When the upstream Guardian or CMC was configured in the Remote Collector via n2os-tui, the generated configuration disabled TLS certificate verification, and no option was provided to enable it. A malicious actor could perform a man-in-the-middle attack and intercept the communication between the...

8.3CVSS0.00121EPSS
Exploits0References1
EUVD
EUVD
added yesterday5 views

EUVD-2026-42535

When the upstream Guardian or CMC was configured in the Remote Collector via n2os-tui, the generated configuration disabled TLS certificate verification, and no option was provided to enable it. A malicious actor could perform a man-in-the-middle attack and intercept the communication between the...

8.3CVSS6AI score0.00121EPSS
Exploits0References1
CVE
CVE
added 3 days ago37 views

CVE-2026-46354

Summary: A PKCS#7 signature bypass in Coder (Coder v2 before patches) allows unauthenticated token theft via Azure instance identity. The issue stems from azureidentity.Validate() validating only the signer certificate chain, not the signature itself, enabling forged PKCS#7 envelopes containing a...

9.1CVSS6.1AI score0.0026EPSS
Exploits0References8Affected Software1
Nuclei
Nuclei
added 3 days ago122 views

Langflow AI <= 1.6.9 - CORS Misconfiguration

Langflow AI versions 1.6.9 and earlier are vulnerable to a CORS misconfiguration that allows any origin to make credentialed requests. Combined with SameSite=None cookies, this enables cross-origin token theft and subsequent remote code execution via the /api/v1/validate/code endpoint. id:...

9.4CVSS8AI score0.7889EPSS
Exploits3References3
NVD
NVD
added 3 days ago8 views

CVE-2026-34198

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the TrustProxies middleware trusts all proxies $proxies = '', accepting X-Forwarded-Host from any source. The TrustHosts middleware, intended to prevent host header attacks...

5.3CVSS0.00139EPSS
Exploits0References4
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-41984

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the TrustProxies middleware trusts all proxies $proxies = '', accepting X-Forwarded-Host from any source. The TrustHosts middleware, intended to prevent host header attacks...

5.3CVSS6AI score0.00139EPSS
Exploits0References4
CVE
CVE
added 3 days ago10 views

CVE-2026-34198

CVE-2026-34198 concerns Coolify prior to 4.0.0-beta.471. The vulnerability stems from TrustProxies trusting all proxies and accepting X-Forwarded-Host from any source, combined with a circular dependency in TrustHosts that prevents host validation. As a result, when a password reset is requested,...

5.3CVSS6AI score0.00139EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/07/02 6:15 a.m.9 views

CVE-2026-13323

A flaw was found in Open VSX Registry. The /vscode/unpkg/ endpoint serves user-supplied HTML files with a Content-Type of text/html without Content-Security-Policy or Content-Disposition: attachment response headers. An attacker with a registered publisher account can upload a VSIX containing a...

8.7CVSS5.6AI score0.0019EPSS
Exploits1References5
NVD
NVD
added 2026/07/01 12:16 p.m.6 views

CVE-2026-13323

In Open VSX Registry before 1.0.2, the /vscode/unpkg/ endpoint serves user-supplied HTML files with Content-Type: text/html and without a Content-Security-Policy or Content-Disposition: attachment response header. An unauthenticated attacker can register a publisher account, upload a VSIX...

8.7CVSS0.0019EPSS
Exploits1References2
Snyk
Snyk
added 2026/06/29 7:29 p.m.5 views

Sensitive Cookie Without "HttpOnly" Flag

Overview Affected versions of this package are vulnerable to Sensitive Cookie Without "HttpOnly" Flag via missing HttpOnly and Secure attributes on the pinpointJwt session cookie. An attacker can access session tokens by exploiting stored or reflected cross-site scripting to exfiltrate the cookie...

7.6CVSS5.9AI score0.00126EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/26 5:23 p.m.6 views

CVE-2026-47775

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, the OAuth2 HTTP filter's encrypt/decrypt functions use AES-256-CBC without an authentication tag no HMAC, no AEAD. The /callback endpoint returns HTTP 302 on...

6.8CVSS5.9AI score0.00219EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/06/26 5:23 p.m.21 views

CVE-2026-47775

Envoy OAuth2 filter vulnerability (CVE-2026-47775): prior to versions 1.35.11, 1.36.7, 1.37.3, and 1.38.1, the encrypt()/decrypt() path uses AES-256-CBC without an authentication tag (no HMAC/AEAD), enabling a padding oracle via the /callback endpoint. An attacker with the encrypted CodeVerifier ...

6.8CVSS5.9AI score0.00219EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/06/26 5:23 p.m.35 views

CVE-2026-47775 Envoy OAuth2 Filter: Padding Oracle via AES-256-CBC Cookie Decryption

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, the OAuth2 HTTP filter's encrypt/decrypt functions use AES-256-CBC without an authentication tag no HMAC, no AEAD. The /callback endpoint returns HTTP 302 on...

6.8CVSS0.00219EPSS
Exploits1References1
OSV
OSV
added 2026/06/25 10:34 p.m.5 views

GO-2026-5737 Authorizer: Password reset token theft and full auth token redirect via unvalidated redirect_uri in github.com/authorizerdev/authorizer

Authorizer: Password reset token theft and full auth token redirect via unvalidated redirecturi in github.com/authorizerdev/authorizer...

5.8AI score
Exploits0References4
OSV
OSV
added 2026/06/25 6:43 p.m.3 views

GO-2026-5196 Coder: PKCS#7 signature bypass in Azure instance identity allows unauthenticated agent token theft in github.com/coder/coder

Coder: PKCS7 signature bypass in Azure instance identity allows unauthenticated agent token theft in github.com/coder/coder...

9.1CVSS5.8AI score0.0026EPSS
Exploits0References8
Snyk
Snyk
added 2026/06/25 6:43 p.m.4 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the PKCS7 signature verification process for Azure instance identity. An attacker can obtain agent tokens without authentication by bypassing signature validation. Remediation Upgrade...

9.3CVSS5.8AI score0.0026EPSS
Exploits0References3
NVD
NVD
added 2026/06/25 5:16 p.m.7 views

CVE-2026-54030

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.5, LibreChat's MCP OAuth implementation does not validate that the resource parameter from OAuth Protected Resource metadata RFC 9728 matches the configured MCP server URL, allowing a malicious MCP server to...

9.3CVSS0.00113EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/06/25 4:7 p.m.12 views

CVE-2026-55412

ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI agents. Prior to 3.20.178-lts, there's an SSRF in the RestAPI data source component. The RestAPI data source executes HTTP requests server-side, and its private IP filter only...

8.3CVSS5.9AI score0.00193EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/25 4:7 p.m.15 views

CVE-2026-55412

ToolJet (open-source platform) Vulnerability: SSRF in the RestAPI data source component allows authenticated users to induce server-side HTTP requests that bypass its private IP filter via DNS trickery (169.254.169.254.nip.io), potentially stealing Azure managed identity tokens for the AKS produc...

8.3CVSS5.9AI score0.00193EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 3:48 p.m.16 views

CVE-2026-54030

CVE-2026-54030 affects LibreChat (MCP OAuth flow). Before v0.8.5, the OAuth Protected Resource metadata’s resource parameter is not validated against the MCP server URL, enabling a malicious MCP server to steal access tokens intended for a legitimate server. Affected version range includes pre-0....

9.3CVSS5.9AI score0.00113EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder