Lucene search
+L

17278 matches found

CVE
CVE
added yesterday11 views

CVE-2026-53727

Summary: Multiple sources confirm a vulnerability in css_parser prior to 3.0.0 where CssParser::Parser#read_remote_file, Parser#load_uri!, and Parser#add_block! follow HTTP(S) redirects and even service file:// URIs without proper host/scheme filtering, enabling SSRF to internal hosts and potenti...

8.9CVSS5.5AI score
Exploits0References4
CVE
CVE
added yesterday21 views

CVE-2026-47184

CVE-2026-47184 affects the python-zeroconf project. DNSCache._async_add can insert every response record into cache, expirations, expire_heap, and service_cache without a cap, enabling unauthenticated LAN hosts on UDP/5353 (224.0.0.251 / ff02::fb) to multicast valid mDNS responses with unique nam...

6.5CVSS5.2AI score0.00023EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added yesterday5 views

SUSE CVE-2024-10006

A vulnerability was identified in Consul and Consul Enterprise “Consul” such that using Headers in L7 traffic intentions could bypass HTTP header based access rules...

5.8CVSS7.1AI score0.00473EPSS
Exploits0References5
CVE
CVE
added 2 days ago8 views

CVE-2026-35146

The CVE-2026-35146 record concerns HCL DFXServer and describes an Unencrypted Communication vulnerability. The issue allows connections over unencrypted HTTP channels, enabling a remote attacker to intercept traffic and access sensitive data transmitted between the user and the server. The provid...

6.3CVSS6.1AI score0.00116EPSS
Exploits0References1
Nuclei
Nuclei
added 2 days ago67 views

WordPress Visitor Statistics (Real Time Traffic) <4.8 -SQL Injection

WordPress Visitor Statistics Real Time Traffic plugin before 4.8 does not properly sanitize and escape the refUrl in the refDetails AJAX action, which is available to any authenticated user. This could allow users with a role as low as subscriber to perform SQL injection attacks. id: CVE-2021-247...

8.8CVSS7AI score0.38298EPSS
Exploits5References5
NVD
NVD
added 3 days ago6 views

CVE-2026-56743

Cilium is a networking, observability, and security solution. From 1.19.0 to 1.19.4, standard Kubernetes NetworkPolicy specifications using CIDR-based ipBlock rules without pod or namespace selectors erroneously generate a wildcard namespace allow rule when Cilium is configured with a custom...

5.4CVSS0.00158EPSS
Exploits0References6
NVD
NVD
added 3 days ago6 views

CVE-2026-56742

Cilium is a networking, observability, and security solution. Prior to 1.17.17, 1.18.11, and 1.19.5, Cilium clusters using Gateway API allow users with permissions to create or update namespaced HTTPRoutes to mirror HTTP traffic to any Service in any namespace, bypassing the ReferenceGrant...

8.9CVSS0.002EPSS
Exploits0References8
NVD
NVD
added 3 days ago5 views

CVE-2026-49445

Cilium is a networking, observability, and security solution. Prior to 1.17.14, 1.18.8, and 1.19.2, when Cilium L7 functionality is enabled, the embedded or standalone Envoy instance creates a world-accessible admin.sock on cluster nodes, allowing a local attacker to access Envoy admin endpoints,...

9.2CVSS0.0017EPSS
Exploits0References6
NVD
NVD
added 3 days ago5 views

CVE-2026-40955

CVE-2026-40955 is an integer underflow vulnerability in the traffic parsing function of Secure Access clients prior to 14.55. Attackers with intimate knowledge of and total control over the tunnel protocol can create a non-persistent DoS against their client...

3.7CVSS0.00201EPSS
Exploits0References1
NVD
NVD
added 3 days ago5 views

CVE-2026-40954

CVE-2026-40954 is an integer underflow vulnerability in the traffic parsing function of Secure Access clients prior to 14.55. Attackers with intimate knowledge of and total control over the tunnel protocol can create a non-persistent DoS against their client...

3.7CVSS0.00201EPSS
Exploits0References1
EUVD
EUVD
added 3 days ago7 views

EUVD-2026-44788

CVE-2026-40955 is an integer underflow vulnerability in the traffic parsing function of Secure Access clients prior to 14.55. Attackers with intimate knowledge of and total control over the tunnel protocol can create a non-persistent DoS against their client...

2.1CVSS6.1AI score0.00201EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago33 views

CVE-2026-40955 Integer underflow vulnerability in Secure Access clients

CVE-2026-40955 is an integer underflow vulnerability in the traffic parsing function of Secure Access clients prior to 14.55. Attackers with intimate knowledge of and total control over the tunnel protocol can create a non-persistent DoS against their client...

2.1CVSS0.00201EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 3 days ago4 views

CVE-2026-40955

CVE-2026-40955 is an integer underflow vulnerability in the traffic parsing function of Secure Access clients prior to 14.55. Attackers with intimate knowledge of and total control over the tunnel protocol can create a non-persistent DoS against their client...

3.7CVSS6.1AI score0.00201EPSS
Exploits0References2
CVE
CVE
added 3 days ago7 views

CVE-2026-40955

CVE-2026-40955 describes an integer underflow in the traffic parsing function of Secure Access clients prior to 14.55. The vulnerability allows attackers with intimate knowledge of and total control over the tunnel protocol to cause a non-persistent Denial of Service against their client. Affecte...

3.7CVSS6.1AI score0.00201EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 3 days ago7 views

EUVD-2026-44787

CVE-2026-40954 is an integer underflow vulnerability in the traffic parsing function of Secure Access clients prior to 14.55. Attackers with intimate knowledge of and total control over the tunnel protocol can create a non-persistent DoS against their client...

2.1CVSS6.1AI score0.00201EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 3 days ago3 views

CVE-2026-40954

CVE-2026-40954 is an integer underflow vulnerability in the traffic parsing function of Secure Access clients prior to 14.55. Attackers with intimate knowledge of and total control over the tunnel protocol can create a non-persistent DoS against their client...

3.7CVSS6.1AI score0.00201EPSS
Exploits0References2
CVE
CVE
added 3 days ago8 views

CVE-2026-40954

The CVE-2026-40954 entry describes an integer underflow in the traffic parsing function of Secure Access clients prior to 14.55. The vulnerability can be exploited by attackers with intimate knowledge of and total control over the tunnel protocol to cause a non-persistent DoS against their client...

3.7CVSS6.1AI score0.00201EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 3 days ago36 views

CVE-2026-56743 Cilium may unexpectedly allow ingress traffic from the local namespace when a Kubernetes NetworkPolicy is configured with an ipBlock match

Cilium is a networking, observability, and security solution. From 1.19.0 to 1.19.4, standard Kubernetes NetworkPolicy specifications using CIDR-based ipBlock rules without pod or namespace selectors erroneously generate a wildcard namespace allow rule when Cilium is configured with a custom...

5.4CVSS0.00158EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 3 days ago6 views

nodejs: Node.js: Silent authority rebinding due to embedded-nul hostnames in TLS handling

A flaw was found in Node.js. This vulnerability in the TLS Transport Layer Security hostname handling allows embedded null characters in hostnames. This can lead to silent authority rebinding, potentially enabling an attacker to redirect network traffic to an unintended server and disclose...

9.8CVSS6.6AI score0.00405EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 3 days ago5 views

undici: undici: Information disclosure and data integrity issues due to incorrect Socks5ProxyAgent connection routing

A flaw was found in undici. When using Socks5ProxyAgent, undici incorrectly reuses a single connection pool across different origins. This can lead to cross-origin request routing, where sensitive credentials and data intended for one destination are sent to another. Consequently, responses from...

8.8CVSS6.6AI score0.00358EPSS
Exploits0References6
Rows per page
Query Builder