Lucene search
+L

649 matches found

NVD
NVD
added 2 days ago4 views

CVE-2026-48736

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 5.4.0 to 5.4.53, 6.4.41, 7.4.13, and 8.0.13, NoPrivateNetworkHttpClient and IpUtils::PRIVATESUBNETS omitted IPv6 transition prefixes such as 6to4, NAT64, Teredo, and IPv4-compatible IPv6, allowi...

8.6CVSS0.00457EPSS
Exploits0References6
Cvelist
Cvelist
added 6 days ago31 views

CVE-2026-55187 Mailpit: Incomplete SSRF protection in Link Check API via IPv6 transition mechanisms (follow-up to CVE-2026-27808)

Mailpit is an email testing tool and API for developers. Prior to 1.30.2, the remediation shipped for CVE-2026-27808 is incomplete because the tools.IsInternalIP deny-list in internal/tools/net.go relies on Go's standard library classification helpers and does not block IPv6 transition mechanisms...

5.8CVSS0.00282EPSS
Exploits0References3
CVE
CVE
added 6 days ago21 views

CVE-2026-55187

Mailpit contains an SSRF protection gap in Link Check API prior to v1.30.2. The internal IsInternalIP deny-list only blocks common IPv4 private/local addresses and CGNAT, and does not recognize several IPv6 forms that embed IPv4 destinations or IPv6 prefixes outside standard private ranges. Bypas...

5.8CVSS6.1AI score0.00282EPSS
Exploits0References3
OSV
OSV
added 2026/07/07 7:16 p.m.1 views

CVE-2026-48955

An improper access check allows unauthorized users to access workflow stage and transition information...

6.5CVSS6.1AI score
Exploits0References1
NVD
NVD
added 2026/07/07 7:16 p.m.12 views

CVE-2026-48955

An improper access check allows unauthorized users to access workflow stage and transition information...

6.5CVSS0.00208EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/07 5:31 p.m.6 views

CVE-2026-48955

An improper access check allows unauthorized users to access workflow stage and transition information...

6.4CVSS6AI score0.00208EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/07/07 5:31 p.m.6 views

CVE-2026-48955 Joomla! Core - [20260709] - Incorrect Access Control in com_workflow

An improper access check allows unauthorized users to access workflow stage and transition information...

6.4CVSS6AI score0.00208EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/07 5:31 p.m.6 views

EUVD-2026-42066

An improper access check allows unauthorized users to access workflow stage and transition information...

6.4CVSS6AI score0.00208EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.10 views

PT-2026-56228

Name of the Vulnerable Software and Affected Versions Joomla! Core affected versions not specified Description An improper access check allows unauthorized users to access workflow stage and transition information within the com workflow component. Recommendations At the moment, there is no...

6.5CVSS6.1AI score0.00208EPSS
Exploits0References5
OSV
OSV
added 2026/07/06 5:30 p.m.9 views

GHSA-794R-5RP2-FPG8 flyto-core has SSRF guard bypass via IPv6 transition addresses (IPv4-mapped / 6to4 / NAT64) in validate_url_ssrf

Summary flyto-core's SSRF protection validateurlssrf / isprivateip in src/core/utils.py blocks private and metadata destinations by resolving the host and testing the resulting IP for membership in a hardcoded PRIVATEIPRANGES list. That list contains only the native RFC 1918 / loopback / link-loc...

7.1CVSS6.1AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/06 8:9 a.m.7 views

CVE-2026-48206

Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel JIRA component. The camel-jira producers read their operation parameters - the issue key, project key, transition id, summary, type, assignee, components, watchers, link type, work-log minute...

6.1AI score0.00349EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.8 views

PT-2026-56088

Name of the Vulnerable Software and Affected Versions flyto-core affected versions not specified Description An issue exists in the Server-Side Request Forgery SSRF protection mechanism within src/core/utils.py. The is private ip function and validate url ssrf guard only check for native RFC 1918...

7.1CVSS6.1AI score
Exploits0References7
Snyk
Snyk
added 2026/07/04 11:13 a.m.6 views

Improper Resource Shutdown or Release

Overview Affected versions of this package are vulnerable to Improper Resource Shutdown or Release via the RRCInactiveTransitionReport function of the NGAP Message Handler component. An attacker can cause a service disruption by sending specially crafted messages remotely. Remediation Upgrade...

5.3CVSS6AI score0.00522EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/04 11:13 a.m.5 views

Improper Resource Shutdown or Release

Overview Affected versions of this package are vulnerable to Improper Resource Shutdown or Release via the RRCInactiveTransitionReport function of the NGAP Message Handler component. An attacker can cause a service disruption by sending specially crafted messages remotely. Remediation Upgrade...

5.3CVSS6AI score0.00522EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/04 11:13 a.m.5 views

Improper Resource Shutdown or Release

Overview Affected versions of this package are vulnerable to Improper Resource Shutdown or Release via the RRCInactiveTransitionReport function of the NGAP Message Handler component. An attacker can cause a service disruption by sending specially crafted messages remotely. Remediation Upgrade...

5.3CVSS6AI score0.00522EPSS
Exploits0References2
NVD
NVD
added 2026/07/04 10:16 a.m.8 views

CVE-2026-14623

A vulnerability was determined in omec-project amf up to 2.1.1. This issue affects the function RRCInactiveTransitionReport of the component NGAP Message Handler. Executing a manipulation can lead to denial of service. The attack may be performed from remote. The exploit has been publicly disclos...

5.3CVSS0.00522EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/07/04 9:45 a.m.39 views

CVE-2026-14623 omec-project amf NGAP Message RRCInactiveTransitionReport denial of service

A vulnerability was determined in omec-project amf up to 2.1.1. This issue affects the function RRCInactiveTransitionReport of the component NGAP Message Handler. Executing a manipulation can lead to denial of service. The attack may be performed from remote. The exploit has been publicly disclos...

5.3CVSS0.00522EPSS
Exploits0References8
CVE
CVE
added 2026/07/04 9:45 a.m.18 views

CVE-2026-14623

CVE-2026-14623 affects omec-project amf up to 2.1.1. The vulnerability lies in the NGAP Message Handler function RRCInactiveTransitionReport, where manipulation can cause a remote denial of service. Exploit code maturity is shown as PROOF-OF-CONCEPT, and a public exploit has been disclosed. A pat...

5.3CVSS5.5AI score0.00522EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/07/04 9:45 a.m.7 views

CVE-2026-14623

A vulnerability was determined in omec-project amf up to 2.1.1. This issue affects the function RRCInactiveTransitionReport of the component NGAP Message Handler. Executing a manipulation can lead to denial of service. The attack may be performed from remote. The exploit has been publicly disclos...

5.3CVSS5.5AI score0.00522EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2026/07/04 9:45 a.m.4 views

CVE-2026-14623 omec-project amf NGAP Message RRCInactiveTransitionReport denial of service

A vulnerability was determined in omec-project amf up to 2.1.1. This issue affects the function RRCInactiveTransitionReport of the component NGAP Message Handler. Executing a manipulation can lead to denial of service. The attack may be performed from remote. The exploit has been publicly disclos...

5.3CVSS5.4AI score0.00522EPSS
Exploits0References10
Rows per page
Query Builder