Lucene search
K

4 matches found

Nuclei
Nuclei
added 13 hours ago20 views

Apache ActiveMQ - Remote Code Execution via HTTP Discovery Transport Bypass

Apache ActiveMQ before 5.19.6 and 6.0.0 through 6.2.4 is vulnerable to remote code execution via a bypass of the CVE-2026-34197 security fix. The original fix blocked the "vm://" transport scheme in BrokerView.addNetworkConnector and BrokerView.addConnector to prevent authenticated attackers from...

8.8CVSS7.2AI score0.96666EPSS
Exploits13References4
CVE
CVE
added 2026/05/13 4:54 p.m.58 views

CVE-2026-44575

Summary: CVE-2026-44575 affects Next.js App Router: middleware/proxy authorization checks can be bypassed via transport-specific route variants used for segment prefetching. Specifically, in versions 15.2.0–before 15.5.16 and 16.2.5, specially crafted .rsc and segment-prefetch URLs can resolve to...

7.5CVSS5.8AI score0.01523EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/04/28 10:54 p.m.12 views

GHSA-VP29-5652-4FW9 CoreDNS has TSIG authentication bypass on gRPC and QUIC transports

Summary The gRPC, QUIC, DoH, and DoH3 transports in CoreDNS incorrectly handle TSIG authentication. For gRPC and QUIC, CoreDNS checks whether the TSIG key name exists in the config, but does not actually verify the TSIG HMAC. If the key name matches, tsigStatus remains nil and the tsig plugin...

8.2CVSS5.9AI score0.0051EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2023/06/05 11:46 a.m.7 views

curl: HSTS bypass via IDN

A vulnerability was found in curl. The issue can occur when curl's HSTS check is bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of an insecure clear-text HTTP step even when providing HTTP in the URL. Suppose the hostname in the given...

7.5CVSS6.7AI score0.1654EPSS
Exploits1References5
Rows per page
Query Builder