Lucene search
K

9163 matches found

Positive Technologies
Positive Technologies
added 4 days ago9 views

PT-2026-56080

Name of the Vulnerable Software and Affected Versions Coder versions 2.30.0 through 2.32.6 Coder versions 2.33.0 through 2.33.7 Coder versions 2.34.0 through 2.34.1 Description The AI Bridge Proxy aibridgeproxyd creates a goproxy server that, by default, sets InsecureSkipVerify: true. In...

7.4CVSS5.9AI score0.00258EPSS
Exploits0References8
EUVD
EUVD
added 6 days ago8 views

EUVD-2026-41678

A vulnerability was found in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 95dfa8cebbb87ab46ae450643a07241274a74dce. Affected by this issue is the function setReferrer of the file application/core/MYController.php of the component Trusted Backend Interface. The manipulation of the argument hr...

5.3CVSS5.5AI score0.00273EPSS
Exploits0References7
CVE
CVE
added 6 days ago18 views

CVE-2026-14632

The CVE covers a vulnerability in kirilkirkov Ecommerce-CodeIgniter-Bootstrap (up to commit 95dfa8ce…). The vulnerable component is function setReferrer in application/core/MY_Controller.php (Trusted Backend Interface). The issue arises from manipulating the href argument, causing an open redirec...

5.3CVSS5.5AI score0.00273EPSS
Exploits0References7
Cvelist
Cvelist
added 6 days ago32 views

CVE-2026-14632 kirilkirkov Ecommerce-CodeIgniter-Bootstrap Trusted Backend MY_Controller.php setReferrer redirect

A vulnerability was found in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 95dfa8cebbb87ab46ae450643a07241274a74dce. Affected by this issue is the function setReferrer of the file application/core/MYController.php of the component Trusted Backend Interface. The manipulation of the argument hr...

5.3CVSS0.00273EPSS
Exploits0References7
Snyk
Snyk
added last week4 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass due to the default configuration of REVERSEPROXYTRUSTEDPROXIES allowing all sources. An attacker can gain unauthorized access by sending spoofed reverse-proxy authentication headers such as X-WEBAUTH-USER...

9.8CVSS7.4AI score0.00783EPSS
Exploits4References2
Snyk
Snyk
added last week4 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass due to the default configuration of REVERSEPROXYTRUSTEDPROXIES allowing all sources. An attacker can gain unauthorized access by sending spoofed reverse-proxy authentication headers such as X-WEBAUTH-USER...

9.8CVSS7.4AI score0.00783EPSS
Exploits4References2
Snyk
Snyk
added last week5 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass due to the default configuration of REVERSEPROXYTRUSTEDPROXIES allowing all sources. An attacker can gain unauthorized access by sending spoofed reverse-proxy authentication headers such as X-WEBAUTH-USER...

9.8CVSS7.4AI score0.00783EPSS
Exploits4References2
Snyk
Snyk
added last week4 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass due to the default configuration of REVERSEPROXYTRUSTEDPROXIES allowing all sources. An attacker can gain unauthorized access by sending spoofed reverse-proxy authentication headers such as X-WEBAUTH-USER...

9.8CVSS7.4AI score0.00783EPSS
Exploits4References2
NVD
NVD
added last week9 views

CVE-2026-20896

Gitea Docker image versions up to and including 1.26.2 use REVERSEPROXYTRUSTEDPROXIES= by default, allowing any source IP to impersonate a user when reverse-proxy authentication headers such as X-WEBAUTH-USER are enabled...

9.8CVSS0.00783EPSS
Exploits4References4
CVE
CVE
added last week148 views

CVE-2026-20896

CVE-2026-20896 affects Gitea Docker images up to and including 1.26.2. The root cause is the default setting REVERSE_PROXY_TRUSTED_PROXIES=*, which can let an attacker impersonate a user when reverse-proxy authentication headers (e.g., X-WEBAUTH-USER) are enabled. Several sources document this, i...

9.8CVSS7.1AI score0.00783EPSS
Exploits4References4
NVD
NVD
added last week11 views

CVE-2026-46466

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an use of less trusted source vulnerability. A high privileged attacker with...

2.7CVSS0.00109EPSS
Exploits0References1
Cvelist
Cvelist
added last week35 views

CVE-2026-46466

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an use of less trusted source vulnerability. A high privileged attacker with...

2.7CVSS0.00109EPSS
Exploits0References1
EUVD
EUVD
added last week9 views

EUVD-2026-41544

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an use of less trusted source vulnerability. A high privileged attacker with...

2.7CVSS6AI score0.00109EPSS
Exploits0References1
CVE
CVE
added last week16 views

CVE-2026-46466

CVE-2026-46466 affects Dell PowerProtect Data Domain: 7.7.1.0–8.7; LTS2026: 8.6.1.0–8.6.1.10; LTS2025: 8.3.1.0–8.3.1.30; LTS2024: 7.13.1.0–7.13.1.70. The issue is a use of less trusted source vulnerability that could be exploited by a high-privileged attacker with remote access to cause informati...

2.7CVSS6AI score0.00109EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.11 views

PT-2026-55541

Name of the Vulnerable Software and Affected Versions Dell PowerProtect Data Domain versions 7.7.1.0 through 8.7 Dell PowerProtect Data Domain versions 8.6.1.0 through 8.6.1.10 Dell PowerProtect Data Domain versions 8.3.1.0 through 8.3.1.30 Dell PowerProtect Data Domain versions 7.13.1.0 through...

2.7CVSS6AI score0.00109EPSS
Exploits0References8
OSV
OSV
added 2026/07/02 5:18 p.m.5 views

GHSA-W5WW-7CHG-MXCQ OpenClaw: Telegram interactive callbacks could skip commands.allowFrom

Summary Telegram interactive callbacks could skip commands.allowFrom. In affected versions, a Telegram user able to invoke an affected callback could mark the callback as an authorized sender before applying commands.allowFrom. This advisory is scoped to the named feature and configuration. It do...

8.8CVSS6AI score0.00312EPSS
Exploits0References2
OSV
OSV
added 2026/07/02 4:57 p.m.11 views

GHSA-V8CX-933X-R976 OpenClaw: Fake package roots could influence memory-core artifact loading

Summary Fake package roots could influence memory-core artifact loading. In affected versions, a local package root resolution path influenced by workspace state could select a package root that was not the intended bundled artifact root. This advisory is scoped to the named feature and...

7.8CVSS5.9AI score0.00114EPSS
Exploits0References4
OSV
OSV
added 2026/07/02 4:43 p.m.6 views

GHSA-QJPC-QF9M-XWMR OpenClaw: Trusted-proxy Control UI WebSocket accepted client-declared scopes before pairing

Summary In trusted-proxy Control UI mode, OpenClaw accepted a WebSocket client's declared operator scopes before those scopes were bound to a server-approved pairing or trusted-proxy authorization baseline. This issue affects trusted-proxy Control UI deployments. It does not apply to shared-secre...

8.8CVSS5.8AI score0.00289EPSS
Exploits0References2
OSV
OSV
added 2026/07/02 4:23 p.m.4 views

GHSA-83W9-H5WV-J9XM OpenClaw: Node pairing reconnection could confuse approval scope state

Summary Node pairing reconnection could confuse approval scope state. In affected versions, a paired or reconnecting node session could mutate pairing state in a way that changed the approval scope decision. This advisory is scoped to the named feature and configuration. It does not change...

7.6CVSS6AI score0.00221EPSS
Exploits0References2
OSV
OSV
added 2026/07/02 4:18 p.m.3 views

GHSA-P2FH-F5FC-44HR OpenClaw: memory-wiki ingest could read local files with operator.write scope

Summary memory-wiki ingest could read local files with operator.write scope. In affected versions, a Gateway caller with operator.write access to the plugin tool could read arbitrary local file paths instead of staying within the intended ingest sources. This advisory is scoped to the named featu...

6.5CVSS6.1AI score0.00375EPSS
Exploits0References2
Rows per page
Query Builder