Lucene search
K

267 matches found

EUVD
EUVD
added yesterday6 views

EUVD-2026-43647

In Eclipse Jetty, an HTTP URI of this form: /public;/../admin/secret.txt results in an unresolved path of: /public/../admin/secret.txt instead of the expected: /admin/secret.txt Jetty itself is not affected, as it will not serve the secret.txt file because it will not pass the alias checker only...

5.3CVSS6.1AI score0.00191EPSS
Exploits1References1
CVE
CVE
added yesterday9 views

CVE-2026-8384

CVE-2026-8384 describes a URI normalization issue in the context of Eclipse Jetty: a crafted HTTP URI like "/public;/../admin/secret.txt" yields an unresolved path "/public/../admin/secret.txt" instead of the expected "/admin/secret.txt". Jetty itself remains unaffected, since it won’t serve secr...

5.3CVSS6.1AI score0.00191EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 6 days ago35 views

CVE-2026-33655 New API: SSRF Protection Bypass via Unresolved Hostname in Notification URLs

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to 0.12.0-alpha.1, the default SSRF protection configuration did not apply IP filtering to hostnames; with ApplyIPFilterForDomain disabled by default, URL validation checked domain allow/blo...

7.7CVSS0.00437EPSS
Exploits0References3
OSV
OSV
added 6 days ago3 views

CVE-2026-33655 New API: SSRF Protection Bypass via Unresolved Hostname in Notification URLs

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to 0.12.0-alpha.1, the default SSRF protection configuration did not apply IP filtering to hostnames; with ApplyIPFilterForDomain disabled by default, URL validation checked domain allow/blo...

7.7CVSS6.1AI score0.00437EPSS
Exploits0References5
CVE
CVE
added 6 days ago23 views

CVE-2026-33655

The CVE-2026-33655 issue affects New API prior to version 0.12.0-alpha.1 where SSRF protection did not apply IP filtering to hostnames by default due to ApplyIPFilterForDomain being disabled. Authenticated users could configure notification URLs (Webhook, Bark, Gotify) that resolve to internal or...

7.7CVSS5.9AI score0.00437EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/07/07 1:1 p.m.9 views

New API: SSRF Protection Bypass via Unresolved Hostname in Notification URLs

Summary The default SSRF protection configuration did not apply IP filtering to hostnames. With ApplyIPFilterForDomain disabled by default, URL validation checked domain allow/block rules but did not resolve a hostname and validate the resolved IP address. Authenticated users could configure...

7.7CVSS6AI score0.00437EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/07/03 1:32 p.m.4 views

MINI-6GFP-2FVM-4XVV

Bulletin has no description...

7.5CVSS6.4AI score0.00415EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/24 7:27 a.m.7 views

CVE-2026-54762

A flaw was found in Traefik, an HTTP reverse proxy and load balancer. When an Ingress is configured to use BasicAuth or DigestAuth, but the associated authentication secret cannot be resolved or is malformed, Traefik fails to apply the authentication middleware. This allows unauthenticated access...

8.6CVSS5.8AI score0.0036EPSS
Exploits1References5
EUVD
EUVD
added 2026/06/23 8:51 p.m.10 views

EUVD-2026-38592

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.0.0 until 2.18.8, 2.21.4, and 3.1.4, JDKFromStringDeserializer constructed InetSocketAddress with new InetSocketAddresshost, port, which performs eager DNS name resolution fo...

5.3CVSS5.9AI score0.00219EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.17 views

PT-2026-46356

Unauthenticated Local File Inclusion in Putter = 1.17 versions...

8.1CVSS5.2AI score0.00435EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/30 12:0 a.m.16 views

PT-2026-45075

Name of the Vulnerable Software and Affected Versions sambitraj STUDENT-MANAGEMENT-SYSTEM version 1.0 Description A remote SQL injection exists within the Login Page component. This occurs when the email argument is manipulated, allowing an attacker to interfere with the database queries...

7.5CVSS7.2AI score0.00259EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-45071

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - symfony - None Ubuntu Linux - Unknown description CVE-2026-45071 Note that Nessus relies on the presence of the package as reported by the vendor...

8.7CVSS5.8AI score0.00052EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: bpf: The registration of structops that uses the module ptr was rejected, and the module btfid is missing. There is a UAF report in bpfstructops when CONFIGMODULES=n. Specifically, the report relates to tcpcongestionops, which ha...

7.8CVSS6.4AI score0.00193EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Issue: ofoverlay: Early call to callchangesetinit When ofoverlayfdtapply fails, the changeset may be partially applied. It is still expected that the caller will call ofoverlayremove to clean up this partial state. However,...

5.7AI score0.00199EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/05/08 3:16 p.m.10 views

CVE-2026-43373

In the Linux kernel, the following vulnerability has been resolved: net: ncsi: fix skb leak in error paths Early return paths in NCSI RX and AEN handlers fail to release the received skb, resulting in a memory leak. Specifically, ncsiaenhandler returns on invalid AEN packets without consuming the...

7.5CVSS5.8AI score0.00501EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-43128

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RDMA/umem: Fix double dmabufunpin in failure path In ibumemdmabufgetpinnedwithdmadevice, the call to ibumemdmabufmappages can fail. If this occurs, the dmabuf i...

7.8CVSS7AI score0.00139EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.14 views

PT-2026-34612

Name of the Vulnerable Software and Affected Versions Nuclei versions 3.0.0 through 3.7.9 Description A flaw in the expression evaluation engine allows a malicious target server to inject and execute supported Domain Specific Language DSL expressions. This occurs when HTTP response data containin...

5.3CVSS5.8AI score0.00344EPSS
Exploits0References14
OSV
OSV
added 2026/04/18 12:55 a.m.2 views

GHSA-H39G-6X3C-7FQ9 Zio has SubFileSystem Path Confinement Bypass via Unresolved `..` Segment

Summary SubFileSystem fails to confine operations to its declared sub path when the input path is /../ or equivalents /../, /..\. This path passes all validation but resolves to the root of the parent filesystem, allowing directory level operations outside the intended boundary. Affected Componen...

3.8CVSS5.7AI score
Exploits0References4
EUVD
EUVD
added 2026/04/15 3:31 p.m.6 views

EUVD-2026-22839

Deadwood in MaraDNS 3.5.0036 allows attackers to exhaust connection slots via a zone whose authoritative nameserver address cannot be resolved...

7.5CVSS5.8AI score0.00375EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/04/15 9:44 a.m.4 views

CVE-2026-40719

A flaw was found in MaraDNS. A remote attacker can exploit this vulnerability by providing a specially crafted DNS zone file where the authoritative nameserver address cannot be resolved. This can lead to the exhaustion of connection slots, resulting in a Denial of Service DoS for legitimate user...

7.5CVSS5.8AI score0.00375EPSS
Exploits0References2
Rows per page
Query Builder