Lucene search
+L

31 matches found

EUVD
EUVD
added 2026/07/07 9:18 a.m.9 views

EUVD-2026-42028

The Bulk Variables API in Apache Airflow called the redactor without passing the variable's key, so the key-based shouldhidevalueforkey check which triggers on secret-suffixed key names like password / token / secret could not fire for JSON-decodable variable values. An authenticated UI/API user...

6.5CVSS6AI score0.00664EPSS
Exploits0References2
OSV
OSV
added 2026/06/19 1:18 p.m.3 views

CVE-2026-49871 Apache APISIX: cas-auth login CSRF / session injection issue

Cross-Site Request Forgery CSRF vulnerability in the cas-auth plugin under default configurations. This defect allows a remote attacker that manages to send a victim to a webpage controlled by them can cause the victim's browser to become authenticated as a different identity. Actions the victim...

2.1CVSS7.2AI score0.00261EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/19 1:17 p.m.8 views

CVE-2026-47341

Authentication Bypass by Capture-replay vulnerability in Apache APISIX. Attacker can benefit from certain configurations in hmac-auth to re-use a token forever, bypassing expiry. This issue affects Apache APISIX: from 3.11.0 through 3.16.0. Users are recommended to upgrade to version 3.17.0, whic...

6.3CVSS5.8AI score0.0043EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/19 1:10 p.m.12 views

EUVD-2026-38015

Incorrect Authorization vulnerability in Apache APISIX. An attacker can capitalise on authz-casdoor plugin under default configuration to authenticate themselves with credentials from a different source. This issue affects Apache APISIX: from 2.14.1 through 3.16.0. Users are recommended to upgrad...

5.3CVSS5.9AI score0.00285EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/03 2:39 p.m.10 views

Security Bulletin: A vulnerability has been identified in IBM DevOps Plan that allows a Host Header Injection attack due to improper handling of the Host header in HTTP requests. (CVE-2026-4096)

Summary A vulnerability has been identified in IBM DevOps Plan that allows a Host Header Injection attack due to improper handling of the Host header in HTTP requests. Version 3.0.7 addresses the vulnerability. Vulnerability Details CVEID:CVE-2026-4096 DESCRIPTION: IBM DevOps Plan is vulnerable t...

6.5CVSS5.7AI score0.00149EPSS
Exploits0Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 8:45 p.m.10 views

CVE-2026-10291

A security vulnerability has been detected in Enderfga claw-orchestrator up to 3.7.0. The impacted element is the function validateRegex of the file claw-orchestrator/src/embedded-server.ts of the component Session Grep Endpoint. The manipulation of the argument body.pattern leads to inefficient...

5.3CVSS5.4AI score0.00354EPSS
Exploits0References10Affected Software1
EUVD
EUVD
added 2026/05/26 8:15 p.m.16 views

EUVD-2026-31986

A vulnerability was determined in JeecgBoot up to 3.9.1. The affected element is the function LoginController.selectDepart of the file /sys/selectDepart. This manipulation causes improper access controls. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and m...

7.5CVSS6.7AI score0.00291EPSS
Exploits0References7
OSV
OSV
added 2026/05/07 6:30 p.m.7 views

CVE-2026-8084 OSGeo gdal HDF-EOS Grid File SWapi.c memmove out-of-bounds

A vulnerability was determined in OSGeo gdal up to 3.13.0dev-4. This vulnerability affects the function memmove of the file frmts/hdf4/hdf-eos/SWapi.c of the component HDF-EOS Grid File Handler. This manipulation causes out-of-bounds read. The attack is restricted to local execution. The exploit...

4.8CVSS5.4AI score0.00264EPSS
Exploits1References11
ATTACKERKB
ATTACKERKB
added 2026/04/30 10:0 p.m.2 views

CVE-2026-7505

A flaw has been found in nextlevelbuilder GoClaw and GoClaw Lite up to 3.8.5. This affects an unknown function of the component RPC Handler. This manipulation causes improper authorization. The attack may be initiated remotely. The exploit has been published and may be used. Upgrading to version...

7.5CVSS5AI score0.00381EPSS
Exploits0References8Affected Software2
ATTACKERKB
ATTACKERKB
added 2026/04/14 8:6 a.m.5 views

CVE-2026-31908

Header injection vulnerability in Apache APISIX. The attacker can take advantage of certain configuration in forward-auth plugin to inject malicious headers. This issue affects Apache APISIX: from 2.12.0 through 3.15.0. Users are recommended to upgrade to version 3.16.0, which fixes the issue...

5.8AI score0.00521EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/04/14 8:6 a.m.29 views

CVE-2026-31908 Apache APISIX: forward auth plugin allows header injection

Header injection vulnerability in Apache APISIX. The attacker can take advantage of certain configuration in forward-auth plugin to inject malicious headers. This issue affects Apache APISIX: from 2.12.0 through 3.15.0. Users are recommended to upgrade to version 3.16.0, which fixes the issue...

0.00521EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/14 8:6 a.m.3 views

CVE-2026-31908 Apache APISIX: forward auth plugin allows header injection

Header injection vulnerability in Apache APISIX. The attacker can take advantage of certain configuration in forward-auth plugin to inject malicious headers. This issue affects Apache APISIX: from 2.12.0 through 3.15.0. Users are recommended to upgrade to version 3.16.0, which fixes the issue...

5.8AI score0.00521EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.6 views

PT-2026-32601

Header injection vulnerability in Apache APISIX. The attacker can take advantage of certain configuration in forward-auth plugin to inject malicious headers. This issue affects Apache APISIX: from 2.12.0 through 3.15.0. Users are recommended to upgrade to version 3.16.0, which fixes the issue...

9.1CVSS5.8AI score0.00521EPSS
Exploits1References5
CVE
CVE
added 2026/03/23 11:38 p.m.19 views

CVE-2026-33250

CVE-2026-33250 affects Freeciv21. Versions prior to 3.1.1 crash with a stack overflow when processing specially-crafted packets, enabling remote servers to crash public servers and potentially crash players’ games locally. Mitigation across advisories shows upgrading to newer releases: Freeciv21 ...

7.5CVSS5.9AI score0.00821EPSS
Exploits0References4
Snyk
Snyk
added 2026/01/26 6:57 p.m.6 views

Improper Control of Dynamically-Managed Code Resources

Overview vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Improper Control of Dynamically-Managed Code Resources due to the unsafe usage of the .call with globalPromise.prototype.then callback function. An...

10CVSS6.2AI score0.01222EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/01/26 9:44 a.m.3 views

CVE-2025-27821 HDFS native client: Out of bounds write in URI parser of native HDFS client

Out-of-bounds Write vulnerability in Apache Hadoop HDFS native client. This issue affects Apache Hadoop: from 3.2.0 before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue...

5.8AI score0.00862EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2025/12/23 4:4 a.m.4 views

SUSE CVE-2025-14607

A vulnerability was detected in OFFIS DCMTK up to 3.6.9. Affected by this issue is the function DcmByteString::makeDicomByteString of the file dcmdata/libsrc/dcbytstr.cc of the component dcmdata. The manipulation results in memory corruption. The attack can be launched remotely. Upgrading to...

6.5CVSS6.3AI score0.00237EPSS
Exploits0References3
Snyk
Snyk
added 2025/12/17 8:38 p.m.3 views

Use of a Broken or Risky Cryptographic Algorithm

Overview Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm when storing encrypted data keys in an instruction file. An attacker with write access to the S3 bucket can manipulate encrypted data keys to cause decryption to unintended plaintext by...

6CVSS6.7AI score0.00097EPSS
Exploits0References2
CVE
CVE
added 2025/12/13 1:2 p.m.34 views

CVE-2025-14607

OFFIS DCMTK vulnerability CVE-2025-14607 affects DCMTK up to 3.6.9, specifically the DcmByteString::makeDicomByteString function in dcmdata. This memory corruption can be triggered remotely via crafted DICOM datasets. Affected versions are DCMTK 3.6.x up to 3.6.9; remediation is to upgrade to DCM...

6.5CVSS6.4AI score0.00237EPSS
Exploits0References7
Cvelist
Cvelist
added 2025/10/21 3:2 p.m.15 views

CVE-2022-4981 DCMTK dcmqrscp dcmqrcnf.cc readPeerList null pointer dereference

A vulnerability was detected in DCMTK up to 3.6.7. The impacted element is the function DcmQueryRetrieveConfig::readPeerList of the file /dcmqrcnf.cc of the component dcmqrscp. The manipulation results in null pointer dereference. The attack needs to be approached locally. The exploit is now publ...

4.8CVSS0.00252EPSS
Exploits1References5
Rows per page
Query Builder