Lucene search
+L

3753 matches found

CVE
CVE
added yesterday12 views

CVE-2026-16158

Affected component: @fastify/reply-from. Versions 8.3.1 up to, but not including, 12.6.4 construct an internal URL cache key by concatenating destination and source paths without a delimiter, enabling cross-upstream data access when getUpstream selects an upstream from request data. This can caus...

8.7CVSS5.3AI score
Exploits0References2
Nuclei
Nuclei
added yesterday30 views

iboss Secure Web Gateway - Stored Cross-Site Scripting

A cross-site scripting vulnerability has been found in iboss Secure Web Gateway up to version 10.1. The vulnerability affects the /login file of the Login Portal component, where manipulation of the redirectUrl parameter leads to cross-site scripting. The attack can be launched remotely and the...

6.1CVSS3.8AI score0.22002EPSS
Exploits4References5
Nuclei
Nuclei
added yesterday15 views

WordPress Calls to Action <=2.4.3 - Authenticated Reflected XSS

Calls to Action plugin before 2.5.1 for WordPress contains stored XSS caused by unsanitized input in open-tab parameter in wp-admin/edit.php and wp-cta-variation-id parameter in ab-testing-call-to-action-example/, letting remote attackers inject arbitrary web script or HTML, exploit requires...

6.1CVSS6.2AI score0.02645EPSS
Exploits3References5
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-60935

Impact: @fastify/reply-from versions from 8.3.1 up to but not including 12.6.4 build the internal URL cache key by concatenating the destination and source path without a delimiter. Different destination and source pairs can therefore produce the same key while resolving to different upstream URL...

8.7CVSS5.3AI score
Exploits0References2
EUVD
EUVD
added 2 days ago11 views

EUVD-2026-45154

Improper Handling of Insufficient Privileges vulnerability in Apache Accumulo. An authenticated, but low-privileged user without system permissions may issue a remote command to gracefully shutdown system components compaction-coordinator, compactor, gc, manager, monitor, tserver, or sserver,...

5.7CVSS5.4AI score0.00295EPSS
Exploits0References4
CVE
CVE
added 3 days ago12 views

CVE-2026-15737

CVE-2026-15737 affects the AWS Bedrock AgentCore Python SDK. Unintended logging of sensitive user content occurs in the OpenTelemetry instrumentation for SDK versions 1.4.8 and 1.5.0, where raw user prompts and complete agent responses were written into OpenTelemetry span attributes on every invo...

5.7CVSS6.1AI score0.00216EPSS
Exploits0References3
OSV
OSV
added 4 days ago5 views

JLSEC-2026-772 A vulnerability has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this issue is the...

A vulnerability has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this issue is the function GDSDfldsrch of the file frmts/hdf4/hdf-eos/GDapi.c of the component Grid File Handler. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit h...

5.5CVSS5.5AI score0.00258EPSS
Exploits1References11
Snyk
Snyk
added 4 days ago2 views

Missing Release of Memory after Effective Lifetime

Overview Magick.NET-Q8-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

7.5CVSS5.4AI score0.00187EPSS
Exploits0References2
NVD
NVD
added 5 days ago3 views

CVE-2026-15702

A security vulnerability has been detected in tamagui up to 2.3.0. This affects the function updateConfig of the file code/core/web/src/config.ts. Such manipulation leads to improperly controlled modification of object prototype attributes. The attack may be performed from remote. Upgrading to...

6.5CVSS0.00337EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 5 days ago6 views

CVE-2026-48815

A flaw was found in sigstore. The certificateOIDs option, intended to restrict which certificates can sign artifacts, is accepted by the public application programming interface API but is not used during the verification process. This allows unauthorized certificates to be accepted, bypassing...

7.5CVSS6AI score0.0019EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 5 days ago9 views

CVE-2026-48758

A flaw was found in the @sigstore/core component. The preAuthEncoding function incorrectly uses Node.js 'ascii' encoding when converting Pre-Authentication Encoding PAE strings to bytes. This encoding truncates Unicode characters to their low byte, allowing an attacker to substitute characters in...

5.4CVSS6AI score0.00264EPSS
Exploits0References4
Cvelist
Cvelist
added 5 days ago30 views

CVE-2026-49488 Apache OpenMeetings: Arbitrary File Read

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache OpenMeetings. This issue affects Apache OpenMeetings: from 5.0.0 before 9.1.0. An attacker with moderator rights in any room can read arbitrary files accessible to the OS account running the OM...

0.00733EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago28 views

CVE-2026-58319 Apache Doris: Improper Authentication in Frontend HTTP API

Certain Apache Doris FE HTTP REST administrative APIs were accessible without proper authentication. An unauthenticated attacker with network access to the FE HTTP service could perform unauthorized administrative operations, potentially affecting cluster integrity and availability and leading to...

0.00614EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 5 days ago8 views

PT-2026-60107

Name of the Vulnerable Software and Affected Versions n8n-mcp versions prior to 2.57.4 Description In multi-tenant HTTP mode, an authenticated tenant can access local default-scope workflow versions backups instead of being restricted to their own tenant scope. This issue allows an authenticated...

4.2CVSS6.1AI score0.00281EPSS
Exploits0References9
IBM Security Bulletins
IBM Security Bulletins
added 6 days ago8 views

Security Bulletin: Vulnerability in follow-redirects bundled with IBM Fusion and IBM Fusion HCI

Summary IBM Fusion and IBM Fusion HCI include the follow-redirects library, which is affected by an information exposure vulnerability. CVE-2026-40895 Vulnerability Details CVEID:CVE-2026-40895 DESCRIPTION: follow-redirects is an open source, drop-in replacement for Node's http and https modules...

7.5CVSS7AI score0.00486EPSS
Exploits0Affected Software2
CVE
CVE
added 6 days ago13 views

CVE-2026-15525

CVE-2026-15525 affects the kLOsk adloop package up to version 0.9.0. The vulnerability is in the function _validate_urls in src/adloop/ads/write.py, where manipulating the argument final_url can trigger a server-side request forgery (SSRF). The issue can be exploited remotely and the exploit is p...

6.5CVSS6.4AI score0.00214EPSS
Exploits0References8
OSV
OSV
added 6 days ago4 views

CVE-2026-15522 tugcantopaloglu godot-mcp run_project index.js validatePath path traversal

A security flaw has been discovered in tugcantopaloglu godot-mcp 2.0.0. Affected by this vulnerability is the function validatePath of the file build/index.js of the component runproject. The manipulation of the argument projectPath results in path traversal. Attacking locally is a requirement. T...

4.8CVSS5.8AI score0.00137EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 6 days ago8 views

Linux Distros Unpatched Vulnerability : CVE-2026-54919

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. In affected Mbed TLS backend versions from 0.31.0 through 0.46.1 and wolfSSL...

7.4CVSS6.9AI score0.00264EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 6 days ago10 views

PT-2026-57679

URL path injection via unencoded user-supplied identifiers vulnerability in Apache Gravitino. This issue affects Apache Gravitino: from 1.0.0 before 1.2.1. Users are recommended to upgrade to version 1.2.1, which fixes the issue...

9.1CVSS6.1AI score0.00592EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 6 days ago7 views

PT-2026-60047

Impact read character string and read string in src/zeroconf/ protocol/incoming.py sliced self.dataself.offset : self.offset + length and advanced self.offset by the declared length without checking it against self. data len. Python's slice silently returns fewer bytes when the end index runs pas...

6.5CVSS6.1AI score0.00318EPSS
Exploits0References8
Rows per page
Query Builder