Lucene search
K

740 matches found

NVD
NVD
added yesterday8 views

CVE-2026-15525

A vulnerability was detected in kLOsk adloop up to 0.9.0. This vulnerability affects the function validateurls of the file src/adloop/ads/write.py. Performing a manipulation of the argument finalurl results in server-side request forgery. The attack may be initiated remotely. The exploit is now...

6.5CVSS0.00214EPSS
Exploits0References8
Cvelist
Cvelist
added last week28 views

CVE-2026-55076 Coder's OIDC email_verified type coercion bypass enables account takeover via unverified email linking

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, Coder's OIDC callback checked emailverified with a direct Go bool type assertion. When an IdP returned the claim as a non-boolean for example the string...

7.4CVSS0.00479EPSS
Exploits0References7
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/03 11:41 p.m.4 views

Security Bulletin: IBM Cloud Pak System is vulnerable to HTML injection[CVE-2023-38007].

Summary IBM Cloud Pak System is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. Vulnerability was addressed in IBM Cloud Pak System. Vulnerability...

5.4CVSS6.2AI score0.00212EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/01 9:30 p.m.9 views

Security Bulletin: Nomad vulnerable to arbitrary file read/write on client host through symlink attack

Summary HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink attack. This vulnerability CVE-2026-6959 is fixed in Nomad 2.0.1, 1.11.5 and 1.10.11. Vulnerability Details CVEID:CVE-2026-695...

6CVSS5.9AI score0.00169EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/06/30 11:16 a.m.6 views

UBUNTU-CVE-2026-52760

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache ActiveMQ, Apache ActiveMQ Web Console. The browse page in the web console renders a message Id directly without sanitization. This allows an authenticated producer to send a message with a J...

6.1CVSS5.7AI score0.00667EPSS
Exploits0References3
OSV
OSV
added 2026/06/29 11:50 a.m.8 views

PYSEC-2026-388 LiteLLM: Authentication Bypass via Host Header Injection

Impact A Host-header parsing flaw in the LiteLLM proxy could, under specific conditions, allow unauthenticated access to protected management routes. The auth layer derived the effective route from request.url.path in litellm/proxy/auth/authutils.py::getrequestroute, which Starlette reconstructs...

9.5CVSS5.8AI score0.00559EPSS
Exploits1References6
OSV
OSV
added 2026/06/19 2:21 p.m.10 views

GHSA-P88M-4JFJ-68FV undici vulnerable to HTTP header injection via Set-Cookie percent-decoding

Impact undici's cookie parser in parseSetCookie percent-decodes cookie values via qsUnescape, turning encoded sequences like %0D%0A, %00, %3B, and %3D into their literal byte equivalents. RFC 6265 §5.4 does not specify any decoding and browsers do not decode either. Applications that parse a...

5.9CVSS6AI score0.00257EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.12 views

PT-2026-49592

Name of the Vulnerable Software and Affected Versions AIOHTTP versions prior to 3.14.1 Description During cleanup, a compressed request body can be decompressed into memory in a single chunk. An attacker may send a compressed payload in specific situations that could be decompressed into memory,...

8.7CVSS5.8AI score0.00279EPSS
Exploits0References12
RedHat Linux
RedHat Linux
added 2026/06/04 3:15 p.m.10 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.13.67 security and extras update

Red Hat OpenShift Container Platform release 4.13.67 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of Low...

9.1CVSS6.7AI score0.01557EPSS
Exploits1References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/03 6:36 a.m.7 views

Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is affected by remote code execution

Summary IBM WebSphere Application Server shipped with Jazz for Service Management JazzSM is affected by remote code execution CVE-2026-9311, CVE-2026-9330 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products...

9CVSS6.4AI score0.00508EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/26 7:32 a.m.21 views

Security Bulletin: Vulnerability in IBM WebSphere Application (CVE-2026-1561) affects IBM PowerVM Novalink.

Summary IBM WebSphere Libery Profile is used by IBM PowerVM Novalink. IBM PowerVM Novalink has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2026-1561 DESCRIPTION: IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is...

5.4CVSS7.3AI score0.00284EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2026/05/22 10:34 p.m.13 views

EUVD-2026-31520

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Versions 10.9.5 and earlier, as well as 11.0.0-alpha.1 through 11.14.0, are vulnerable to HTML injection under the default configuration. Specifically, the classDef directive in Mermaid state...

5.3CVSS5.6AI score0.00401EPSS
Exploits0References3
CBLMariner
CBLMariner
added 2026/05/18 8:36 p.m.14 views

CVE-2026-6472 affecting package postgresql for versions less than 16.14-1

CVE-2026-6472 affecting package postgresql for versions less than 16.14-1. An upgraded version of the package is available that resolves this issue...

5.4CVSS5.8AI score0.00159EPSS
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2026/05/11 12:0 a.m.9 views

Spring Office Hours Podcast: S5E15 - Upgrading Spring and OSS Security

Join Dan Vega and DaShaun Carter for the latest updates from the Spring Ecosystem. In this episode, Dan and DaShaun tackle two challenges every Spring developer faces: keeping applications up to date and staying ahead of security vulnerabilities in open source dependencies. They explore how AI...

5.8AI score
Exploits0
CBLMariner
CBLMariner
added 2026/05/03 8:52 p.m.7 views

CVE-2026-31454 affecting package kernel for versions less than 6.6.134.1-2

CVE-2026-31454 affecting package kernel for versions less than 6.6.134.1-2. An upgraded version of the package is available that resolves this issue...

7.8CVSS5.8AI score0.00126EPSS
Exploits0
CBLMariner
CBLMariner
added 2026/05/03 8:52 p.m.7 views

CVE-2026-31664 affecting package kernel for versions less than 6.6.137.1-1

CVE-2026-31664 affecting package kernel for versions less than 6.6.137.1-1. An upgraded version of the package is available that resolves this issue...

5.5CVSS5.8AI score0.00114EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/03 12:0 a.m.13 views

PT-2026-36706

Name of the Vulnerable Software and Affected Versions toeverything AFFiNE versions prior to 0.26.4 Description An authorization bypass exists in the Public Markdown Preview Endpoint. A remote attacker can manipulate the allowDocPreview function within the '/workspace/:workspaceId/:docId' endpoint...

6.9CVSS6.1AI score0.00314EPSS
Exploits0References6
CVE
CVE
added 2026/04/30 11:17 p.m.16 views

CVE-2026-22726

The CVE-2026-22726 describes a Route Services firewall bypass in Cloud Foundry: a route-service could be abused by a user with Cloud Foundry access to forward app traffic to internal HTTP services reachable by the Gorouter, bypassing configured egress rules. Affected routing release versions are ...

5CVSS5.3AI score0.00199EPSS
Exploits0References1Affected Software2
Snyk
Snyk
added 2026/04/22 2:31 p.m.6 views

Incorrect Authorization

Overview @saltcorn/server is a Server app for Saltcorn, open-source no-code platform Affected versions of this package are vulnerable to Incorrect Authorization through the role context evaluation process. An attacker can gain unauthorized administrative privileges on the root domain by...

8.7CVSS5.5AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/15 12:0 a.m.9 views

PT-2026-33214

Name of the Vulnerable Software and Affected Versions Thymeleaf versions prior to 3.1.4.RELEASE Description A security bypass exists in the expression execution mechanisms. The library fails to properly restrict the scope of accessible objects, which allows specific sensitive objects to be reache...

9CVSS6AI score0.00862EPSS
Exploits0References7
Rows per page
Query Builder