Lucene search
+L

109236 matches found

OSV
OSV
added 3 days ago4 views

CVE-2026-61451 Grav before 1.0.4 Password Reset Token Poisoning via admin_base_url

The Grav API plugin grav-plugin-api before 1.0.4 does not validate the origin of the client-supplied adminbaseurl field in the POST /api/v1/auth/forgot-password endpoint. The sanitizeHttpUrl function only checks that the URL scheme is http/https and never verifies the host against the server's ow...

9.4CVSS6.2AI score0.00244EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 3 days ago4 views

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

7.5CVSS6.7AI score0.01945EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 3 days ago4 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS7AI score0.00728EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 3 days ago6 views

Important: Red Hat Security Advisory: Red Hat OpenStack Services on OpenShift 18.0 (golang-github-openstack-k8s-operators-os-diff) security update

An update for golang-github-openstack-k8s-operators-os-diff is now available for Red Hat OpenStack Services on OpenShift 18.0 Antelope. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a...

8.8CVSS6.8AI score0.01945EPSS
Exploits2References11
NVD
NVD
added 3 days ago9 views

CVE-2026-15583

A confused-deputy flaw in Grafana MCP Server allows an unauthenticated remote attacker to exfiltrate the server's environment-configured Grafana service-account token by supplying a crafted X-Grafana-URL request header. This also enables SSRF against arbitrary internal services, including cloud...

8.6CVSS0.00312EPSS
Exploits1References1
CVE
CVE
added 3 days ago22 views

CVE-2026-15583

Grafana MCP Server is affected by CVE-2026-15583, a confusion-deputy vulnerability that allows an unauthenticated remote attacker to exfiltrate the server’s Grafana service-account token and perform SSRF via a crafted X-Grafana-URL header. The flaw enables targeting internal services, including c...

8.6CVSS6.2AI score0.00312EPSS
Exploits1References1
Cvelist
Cvelist
added 3 days ago39 views

CVE-2026-15583 SSRF (confused deputy) in Grafana MCP Server via X-Grafana-URL header

A confused-deputy flaw in Grafana MCP Server allows an unauthenticated remote attacker to exfiltrate the server's environment-configured Grafana service-account token by supplying a crafted X-Grafana-URL request header. This also enables SSRF against arbitrary internal services, including cloud...

8.6CVSS0.00312EPSS
Exploits1References1
Circl
Circl
added 3 days ago8 views

CVE-2026-35152

creationtimestamp| type| source ---|---|--- 2026-07-15 06:55:57+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mqo5cffab52h 2026-07-15 13:12:52+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqoseeru4y2c 2026-07-16 10:37:06+00:00| seen|...

8.8CVSS6.1AI score0.03492EPSS
Exploits0References3
Circl
Circl
added 3 days ago8 views

CVE-2026-8920

creationtimestamp| type| source ---|---|--- 2026-07-15 04:19:37+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqnukuc5ul22 2026-07-15 16:45:06+00:00| seen| https://www.acn.gov.it/portale/w/risolte-vulnerabilita-in-prodotti-asus-1...

8.5CVSS6.1AI score0.0009EPSS
Exploits0References2
Circl
Circl
added 3 days ago7 views

CVE-2026-15029

creationtimestamp| type| source ---|---|--- 2026-07-15 04:09:36+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqntywrdti2u 2026-07-15 16:45:15+00:00| seen| https://www.acn.gov.it/portale/w/risolte-vulnerabilita-in-prodotti-asus-1...

8.4CVSS6.1AI score0.00118EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-44515

A weakness has been identified in mastergo-design mastergo-magic-mcp up to 0.2.0. Impacted is the function z.string of the file src/tools/get-component-link.ts of the component mcpgetComponentLink. Executing a manipulation of the argument url can lead to server-side request forgery. The attack ma...

7.5CVSS6.3AI score0.00227EPSS
Exploits0References7
Circl
Circl
added 3 days ago7 views

CVE-2026-15752

creationtimestamp| type| source ---|---|--- 2026-07-15 00:09:57+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqngmfzazt24...

7.5CVSS7AI score0.00297EPSS
Exploits0References1
Circl
Circl
added 3 days ago7 views

CVE-2026-5270

creationtimestamp| type| source ---|---|--- 2026-07-15 00:04:42+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqngczzwyz2x 2026-07-15 13:38:06+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqotriltvq2p...

9.8CVSS6.1AI score0.00452EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 3 days ago5 views

RHEL 9 : Red Hat OpenStack Services on OpenShift 18.0 (golang-github-openstack-k8s-operators-os-diff) (RHSA-2026:39810)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:39810 advisory. Security Fixes: net/url: Memory exhaustion in query parameter parsing in net/url CVE-2025-61726 golang: Denial of Service due to excessive...

8.8CVSS6.9AI score0.01945EPSS
Exploits2References22
Circl
Circl
added 4 days ago6 views

CVE-2026-36035

creationtimestamp| type| source ---|---|--- 2026-07-14 23:54:34+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqnfqvwm4q27...

6.5CVSS6.1AI score0.00293EPSS
Exploits0References1
Circl
Circl
added 4 days ago5 views

CVE-2026-48337

creationtimestamp| type| source ---|---|--- 2026-07-14 23:01:37+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mqncs7pxyz2c...

7.8CVSS6.1AI score0.00138EPSS
Exploits0References1
Circl
Circl
added 4 days ago5 views

CVE-2026-15774

creationtimestamp| type| source ---|---|--- 2026-07-14 22:59:40+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqncoq3d3f2g 2026-07-15 23:42:46+00:00| seen| https://infosec.exchange/users/vuldb/statuses/116926641968349809 2026-07-16 04:45:29+00:00| seen|...

8.3CVSS4.8AI score0.00221EPSS
Exploits0References4
NVD
NVD
added 4 days ago6 views

CVE-2026-48287

CAI Content Credentials is affected by an Untrusted Search Path vulnerability that could result in arbitrary code execution in the context of the current user. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue requires user interaction in that a victim must...

7.4CVSS0.00139EPSS
Exploits0References1
NVD
NVD
added 4 days ago4 views

CVE-2026-15750

A weakness has been identified in mastergo-design mastergo-magic-mcp up to 0.2.0. Impacted is the function z.string of the file src/tools/get-component-link.ts of the component mcpgetComponentLink. Executing a manipulation of the argument url can lead to server-side request forgery. The attack ma...

7.5CVSS0.00227EPSS
Exploits0References6
Circl
Circl
added 4 days ago4 views

CVE-2026-54052

creationtimestamp| type| source ---|---|--- 2026-07-14 22:08:05+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqn7siy2dj2q 2026-07-15 22:00:44+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mqppubmqtj2w 2026-07-16 00:34:33+00:00| seen|...

9.9CVSS6.1AI score0.00389EPSS
Exploits0References5
Rows per page
Query Builder