Lucene search
+L

1790 matches found

cve
cve
added yesterday6 views

CVE-2026-55399

CVE-2026-55399 affects the Secure Access publisher prior to version 14.55. It is a resource-exhaustion vulnerability where attackers with valid credentials to the Secure Access tunnel can trigger a non-persistent DoS against the publisher. CVSS v4.0 base score is 5.1 (Medium), with network attack...

5.1CVSS6.1AI score
Exploits0References1
nvd
nvd
added 2 days ago5 views

CVE-2026-45075

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 7.4.12 and 8.0.12, method-scoped IsGranted, IsSignatureValid, and IsCsrfTokenValid attributes can be configured for GET only, but Symfony routes HEAD requests to the GET handler while the...

8.3CVSS0.00511EPSS
Exploits0References3
cvelist
cvelist
added 2 days ago28 views

CVE-2026-13699 Databroker 0.6.1 PublishValue missing data_point panic

In Eclipse KUKSA Databroker version 0.6.1, the kuksa.val.v2.VAL/PublishValue gRPC handler fails to validate the existence of the optional datapoint field in PublishValueRequest. When a request contains a valid signalid but omits datapoint, the server directly calls unwrap on request.datapoint,...

4.3CVSS0.00237EPSS
Exploits0References1
attackerkb
attackerkb
added 2 days ago6 views

CVE-2026-13699

In Eclipse KUKSA Databroker version 0.6.1, the kuksa.val.v2.VAL/PublishValue gRPC handler fails to validate the existence of the optional datapoint field in PublishValueRequest. When a request contains a valid signalid but omits datapoint, the server directly calls unwrap on request.datapoint,...

4.3CVSS6.1AI score0.00237EPSS
Exploits0References2Affected Software1
euvd
euvd
added 2 days ago5 views

EUVD-2026-43634

In Eclipse KUKSA Databroker version 0.6.1, the kuksa.val.v2.VAL/PublishValue gRPC handler fails to validate the existence of the optional datapoint field in PublishValueRequest. When a request contains a valid signalid but omits datapoint, the server directly calls unwrap on request.datapoint,...

6.5CVSS6.1AI score0.00237EPSS
Exploits0References1
cve
cve
added 2 days ago12 views

CVE-2026-13699

CVE-2026-13699 affects Eclipse KUKSA Databroker 0.6.1. The gRPC handler kuksa.val.v2.VAL/PublishValue fails to validate the optional data_point in PublishValueRequest; if signal_id is valid but data_point is omitted, the code dereferences request.data_point (unwrap) and panics in the Tokio worker...

6.5CVSS6.1AI score0.00237EPSS
Exploits0References1Affected Software1
ptsecurity
ptsecurity
added 2 days ago6 views

PT-2026-57985

Name of the Vulnerable Software and Affected Versions Eclipse KUKSA Databroker version 0.6.1 Description The kuksa.val.v2.VAL/PublishValue gRPC handler fails to validate the existence of the optional data point field in PublishValueRequest. If a request includes a valid signal id but omits data...

6.5CVSS6.1AI score0.00237EPSS
Exploits0References3
nvd
nvd
added 4 days ago8 views

CVE-2026-56308

Capgo before 12.128.2 allows email address changes without requiring current password re-authentication or verification of the existing email address. An attacker with access to a valid session cookie or authenticated browser can change the account email to gain control of account recovery and...

8.4CVSS0.00244EPSS
Exploits0References2
nvd
nvd
added 5 days ago6 views

CVE-2026-56240

Capgo before 12.128.12 contains a billing authorization bypass vulnerability in the planvalid calculation that allows organizations with exhausted or expired usage credit grants to bypass billing gates. Attackers can exploit the divergence between the plugin hot-path planvalid expression and the...

5.3CVSS0.00182EPSS
Exploits0References2
euvd
euvd
added 5 days ago7 views

EUVD-2026-43169

Capgo before 12.128.12 contains a billing authorization bypass vulnerability in the planvalid calculation that allows organizations with exhausted or expired usage credit grants to bypass billing gates. Attackers can exploit the divergence between the plugin hot-path planvalid expression and the...

5.3CVSS6.1AI score0.00182EPSS
Exploits0References2
osv
osv
added 5 days ago3 views

CVE-2026-56240 Capgo - Billing Authorization Bypass via Exhausted Usage Credits

Capgo before 12.128.12 contains a billing authorization bypass vulnerability in the planvalid calculation that allows organizations with exhausted or expired usage credit grants to bypass billing gates. Attackers can exploit the divergence between the plugin hot-path planvalid expression and the...

5.3CVSS6.1AI score0.00182EPSS
Exploits0References4
nvd
nvd
added 2026/07/08 8:16 p.m.5 views

CVE-2026-59822

LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. Prior to 1.84.0, LiteLLM's MCP Streamable HTTP endpoint allowed an unauthenticated attacker to use a fabricated Authorization header to trigger an OAuth2 passthrough fallback path that replaced failed LiteLLM key...

8.8CVSS0.00243EPSS
Exploits0References4
debiancve
debiancve
added 2026/07/08 3:23 p.m.5 views

CVE-2026-59874

node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.18, tar.replace accepts a checksum-valid tar header with a negative base-256 encoded entry size, causing the archive scanner to make no progress while repeatedly parsing the same header. This issue is fixed in version 7.5.18...

8.7CVSS5.9AI score0.00358EPSS
Exploits1
vulnrichment
vulnrichment
added 2026/07/07 8:59 p.m.4 views

CVE-2026-49229 Actual: Disabled OpenID users keep access through existing session tokens

Actual is a local-first personal finance app. Prior to 26.6.0, in OpenID multi-user mode, disabling a user only blocks future OpenID login for that identity, while existing Actual session tokens for the disabled user remain valid. The shared session validation path accepts any existing token row...

8.3CVSS6AI score0.00441EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/07/07 5:37 p.m.6 views

CVE-2026-55435

Coder allows organizations to provision remote development environments via Terraform. Starting in version 2.30.0 and prior to versions 2.32.7, 2.33.8, and 2.34.2, AI Bridge proxy endpoints authenticate via Server.IsAuthorized in coderd/aibridgedserver, which validates key format, expiry, secret...

5.4CVSS6AI score0.00315EPSS
Exploits0References8Affected Software1
cvelist
cvelist
added 2026/07/06 7:23 p.m.37 views

CVE-2026-14536

Improper enforcement of a mandatory multi-factor authentication policy in Devolutions Server 2026.2.9.0 allows an attacker with valid user credentials to bypass the MFA Required policy and authenticate without completing multi-factor authentication. The problem occurs when DVLS encounters an...

0.00231EPSS
Exploits0References1
cve
cve
added 2026/07/06 7:23 p.m.15 views

CVE-2026-14536

CVE-2026-14536 affects Devolutions Server 2026.2.9.0. The issue is improper enforcement of a mandatory multi-factor authentication policy, allowing an attacker with valid credentials to bypass MFA and authenticate without completing MFA due to an invalid default MFA value. The available sources d...

8.8CVSS6AI score0.00231EPSS
Exploits0References1Affected Software1
ptsecurity
ptsecurity
added 2026/07/06 12:0 a.m.5 views

PT-2026-55970

Name of the Vulnerable Software and Affected Versions Devolutions Server version 2026.2.9.0 Description Improper enforcement of a mandatory multi-factor authentication policy allows an attacker with valid user credentials to bypass the MFA Required policy and authenticate without completing...

8.8CVSS6.1AI score0.00231EPSS
Exploits0References7
osv
osv
added 2026/07/02 8:30 p.m.3 views

GHSA-J8PH-6FXJ-G533 Steeltoe.Discovery.Eureka: Unrecognized DataCenterInfo.Name poisons entire registry fetch

Summary DataCenterInfo.FromJson throws ArgumentException for any name value other than "MyOwn" or "Amazon", despite the Java Eureka specification defining a third valid value: "Netflix". The exception propagates through the entire registry deserialization chain and is swallowed by the periodic...

7.5CVSS5.8AI score0.00339EPSS
Exploits0References5
cve
cve
added 2026/07/01 11:59 a.m.23 views

CVE-2026-53908

CVE-2026-53908 affects MCO. The vulnerability enables user enumeration via authentication-related functions: username reminder and password reset responses differ for valid vs invalid users, allowing an attacker to discover valid usernames and email addresses. Vulnerable context: confirmed in ver...

6.9CVSS5.8AI score0.00211EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder