Lucene search
K

162562 matches found

Vulnrichment
Vulnrichment
added 2026/06/03 3:6 p.m.11 views

CVE-2026-6657 CORS Origin Validation Bypass in jupyter-server

A vulnerability in jupyter-server versions 1.12.0 through 2.17.0 allows an attacker to bypass CORS origin validation when the alloworiginpat configuration is used. The issue arises from the use of re.match for validating the Origin header, which only anchors at the start of the string. This allow...

6.1CVSS6AI score0.00134EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/03 3:6 p.m.14 views

EUVD-2026-34104

A vulnerability in jupyter-server versions 1.12.0 through 2.17.0 allows an attacker to bypass CORS origin validation when the alloworiginpat configuration is used. The issue arises from the use of re.match for validating the Origin header, which only anchors at the start of the string. This allow...

6.1CVSS6.6AI score0.00134EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/06/03 3:6 p.m.5 views

CVE-2026-6657

A vulnerability in jupyter-server versions 1.12.0 through 2.17.0 allows an attacker to bypass CORS origin validation when the alloworiginpat configuration is used. The issue arises from the use of re.match for validating the Origin header, which only anchors at the start of the string. This allow...

6.1CVSS6.6AI score0.00134EPSS
Exploits1References2
CVE
CVE
added 2026/06/03 3:6 p.m.24 views

CVE-2026-6657

A vulnerability in jupyter-server versions 1.12.0 through 2.17.0 allows an attacker to bypass CORS origin validation when the alloworiginpat configuration is used. The issue arises from the use of re.match for validating the Origin header, which only anchors at the start of the string. This allow...

8.8CVSS6.6AI score0.00134EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/06/03 3:6 p.m.43 views

CVE-2026-6657 CORS Origin Validation Bypass in jupyter-server

A vulnerability in jupyter-server versions 1.12.0 through 2.17.0 allows an attacker to bypass CORS origin validation when the alloworiginpat configuration is used. The issue arises from the use of re.match for validating the Origin header, which only anchors at the start of the string. This allow...

6.1CVSS0.00134EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2026/06/03 2:28 p.m.8 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS5.8AI score0.00728EPSS
Exploits0References8
NVD
NVD
added 2026/06/03 2:16 p.m.14 views

CVE-2026-37460

Missing input validation in the rfapiRibBi2Ri function rfapirib.c of FRRouting FRR stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service DoS via supplying a crafted BGP UPDATE message...

7.5CVSS0.00335EPSS
Exploits0References3
OSV
OSV
added 2026/06/03 2:16 p.m.5 views

DEBIAN-CVE-2026-37460

Missing input validation in the rfapiRibBi2Ri function rfapirib.c of FRRouting FRR stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service DoS via supplying a crafted BGP UPDATE message...

7.5CVSS5.5AI score0.00335EPSS
Exploits0References1
NVD
NVD
added 2026/06/03 2:16 p.m.13 views

CVE-2025-70101

An out-of-bounds read in the ext4extbinsearchidx function in src/ext4extent.c of the lwext4 1.0.0 library allows attackers to cause a denial of service by supplying a specially crafted ext4 filesystem image. The vulnerability occurs due to insufficient validation of extent header fields before...

6.5CVSS0.0028EPSS
Exploits1References4
OSV
OSV
added 2026/06/03 2:16 p.m.6 views

UBUNTU-CVE-2026-37460

Missing input validation in the rfapiRibBi2Ri function rfapirib.c of FRRouting FRR stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service DoS via supplying a crafted BGP UPDATE message...

7.5CVSS5.2AI score0.00335EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2026/06/03 2:14 p.m.78 views

Exploit for Improper Input Validation in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

No d...

10CVSS7AI score0.99999EPSS
Exploits347
Snyk
Snyk
added 2026/06/03 1:41 p.m.12 views

CRLF Injection

Overview laravel/framework is a PHP framework for web artisans. Affected versions of this package are vulnerable to CRLF Injection in the validateEmail function, and Address.php, which are used by the default email rule. An attacker can modify outbound email contents by injecting malicious string...

6.9CVSS5.5AI score0.00048EPSS
Exploits0References2
OSV
OSV
added 2026/06/03 1:30 p.m.8 views

HSEC-2026-0008 crypton-x509-validation and crypton-x509 do not enforce X.509 Name Constraints

crypton-x509-validation and crypton-x509 do not enforce X.509 Name Constraints The crypton-x509-validation and crypton-x509 libraries did not enforce the X.509 Name Constraints extension during certificate validation. The Name Constraints extension is a critical X.509 extension that restricts the...

9.1CVSS5.9AI score0.00223EPSS
Exploits0References2
NVD
NVD
added 2026/06/03 1:16 p.m.14 views

CVE-2026-35082

The ugw-logread method allows a remote attacker with user privileges to access arbitrary local files due to insufficient validation of user-supplied input...

8.8CVSS0.00494EPSS
Exploits0References1
NVD
NVD
added 2026/06/03 1:16 p.m.14 views

CVE-2026-35079

The ugw-restore method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input...

8.1CVSS0.0037EPSS
Exploits0References1
NVD
NVD
added 2026/06/03 1:16 p.m.18 views

CVE-2026-35080

The ugw-restoreinfo method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input...

8.1CVSS0.0037EPSS
Exploits0References1
NVD
NVD
added 2026/06/03 1:16 p.m.20 views

CVE-2026-35081

The ugw-logstop method allows a remote attacker with user privileges to terminate arbitrary processes due to insufficient validation of user-supplied input...

8.1CVSS0.0037EPSS
Exploits0References1
NVD
NVD
added 2026/06/03 1:16 p.m.23 views

CVE-2026-35076

The bac-scanresult method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input...

8.1CVSS0.0037EPSS
Exploits0References1
NVD
NVD
added 2026/06/03 1:16 p.m.16 views

CVE-2026-35078

The ugw-logstop method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input...

8.1CVSS0.0037EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/03 12:19 p.m.9 views

CVE-2026-42789

A flaw was found in Erlang OTP's publickey module. This vulnerability CWE-295, related to improper certificate validation, allows a non-Certificate Authority CA certificate to be accepted as an intermediate issuer. A remote attacker, holding an end-entity certificate issued by a trusted CA, can...

8CVSS5.8AI score0.00322EPSS
Exploits0References9
Rows per page
Query Builder