Lucene search
K

197 matches found

CBLMariner
CBLMariner
added 2026/05/30 3:37 a.m.10 views

CVE-2026-42506 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4

CVE-2026-42506 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4. A patched version of the package is available...

6.1CVSS5.8AI score0.00188EPSS
Exploits0
CBLMariner
CBLMariner
added 2026/05/30 3:37 a.m.10 views

CVE-2026-27136 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4

CVE-2026-27136 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4. A patched version of the package is available...

6.1CVSS5.8AI score0.00178EPSS
Exploits0
OSV
OSV
added 2026/05/27 7:58 p.m.7 views

GHSA-RW47-HM26-6WR7 CrowdSec AppSec silently drops request body for chunked / HTTP-2 requests

Summary The CrowdSec AppSec component fails to read the HTTP request body for any request whose Content-Length is not positive — most notably HTTP/1.1 requests using Transfer-Encoding: chunked and HTTP/2 requests sent without a content-length header. Coraza is then evaluated against an empty body...

7.2CVSS5.9AI score0.00038EPSS
Exploits0References2
NVD
NVD
added 2026/05/14 9:16 p.m.18 views

CVE-2026-44429

The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.7, the public catalogue UI served at GET / file internal/api/handlers/v0/uiindex.html is vulnerable to stored cross-site scripting via the server.websiteUrl field of any published...

5.4CVSS0.00167EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/14 9:5 p.m.35 views

CVE-2026-44429 MCP Registry: Stored XSS in catalogue UI via attribute-quote breakout in publisher-controlled `websiteUrl`

The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.7, the public catalogue UI served at GET / file internal/api/handlers/v0/uiindex.html is vulnerable to stored cross-site scripting via the server.websiteUrl field of any published...

5.1CVSS0.00167EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/14 9:2 p.m.14 views

CVE-2026-44430

The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.7, the Registry's HTTP-based namespace verification POST /v0/auth/http, POST /v0.1/auth/http uses safeDialContext internal/api/handlers/v0/auth/http.go:67-110 to refuse dialling...

6.3CVSS5.9AI score0.00285EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2026/03/25 5:16 p.m.8 views

CVE-2026-25351

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in skygroup MyMedi mymedi allows Reflected XSS.This issue affects MyMedi: from n/a through 1.7.7...

7.1CVSS0.0018EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.7 views

PT-2026-27912

Name of the Vulnerable Software and Affected Versions MyMedi versions prior to 1.7.7 Description The software contains a flaw due to improper neutralization of input during web page generation, leading to a Reflected Cross-Site Scripting XSS condition. This allows an attacker to inject malicious...

7.1CVSS5.9AI score0.0018EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/13 9:31 p.m.3 views

EUVD-2026-11935

Path Traversal: '.../...//' vulnerability in Bogdan Bendziukov Squeeze squeeze allows Path Traversal.This issue affects Squeeze: from n/a through = 1.7.7...

5.8AI score0.00253EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/13 11:42 a.m.27 views

CVE-2026-32415 WordPress Squeeze plugin <= 1.7.7 - Directory Traversal vulnerability

Path Traversal: '.../...//' vulnerability in Bogdan Bendziukov Squeeze squeeze allows Path Traversal.This issue affects Squeeze: from n/a through = 1.7.7...

5CVSS0.00253EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/13 11:42 a.m.4 views

CVE-2026-32415

Path Traversal: '.../...//' vulnerability in Bogdan Bendziukov Squeeze squeeze allows Path Traversal.This issue affects Squeeze: from n/a through = 1.7.7...

5.8AI score0.00253EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/13 12:0 a.m.6 views

WordPress plugin Squeeze 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5CVSS5.8AI score0.00253EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/13 12:0 a.m.2 views

PT-2026-25261

CVE-2026-32415 Path Traversal: '.../...//' vulnerability in Bogdan Bendziukov Squeeze squeeze allows Path Traversal.This issue affects Squeeze: from n/a through = 1.7.7. https://t.co/9xPZ6ZNdS9...

5.8AI score0.00253EPSS
Exploits0References3
CBLMariner
CBLMariner
added 2026/03/10 10:56 p.m.2 views

CVE-2025-47911 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-3

CVE-2025-47911 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-3. A patched version of the package is available...

5.3CVSS5.8AI score0.00502EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/10 2:8 p.m.5 views

CVE-2026-3814

A security flaw has been discovered in UTT HiPER 810G up to 1.7.7-1711. Affected by this issue is the function strcpy of the file /goform/getOneApConfTempEntry. Performing a manipulation results in buffer overflow. It is possible to initiate the attack remotely. The exploit has been released to t...

9CVSS6AI score0.00772EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/09 12:31 p.m.5 views

EUVD-2026-10323

A weakness has been identified in UTT HiPER 810G up to 1.7.7-1711. This affects the function strcpy of the file /goform/formApMail. Executing a manipulation can lead to buffer overflow. It is possible to launch the attack remotely. The exploit has been made available to the public and could be us...

9CVSS7.6AI score0.00787EPSS
Exploits1References5
EUVD
EUVD
added 2026/03/09 12:31 p.m.5 views

EUVD-2026-10322

A weakness has been identified in UTT HiPER 810G up to 1.7.7-1711. This affects the function strcpy of the file /goform/formApMail. Executing a manipulation can lead to buffer overflow. It is possible to launch the attack remotely. The exploit has been made available to the public and could be us...

9CVSS7.6AI score0.00787EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/03/09 10:32 a.m.39 views

CVE-2026-3815 UTT HiPER 810G formApMail strcpy buffer overflow

A weakness has been identified in UTT HiPER 810G up to 1.7.7-1711. This affects the function strcpy of the file /goform/formApMail. Executing a manipulation can lead to buffer overflow. It is possible to launch the attack remotely. The exploit has been made available to the public and could be us...

9CVSS0.00787EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/03/09 10:2 a.m.3 views

CVE-2026-3814 UTT HiPER 810G getOneApConfTempEntry strcpy buffer overflow

A security flaw has been discovered in UTT HiPER 810G up to 1.7.7-1711. Affected by this issue is the function strcpy of the file /goform/getOneApConfTempEntry. Performing a manipulation results in buffer overflow. It is possible to initiate the attack remotely. The exploit has been released to t...

9CVSS6AI score0.00772EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/03/09 10:2 a.m.39 views

CVE-2026-3814 UTT HiPER 810G getOneApConfTempEntry strcpy buffer overflow

A security flaw has been discovered in UTT HiPER 810G up to 1.7.7-1711. Affected by this issue is the function strcpy of the file /goform/getOneApConfTempEntry. Performing a manipulation results in buffer overflow. It is possible to initiate the attack remotely. The exploit has been released to t...

9CVSS0.00772EPSS
Exploits1References4
Rows per page
Query Builder