Lucene search
K

118 matches found

AlpineLinux
AlpineLinux
added 2026/06/23 5:55 p.m.5 views

CVE-2026-45692

Caddy is an extensible server platform that uses TLS by default. From 2.4.0 until 2.11.3, the authorization layer and the /config traversal layer do not agree on what object the path refers to. In this case, a path authorized for one config object is accepted, but then resolves to a different...

5.4CVSS5.9AI score0.00144EPSS
Exploits1
CVE
CVE
added 2026/06/23 5:52 p.m.8 views

CVE-2026-52845

Summary (CVE-2026-52845): Caddy 2.11.x contains a bypass in forward_auth copy_headers where, prior to 2.11.4, the exact client-supplied header was deleted but HTTP header names are later normalized to CGI variables, allowing an underscore alias to collide with a trusted header in FastCGI backends...

8.1CVSS5.9AI score0.00246EPSS
Exploits1References4Affected Software1
Debian CVE
Debian CVE
added 2026/06/23 5:47 p.m.5 views

CVE-2026-52846

Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, Caddy’s stripHTML template function cannot reliably remove all HTML tags from input strings. Certain malformed HTML, such as img src=x onerror=alert, can bypass the tag-stripping logic, potentially leaving dangerous...

4.2CVSS5.8AI score0.00153EPSS
Exploits1
NVD
NVD
added 2026/06/15 9:16 p.m.5 views

CVE-2026-40762

Unauthenticated SQL Injection in WPGraphQL 2.11.1 versions...

7.5CVSS0.00251EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 9:49 a.m.8 views

CVE-2026-42753

Missing Authorization vulnerability in WC Lovers WCFM Membership wc-multivendor-membership allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCFM Membership: from n/a through = 2.11.10...

7.3CVSS5.8AI score0.00178EPSS
Exploits0References2
OSV
OSV
added 2026/05/27 12:0 a.m.5 views

OPENSUSE-SU-2026:10865-1 beets-2.11.0-1.1 on GA media

These are all security issues fixed in the beets-2.11.0-1.1 package on the GA media of openSUSE Tumbleweed...

6CVSS5.8AI score0.003EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/09 9:32 p.m.21 views

EUVD-2026-28941

A security vulnerability has been detected in aandrew-me tgpt up to 2.11.1 on Linux/macOS. Affected by this vulnerability is the function helper.Update of the file helper.go of the component Update Handler. The manipulation leads to command injection. Local access is required to approach this...

5.3CVSS5.3AI score0.00851EPSS
Exploits0References5
CVE
CVE
added 2026/05/09 7:16 p.m.19 views

CVE-2026-42333

CVE-2026-42333 affects Quarkus OpenAPI Generator. The issue: the generated authentication filter can match OpenAPI path templates too broadly, causing a security scheme for one operation to be applied to a different, similarly-named operation. This can cause bearer tokens, API keys, or basic cred...

6.3CVSS5.7AI score0.004EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/04/09 7:23 p.m.7 views

CVE-2026-39659

Missing Authorization vulnerability in Ultimate Member Ultimate Member ultimate-member allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Member: from n/a through = 2.11.3...

5.9AI score0.00037EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.8 views

PT-2026-28639

Name of the Vulnerable Software and Affected Versions Ultimate Member plugin for WordPress versions through 2.11.2 Description The Ultimate Member plugin for WordPress is susceptible to Sensitive Information Exposure. The issue stems from the 'usermeta:password reset link' template tag being...

8CVSS5.9AI score0.00229EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/03/26 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-27889

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Starting in version 2.2.0 and prior to versions 2.11.14 and...

7.5CVSS6.4AI score0.00582EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/25 8:10 p.m.22 views

CVE-2026-33222 NATS JetStream has an authorization bypass through its Management API

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, users with JetStream admin API access to restore one stream could restore to other stream names, impacting data which should have been protected against them...

4.9CVSS0.00306EPSS
Exploits0References2
CVE
CVE
added 2026/03/25 7:50 p.m.13 views

CVE-2026-33246

CVE-2026-33246 affects the NATS-Server (NATS.io). The issue is that the Nats-Request-Info: header used for identity could be spoofed when a leafnode connects to a nats-server, potentially enabling identity claims to be misrepresented. The root cause is header spoofing in leafnode connections; the...

6.4CVSS5.8AI score0.00143EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/25 7:50 p.m.1 views

CVE-2026-33246 NATS: Leafnode connections allow spoofing of Nats-Request-Info identity headers

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The nats-server offers a Nats-Request-Info: message header, providing information about a request. This is supposed to provide enough information to allow for account/user identification, such that NAT...

6.4CVSS5.9AI score0.00143EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/25 7:50 p.m.1 views

CVE-2026-33246

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The nats-server offers a Nats-Request-Info: message header, providing information about a request. This is supposed to provide enough information to allow for account/user identification, such that NAT...

6.4CVSS5.8AI score0.00143EPSS
Exploits0References3Affected Software1
AlpineLinux
AlpineLinux
added 2026/03/25 7:43 p.m.4 views

CVE-2026-33217

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, when using ACLs on message subjects, these ACLs were not applied in the $MQTT. namespace, allowing MQTT clients to bypass ACL checks for MQTT subjects. Versions...

8.1CVSS5.8AI score0.00259EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/03/25 7:36 p.m.3 views

CVE-2026-27889

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Starting in version 2.2.0 and prior to versions 2.11.14 and 2.12.5, a missing sanity check on a WebSockets frame could trigger a server panic in the nats-server. This happens before authentication, and...

7.5CVSS5.8AI score0.00582EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.6 views

Nats-Server 信任管理问题漏洞

Nats-Server is a high-performance server developed by Nats Open Source, used in Nats.io, cloud, and edge native messaging systems. Versions of Nats-Server prior to 2.11.15 and 2.12.6 contained a trust management vulnerability. This vulnerability stemmed from incorrect enforcement of certain RDN...

4.2CVSS6.4AI score0.00143EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.8 views

Nats-Server 安全漏洞

Nats-Server is a high-performance server developed by Nats Open Source, used in Nats.io, cloud, and edge native messaging systems. There were security vulnerabilities in versions of Nats-Server before 2.11.15 and 2.12.6. These vulnerabilities stemmed from the incorrect classification of MQTT...

8.6CVSS6.4AI score0.00365EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/03/24 9:44 p.m.6 views

NATS allows MQTT clients to bypass ACL checks

Background NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The nats-server provides an MQTT client interface. Problem Description When using ACLs on message subjects, these ACLs were not applied in t...

8.1CVSS5.8AI score0.00259EPSS
Exploits0References4Affected Software2
Rows per page
Query Builder