Lucene search
K

161917 matches found

CVE
CVE
added yesterday34 views

CVE-2026-47737

CVE-2026-47737 affects the Puma Ruby/Rack web server. From 5.5.0 up to 7.2.1 and 8.0.2, it is vulnerable to source IP spoofing when set_remote_address proxy_protocol: :v1 is enabled and persistent connections are used. Puma re-parses PROXY protocol headers after each keep-alive on the same connec...

7.5CVSS6.1AI score0.00015EPSS
Exploits0References7
CVE
CVE
added yesterday140 views

CVE-2026-48069

@grpc/grpc-js (pure JavaScript implementation) is affected by a crash when processing an invalid incoming compressed message. Affected versions: prior to 1.9.16, 1.10.12, 1.11.4, 1.12.7, 1.13.5, and 1.14.4. Fixed in 1.9.16, 1.10.12, 1.11.4, 1.12.7, 1.13.5, and 1.14.4. Remediation: upgrade to the ...

7.5CVSS6.1AI score0.00052EPSS
Exploits0References13
CVE
CVE
added yesterday40 views

CVE-2026-47428

Vitest browser mode is affected by an XSS in which the otelCarrier query parameter is inserted directly into an inline script. Affected versions are 4.0.17 through 4.1.6 and 5.0.0-beta.3; this can allow an attacker to craft a browser-runner URL to execute arbitrary JavaScript in the Vitest server...

9.6CVSS6.3AI score0.0005EPSS
Exploits0References7
CVE
CVE
added yesterday36 views

CVE-2026-48038

Joi (JavaScript) vulnerability CVE-2026-48038: In versions prior to 17.13.4 and 18.2.1, validation of deeply nested user input via recursive link() schemas can trigger an unhandled RangeError when validate() runs without try/catch, potentially crashing the process. Fixed in 17.13.4 and 18.2.1. CV...

5.3CVSS6.1AI score0.00039EPSS
Exploits0References4
CVE
CVE
added yesterday18 views

CVE-2026-48489

CVE-2026-48489 (Symfony) : A logic flaw in the DefaultAuthenticationFailureHandler with failure_forward enabled allowed an unauthenticated login failure to dispatch a subrequest to access_control-protected GET routes, bypassing firewall listeners. This affected Symfony versions prior to 5.4.53, 6...

8.7CVSS6.1AI score0.00058EPSS
Exploits0References5
CVE
CVE
added yesterday21 views

CVE-2026-48760

Symfony HtmlSanitizer/UrlSanitizer::parse() had an underinclusive denial for BiDi formatting characters and Unicode whitespace, allowing percent-encoded BiDi marks to bypass the check. The issue affects UrlSanitizer::parse() behavior from Symfony 6.1.0 up to 6.4.41, 7.4.13, and 8.0.13, where raw ...

5.3CVSS6.1AI score0.00025EPSS
Exploits0References5
CVE
CVE
added yesterday25 views

CVE-2026-45305

Summary of CVE-2026-45305 (Symfony YAML Parser ReDoS) Symfony’s YAML handling (Symfony\Component\Yaml\Parser::cleanup) can hang parsing crafted input due to the use of overlapping quantifiers in regular expressions for YAML directive, comment, and document marker cleanup. This is a client-side pa...

8.7CVSS6.1AI score0.00076EPSS
Exploits0References6
CVE
CVE
added yesterday50 views

CVE-2026-45073

Symfony uses a PdoAdapter::doClear() that builds a DELETE with a namespace-derived prefix not bound or escaped, allowing an attacker-controlled prefix to escape the LIKE literal and alter deletion scope. A fix is included in Symfony versions 5.4.52, 6.4.40, 7.4.12, and 8.0.12. Affected component:...

6.3CVSS6.1AI score0.00062EPSS
Exploits0References6
EUVD
EUVD
added yesterday11 views

EUVD-2026-36132

Fedify has an incomplete SSRF mitigation after GHSA-p9cg-vqcc-grcx: validatePublicUrl allows special-use IPv4 ranges...

8.6CVSS6.1AI score0.00269EPSS
Exploits1References2
Microsoft Security Update
Microsoft Security Update
added yesterday2 views

2026-07 Security and Quality Rollup for .NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 for x64 (KB5102204)

2026-07 Security and Quality Rollup for .NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 for x64 KB5102204...

6.1AI score
Exploits0
OSV
OSV
added yesterday5 views

BIT-PROMETHEUS-2026-42154 Prometheus: remote read endpoint allows denial of service via crafted snappy payload

Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the remote read endpoint /api/v1/read does not validate the declared decoded length in a snappy-compressed request body before allocating memory. An unauthenticated attacker can send a sma...

7.5CVSS5.8AI score0.00761EPSS
Exploits0References18
OSV
OSV
added yesterday7 views

ROOT-APP-PYPI-CVE-2026-22701 CVE-2026-22701 in rootio-filelock - Patched by Root

Root has patched CVE-2026-22701 in the rootio-filelock package for Root:PyPI. Multiple fixed versions available...

5.3CVSS5.4AI score0.00115EPSS
Exploits0
OSV
OSV
added yesterday7 views

ROOT-APP-PYPI-CVE-2025-68146 CVE-2025-68146 in rootio-filelock - Patched by Root

Root has patched CVE-2025-68146 in the rootio-filelock package for Root:PyPI. Multiple fixed versions available...

6.3CVSS5.4AI score0.00184EPSS
Exploits1
CVE
CVE
added yesterday15 views

CVE-2026-59840

Fortinet FortiOS (7.6.0–7.6.2, 7.4.0–7.4.8, 7.2 all) and FortiProxy (7.6.0–7.6.5, 7.4.0–7.4.13, 7.2 all) are affected by a buffer over-read that may lead to information disclosure. Root cause described as a buffer over-read affecting multiple Fortinet products; the exact attack vector is not spec...

4.3CVSS6.1AI score
Exploits0References1
CVE
CVE
added yesterday17 views

CVE-2026-59839

CVE-2026-59839 describes a path traversal vulnerability: improper limitation of a pathname to a restricted directory in Fortinet products, affecting FortiOS (versions 7.6.0–7.6.6, 7.4.0–7.4.9, 7.2.x, 7.0.x, 6.4.x), FortiPAM (1.8.0 down to 1.0, all 1.x releases), and FortiProxy (7.6.0–7.6.5, 7.4–7...

5.5CVSS6.2AI score
Exploits0References1
CVE
CVE
added yesterday7 views

CVE-2026-59836

CVE-2026-59836 describes an improper certificate validation in Fortinet FortiClientEMS affecting FortiClientEMS 7.4.3–7.4.5, 7.4.0–7.4.1, and all 7.2 versions. The underlying issue is certificate validation failure, leading to information disclosure. The documents do not provide a concrete exploi...

7.5CVSS6.1AI score
Exploits0References1
CVE
CVE
added yesterday16 views

CVE-2025-53379

Fortinet FortiAuthenticator is affected by CVE-2025-53379, an out-of-bounds read vulnerability in FortiAuthenticator 6.6.0–6.6.2 and all 6.5 versions. A remote unauthenticated attacker could potentially retrieve sensitive information via a specially crafted request. The CVSSv3.1 vector is NETWORK...

7.5CVSS6.1AI score
Exploits0References1
Cvelist
Cvelist
added yesterday9 views

CVE-2026-55954 Missing ID token claim validation in ueberauth_apple allows account takeover

Authentication Bypass by Spoofing vulnerability in ueberauth ueberauthapple allows account takeover via unvalidated ID token claims. The Ueberauth.Strategy.Apple.Token.payload/2 function verifies the JWT signature of the callback idtoken against Apple's JWKS but does not validate any registered...

9.1CVSS
Exploits0References4
CVE
CVE
added yesterday7 views

CVE-2026-55954

CVE-2026-55954 affects ueberauth_apple (v0.1.0 up to but not including v0.6.2). The root cause is lack of validation for registered ID token claims (iss, aud, exp, iat) in Ueberauth.Strategy.Apple.Token.payload/2; the code uses the unvalidated sub to derive the user uid and email. An attacker who...

9.1CVSS6.1AI score
Exploits0References4
CVE
CVE
added yesterday15 views

CVE-2026-15265

Tenable Agent 11.2.0 and 11.1.3 and lower are affected by a path traversal vulnerability that lets a privileged attacker write arbitrary files outside the intended plugin directory, potentially enabling remote code execution. The CVSS metrics indicate a network-accessible issue with high impact o...

9.4CVSS6.3AI score
Exploits0References1
Rows per page
Query Builder