Lucene search
K

4517 matches found

Patchstack
Patchstack
added 2026/06/16 1:47 p.m.12 views

NPM: Nuxt: URL-handling weaknesses in `navigateTo` and `reloadNuxtApp`: SSR open redirect, client-side script execution via the `open` option, and protocol-relative bypass in `reloadNuxtApp`

NPM: Nuxt: URL-handling weaknesses in navigateTo and reloadNuxtApp: SSR open redirect, client-side script execution via the open option, and protocol-relative bypass in reloadNuxtApp vulnerability discovered by ? in WordPress Npm nuxt versions 3.21.7...

6.1CVSS6AI score0.00205EPSS
Exploits0References10Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/15 7:15 p.m.11 views

Security Bulletin: IBM Sterling Connect:Direct Web Services is Affected by Multiple Vulnerabilities.

Summary spring-boot-3.5.13.jar is used by IBM Sterling Connect:Direct Web Services CVE-2026-40973, CVE-2026-40975, CVE-2026-40977. Vulnerability Details CVEID:CVE-2026-40973 DESCRIPTION: A local attacker on the same host as the application may be able to take control of the directory used by...

8.2CVSS5.5AI score0.00312EPSS
Exploits0Affected Software1
SUSE CVE
SUSE CVE
added 2026/06/13 2:21 a.m.16 views

SUSE CVE-2026-34181

Issue Summary: The PKCS12 file processing fails to perform sufficient input validation for files that use Password-Based Message Authentication Code 1 PBMAC1 integrity mechanism allowing a certificate and private key forgery. Impact Summary: An attacker impersonating a user can cause a service...

3.1CVSS5.5AI score0.00196EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/12 6:3 p.m.38 views

CVE-2026-28742 Naxclow IoT Platform Use of hard-coded cryptographic key

Naxclow devices use a uniform request-signing scheme based on a hard-coded, platform-wide salt embedded in every firmware image. Once this salt is recovered from any device, an attacker can generate valid signatures for arbitrary device or account operations due to the absence of per-device keys,...

9.8CVSS0.0033EPSS
Exploits0References2
NVD
NVD
added 2026/06/12 4:16 p.m.16 views

CVE-2026-50087

The Aqara IAM/SSO gateway gw-builder.aqara.com exhibits a cross-origin request sharing vulnerability, which is an instance of "CWE-942: Permissive Cross-domain Policy with Untrusted Domains," and has an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N 8.2 High...

8.2CVSS0.00192EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2026/06/11 5:46 p.m.19 views

New Attacks Trick OpenClaw AI Agent Into Running Code and Leaking Secrets

Two security teams have shown, in separate research published this week, that OpenClaw, the popular self-hosted AI agent, can be driven to run attacker-controlled code or hand over sensitive data through ordinary-looking inputs. Imperva buried instructions inside shared contacts, vCards, and...

5.7AI score
Exploits0
RedHat Linux
RedHat Linux
added 2026/06/11 1:40 p.m.9 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS7.7AI score0.00728EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/06/11 5:3 a.m.10 views

CVE-2026-40994 Wss4jSecurityInterceptor disables WS-I BSP validation by default

Wss4jSecurityInterceptor initialized its BSP WS-I Basic Security Profile compliance flag so that inbound validation disabled WSS4J BSP enforcement on RequestData. Services that validate WS-Security on the network could therefore accept messages that violate BSP rules, weakening protocol-level...

8.2CVSS5.3AI score0.00229EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/06/10 1:39 p.m.13 views

Go Restful API Boilerplate: Hardcoded JWT Secret "random" Allows Token Forgery

Vulnerability: CWE-798 — Hardcoded JWT Secret + Broken Mitigation Affected Component - github.com/dhax/go-base — Go REST API boilerplate go-chi/jwtauth/v5, Viper, PostgreSQL/Bun - 1,685 stars on GitHub Vulnerability Locations | File | Line | Role | |------|------|------| | dev.env | 10 |...

5.7AI score0.00055EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.13 views

Roxy-WI 安全漏洞

Roxy-WI is an open-source web interface designed for managing Haproxy, Nginx, and Keepalived servers. Roxy-WI versions 8.2.6.4 and earlier contain security vulnerabilities. These vulnerabilities stem from the PUT /smon/check endpoint, which only verifies that the caller belongs to a certain group...

9.1CVSS5.3AI score0.00196EPSS
Exploits0References2
CVE
CVE
added 2026/06/09 11:47 p.m.101 views

CVE-2026-41696

Spring Data MongoDB CVE-2026-41696 affects multiple versions (5.0.0–5.0.5; 4.5.0–4.5.11; 4.4.0–4.4.14; 4.3.0–4.3.16; 4.2.0–4.2.15; 4.1.0–4.1.14; 4.0.0–4.0.15; 3.4.0–3.4.19). The issue is insufficient validation of bound parameters in repository query methods annotated with @Query that use regex b...

5.9CVSS5.5AI score0.00262EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/09 8:59 p.m.13 views

CVE-2026-48488

phpMyFAQ is an open source FAQ web application. Prior to version 4.1.4, attachment passwords are hashed using SHA-1, a cryptographically broken algorithm. SHA-1 has been vulnerable to collision attacks since 2017 SHAttered. Version 4.1.4 fixes the issue...

6.9CVSS5.3AI score0.00182EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 6:4 p.m.62 views

CVE-2026-40639

Dell Client Platform BIOS contains a Weak Encoding for Password vulnerability (CVE-2026-40639). Affected software: Dell Client Platform BIOS. Root cause: weak encoding for password storage/verification. Impact: unauthenticated attacker with physical access could achieve Elevation of Privileges, w...

5.7CVSS5.4AI score0.00119EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 5:5 p.m.11 views

EUVD-2026-35562

No cwe for this issue in Windows DHCP Server allows an unauthorized attacker to perform tampering over a network...

9.1CVSS5.4AI score0.00366EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/09 11:19 a.m.12 views

node-forge: Forge: Signature Forgery via Weak RSASSA PKCS#1 v1.5 Verification

A flaw was found in Forge also called node-forge, a JavaScript implementation of Transport Layer Security. A remote attacker could exploit weaknesses in the RSASSA PKCS1 v1.5 signature verification process. By crafting malicious signatures that include extra data within the ASN structure and do n...

7.5CVSS5.4AI score0.00339EPSS
Exploits0References8
Debian CVE
Debian CVE
added 2026/06/09 3:49 a.m.11 views

CVE-2026-41838

IDs for WebSocket sessions in the spring-websocket module are not cryptographically unpredictable, which may be possible to exploit in combination with inadequate authorization rules. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 throug...

7.5CVSS5.4AI score0.00171EPSS
Exploits0
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.12 views

WordPress plugin WP Emoticon Rating 跨站请求伪造漏洞

WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the functionality of WordPress. The WP Emoticon Rating plugin has a cross-site reques...

6.1CVSS5.8AI score0.0012EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.16 views

PT-2026-47823

Name of the Vulnerable Software and Affected Versions NETGEAR JR6150 affected versions not specified Description Insufficient input validation allows users connected to local WiFi networks to execute operating system commands. This issue was identified through firmware emulation in a controlled...

8CVSS5.8AI score0.00289EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.11 views

PT-2026-47538

SAP Business Objects Business Intelligence Platform does not sufficiently validate email sending parameters supplied by authenticated users, resulting in an email spoofing vulnerability.This vulnerability has a low impact on integrity and does not affect the confidentiality and availability of th...

4.3CVSS5.5AI score0.00109EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.13 views

OpenSSL 安全漏洞

OpenSSL is an open-source encryption library developed by the OpenSSL team that enables secure implementation of Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. This product supports various encryption algorithms, including symmetric ciphers, hash algorithms, and secure...

7.5CVSS5.4AI score0.0032EPSS
Exploits0References1
Rows per page
Query Builder