Lucene search
K

3393 matches found

Nuclei
Nuclei
added 10 hours ago57 views

Edito CMS - Sensitive Data Leak

Web services managed by Edito CMS Content Management System in versions from 3.5 through 3.25 leak sensitive data as they allow downloading configuration files by an unauthorized user. id: CVE-2024-4836 info: name: Edito CMS - Sensitive Data Leak author: s4e-io severity: high description: | Web...

7.5CVSS6.1AI score0.02651EPSS
Exploits0References3
Nuclei
Nuclei
added 10 hours ago131 views

SAP BusinessObjects Business Intelligence Platform - Blind Server-Side Request Forgery

SAP BusinessObjects Business Intelligence Platform Web Services 410, 420, and 430 is susceptible to blind server-side request forgery. An attacker can inject arbitrary values as CMS parameters to perform lookups on the internal network, which is otherwise not accessible externally. On successful...

5.3CVSS6.6AI score0.61736EPSS
Exploits3References5
EUVD
EUVD
added 14 hours ago7 views

EUVD-2026-43249

A flaw has been found in Helicone ai-gateway up to 0.2.0-beta.30. This affects the function buildtargeturl of the file ai-gateway/src/dispatcher/service.rs of the component AWS Metadata Service. Executing a manipulation of the argument extractedpathandquery can lead to server-side request forgery...

6.5CVSS6.3AI score
Exploits0References6
Nuclei
Nuclei
added 2 days ago60 views

Cisco ASA/FTD Software - Cross-Site Scripting

Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software are vulnerable to cross-site scripting and could allow an unauthenticated, remote attacker to conduct attacks against a user of the web services interface of an affected device. The vulnerabilities are...

6.1CVSS7AI score0.85439EPSS
Exploits2
NVD
NVD
added 4 days ago6 views

CVE-2026-53961

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, the AWS SES bounce webhook at POST /webhooks/aws verified that SNS messages were signed by Amazon but did not bind them to trusted TopicArn values, allowing any AWS account holder to publish...

6.5CVSS0.00221EPSS
Exploits0References9
Cvelist
Cvelist
added 4 days ago29 views

CVE-2026-53961 Discourse: Forged AWS SNS bounce notifications can disable a targeted user's email (missing TopicArn binding)

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, the AWS SES bounce webhook at POST /webhooks/aws verified that SNS messages were signed by Amazon but did not bind them to trusted TopicArn values, allowing any AWS account holder to publish...

6.5CVSS0.00221EPSS
Exploits0References9
CVE
CVE
added 4 days ago8 views

CVE-2026-53961

CVE-2026-53961 concerns Discourse, an open-source discussion platform. Prior to the fixed versions, the AWS SES bounce webhook at POST /webhooks/aws did not bind SNS-signed messages to trusted TopicArn values, enabling any AWS account holder to publish forged Bounce notifications that revoke a ta...

6.5CVSS6AI score0.00221EPSS
Exploits0References9
Chainguard
Chainguard
added 4 days ago8 views

GHSA-MG7H-Q7HW-M596 vulnerabilities

Vulnerabilities for packages: linux-aws...

5.9AI score
Exploits0
NVD
NVD
added 5 days ago8 views

CVE-2026-35552

In CAXperts UPVWebServices 2.4.2212.603 through 2.7.6 and UDiTH Portal 2026.0.0 through 2026.2.0, an authenticated remote user can invoke an administrative API endpoint intended for privileged users. Due to missing authorization checks, this allows the attacker to deactivate the application's...

8.1CVSS0.00276EPSS
Exploits0References2
CVE
CVE
added 5 days ago20 views

CVE-2026-54783

CoreWCF (Net Core port of WCF) has an XML Signature Wrapping vulnerability in WS-Security endorsing/signature verification prior to v1.8.1 and v1.9.1, where the ds:Signature may not cover the expected Security header target. An attacker who captures a signed SOAP envelope can replay arbitrary ser...

7.4CVSS6AI score0.00143EPSS
Exploits0References6
Cvelist
Cvelist
added 5 days ago32 views

CVE-2026-54773 CoreWCF: WS-Security signature substitution via document-wide Signature lookup

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF WS-Security signature verification performs a document-wide ds:Signature lookup, allowing an unauthenticated remote attacker to place a SOAP header before wsse:Security an...

5.9CVSS0.00238EPSS
Exploits0References6
CVE
CVE
added 5 days ago18 views

CVE-2026-54773

CoreWCF WS-Security signature substitution vulnerability: prior to versions 1.8.1 and 1.9.1, WS-Security verification performs a document-wide ds:Signature lookup, allowing an unauthenticated remote attacker to place a SOAP header before wsse:Security and cause attacker-supplied ds:Signature to b...

5.9CVSS6AI score0.00238EPSS
Exploits0References6
NVD
NVD
added 5 days ago5 views

CVE-2026-58501

Zeep is a Python SOAP client. From 4.0.0 before 4.3.3, Settings.forbidexternal is defined but not enforced when parsing WSDL or XSD documents, allowing transitive xsd:import, xsd:include, wsdl:import, and lxml entity or DTD references to fetch attacker-chosen HTTP or HTTPS URLs. This issue is fix...

5.9CVSS0.00252EPSS
Exploits0References3
Chainguard
Chainguard
added 5 days ago6 views

GHSA-QHPR-79XW-32M8 vulnerabilities

Vulnerabilities for packages: linux-qemu-melange, linux-aws, linux-qemu, linux-gcp, linux-azure, linux-vmware...

6.1AI score
Exploits0
Chainguard
Chainguard
added 5 days ago5 views

GHSA-Q6QM-26CH-2W94 vulnerabilities

Vulnerabilities for packages: linux-qemu-melange, linux-aws, linux-qemu, linux-gcp, linux-azure, linux-vmware...

6.1AI score
Exploits0
Chainguard
Chainguard
added 5 days ago7 views

GHSA-J962-FX34-5263 vulnerabilities

Vulnerabilities for packages: linux-qemu-melange, linux-aws, linux-qemu, linux-gcp, linux-azure, linux-vmware...

6.1AI score
Exploits0
Chainguard
Chainguard
added 5 days ago5 views

GHSA-GM9P-3W2C-C6QG vulnerabilities

Vulnerabilities for packages: linux-qemu-melange, linux-aws, linux-qemu, linux-gcp, linux-azure, linux-vmware...

6.1AI score
Exploits0
Chainguard
Chainguard
added 5 days ago6 views

GHSA-HFRJ-R4V7-3997 vulnerabilities

Vulnerabilities for packages: linux-qemu-melange, linux-aws, linux-qemu, linux-gcp, linux-azure, linux-vmware...

6.1AI score
Exploits0
Chainguard
Chainguard
added 5 days ago7 views

GHSA-JPVF-6235-4RH8 vulnerabilities

Vulnerabilities for packages: linux-qemu-melange, linux-aws, linux-qemu, linux-gcp, linux-azure, linux-vmware...

6.1AI score
Exploits0
Chainguard
Chainguard
added 5 days ago6 views

GHSA-F3Q5-7M6P-4QXQ vulnerabilities

Vulnerabilities for packages: linux-qemu-melange, linux-aws, linux-qemu, linux-gcp, linux-azure, linux-vmware...

6.1AI score
Exploits0
Rows per page
Query Builder