Lucene search
K

2483 matches found

CVE
CVE
added yesterday7 views

CVE-2026-48206

Apache Camel JIRA: A vulnerability allows an unauthenticated HTTP client to bypass input validation by supplying non-Camel header names (IssueKey, ProjectKey, IssueTransitionId, etc.) that flow into jira: producers. This lets the attacker potentially drive JIRA operations (delete/transition issue...

5.3CVSS6.1AI score0.00161EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday31 views

DATAGERRY - REST API Auth Bypass

Incorrect access control in BECN DATAGERRY v2.2 allows attackers to execute arbitrary commands via crafted web requests. id: CVE-2024-46627 info: name: DATAGERRY - REST API Auth Bypass author: gy741 severity: critical description: | Incorrect access control in BECN DATAGERRY v2.2 allows attackers...

9.1CVSS6.2AI score0.04099EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 5 days ago5 views

react-server-dom-webpack: react-server-dom-parcel: reactreact-server-dom-turbopack: React Server Components: Denial of Service via specially crafted HTTP requests

A flaw was found in React Server Components. A remote attacker can exploit this vulnerability by sending specially crafted HTTP requests to Server Function endpoints. This can lead to a Denial of Service DoS, causing server crashes, out-of-memory exceptions, or excessive CPU usage, thereby...

7.5CVSS7.3AI score0.02499EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 5 days ago5 views

io.quarkus:quarkus-vertx-http: io.quarkus:quarkus-vertx-http: Authorization bypass via semicolons in HTTP requests

A flaw was found in io.quarkus:quarkus-vertx-http. A remote attacker can exploit an authorization bypass vulnerability by including semicolons, also known as matrix parameters, in HTTP requests. This allows bypassing path-based HTTP security policies, enabling unauthorized access to protected...

8.8CVSS6AI score0.00444EPSS
Exploits0References5
NVD
NVD
added last week6 views

CVE-2025-36319

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to cause a temporary denial using a specially crafted HTTP request due to improper allocation of resource throttling...

4.3CVSS0.00422EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.5 views

PT-2026-53959

Name of the Vulnerable Software and Affected Versions IBM Langflow OSS versions 1.0.0 through 1.9.6 Description An authenticated attacker can perform a Server-Side Request Forgery SSRF, which occurs when a server is tricked into making requests to an unintended location. The issue exists because...

8.2CVSS6AI score0.00199EPSS
Exploits0References6
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/26 6:37 p.m.3 views

Security Bulletin: IBM Terracotta is affected by a Micrometer vulnerability that could allow Denial of Service (Dos) attacks

Summary IBM Terracotta uses Micrometer, a popular Java library used in Spring applications, for application monitoring within the product. Vulnerability Details CVEID:CVE-2026-40983 DESCRIPTION: In Micrometer, it is possible for a user to provide specially crafted gRPC requests that may cause a...

7.5CVSS5.8AI score0.00573EPSS
Exploits0Affected Software1
The Hacker News
The Hacker News
added 2026/06/22 4:29 p.m.20 views

29-Year-Old Squid Proxy Bug 'Squidbleed' Can Leak Cleartext HTTP Requests

A heap over-read in the Squid web proxy can leak another user's cleartext HTTP request, including any credentials or session tokens it carries, to anyone already allowed to send traffic through the same proxy. The bug traces to a 1997 FTP-parsing change and is still live in Squid's default...

6.2AI score
Exploits0
NVD
NVD
added 2026/06/19 12:16 a.m.10 views

CVE-2026-40624

Improper input validation in AVer PTC500S, PTC115, PTC500+, and PTC115+ cameras may allow a remote, unauthenticated attacker to achieve arbitrary code execution via a specially crafted web request...

9.8CVSS0.00616EPSS
Exploits0References2
CVE
CVE
added 2026/06/18 11:54 p.m.68 views

CVE-2026-40624

CVE-2026-40624 affects AVer PTC cameras: PTC500S, PTC115, PTC500+, and PTC115+. The advisory states that improper input validation in these devices may allow a remote, unauthenticated attacker to achieve arbitrary code execution via a specially crafted web request. The CVSS metrics indicate a CRI...

9.8CVSS5.8AI score0.00616EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/18 11:54 p.m.7 views

CVE-2026-40624

Improper input validation in AVer PTC500S, PTC115, PTC500+, and PTC115+ cameras may allow a remote, unauthenticated attacker to achieve arbitrary code execution via a specially crafted web request...

9.8CVSS5.8AI score0.00616EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/17 5:7 p.m.13 views

CVE-2026-20265 Insecure Default Domain Allowlist in Splunk AI Toolkit

In Splunk AI Toolkit versions below 5.7.4, a low-privileged user that does not hold the "admin" or "power" Splunk roles could cause the Splunk AI Toolkit to make outbound requests over HTTP to a server that an attacker controls, which could allow for data exfiltration. The vulnerability exists...

4.3CVSS0.00217EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 4:43 a.m.9 views

Malicious code in metrics-probe-77d4 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1d079b30dbb30db1a61acddcd094d2e7e67e7ef466d624e4ad2392edc9d9203e On install, package.json runs postinstall: node run.js. run.js imports os, fs, http, https, and childprocess and at runtime collects host identifiers...

5.7AI score
Exploits0References2
OSV
OSV
added 2026/06/17 4:41 a.m.6 views

MAL-2026-5992 Malicious code in runtime-metrics-w7k2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9c2062a3f2564ced7261d9b8be8a49e11117bd74ffe3e92aad6029c471921e2d Package declares a postinstall hook "postinstall": "node run.js" that fires automatically on npm install. The tarball ships beacon scripts beacon18.j...

5.4AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 4:41 a.m.6 views

Malicious code in npm-sandbox-ping-r9t2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 335649d395a44d7de1bc6343dbce1f0459414ef92ab149413a86b47e28f3c7c3 package.json declares a postinstall hook "postinstall": "node run.js" that auto-executes on install. The package ships beacon scripts beacon14.js,...

5.6AI score
Exploits0References2
NVD
NVD
added 2026/06/16 3:16 a.m.17 views

CVE-2026-7273

A stack-based buffer overflow vulnerability in the CGI program of Zyxel GS1900-48HPv2 firmware versions through 2.90ABTQ.1C0 could allow a LAN-based, unauthenticated attacker to exploit the flaw and potentially execute OS commands via a crafted HTTP request...

8.8CVSS0.00315EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 9:30 p.m.8 views

EUVD-2026-36770

An issue in the loopback request handling component of fossar selfoss v2.20-SNAPSHOT allows attackers to execute arbitrary commands and obtain sensitive information via supplying a crafted HTTP request...

5.7AI score0.0056EPSS
Exploits0References2
NVD
NVD
added 2026/06/15 8:16 p.m.7 views

CVE-2026-50872

An issue in the loopback request handling component of fossar selfoss v2.20-SNAPSHOT allows attackers to execute arbitrary commands and obtain sensitive information via supplying a crafted HTTP request...

9.8CVSS0.0056EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/06/15 5:35 p.m.39 views

Nodemailer jsonTransport bypasses disableFileAccess and disableUrlAccess during message normalization

Summary Nodemailer's disableFileAccess and disableUrlAccess options are intended to prevent message content and attachments from reading local files or fetching URLs. The normal MIME streaming path enforces those options in MimeNode.getStream. However, jsonTransport serializes messages by calling...

5.5AI score
Exploits0References2Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/15 5:15 p.m.14 views

Malicious code in @solana-labs/spl-toke (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 490ce5d7e43d8a79aa85bbd24e7140ed074eee472f375092ab9b4cd650ce41f8 Package name @solana-labs/spl-toke is a one-character omission of the legitimate @solana-labs/spl-token package, abusing the official Solana Labs...

5.3AI score
Exploits0References8
Rows per page
Query Builder