Lucene search
K

3385 matches found

CVE
CVE
added 2026/06/22 5:18 p.m.28 views

CVE-2026-54288

The CVE-2026-54288 issue affects the Hono Web framework prior to version 4.12.25, where the Body Limit Middleware trusts the request Content-Length header. On AWS Lambda environments (API Gateway v1/v2, ALB, VPC Lattice, and Lambda@Edge), the body is fully buffered and the adapter builds the requ...

6.5CVSS5.8AI score0.00103EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/22 5:18 p.m.33 views

CVE-2026-54288 Hono: Body Limit Middleware can be bypassed on AWS Lambda by understating `Content-Length`

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, the Body Limit Middleware trusts the request's Content-Length header to decide whether a body is within the limit. On AWS Lambda API Gateway v1/v2, ALB, VPC Lattice, and Lambda@Edge the body is...

6.5CVSS0.00103EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/22 5:13 p.m.4 views

CVE-2026-54287

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, on AWS Lambda, the ALB single-header response and the VPC Lattice v2 response join multiple Set-Cookie headers into one comma-separated value. Because commas also appear inside cookie attribute...

5.3CVSS5.9AI score0.00186EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/22 5:13 p.m.33 views

CVE-2026-54287 Hono: AWS Lambda adapter merges multiple `Set-Cookie` headers into one value, dropping cookies on ALB single-header and Lattice

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, on AWS Lambda, the ALB single-header response and the VPC Lattice v2 response join multiple Set-Cookie headers into one comma-separated value. Because commas also appear inside cookie attribute...

5.3CVSS0.00186EPSS
Exploits0References1
NVD
NVD
added 2026/06/22 4:16 p.m.7 views

CVE-2026-10845

IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to bypass authentication and gain unauthorized access to JAX-WS applications...

7.3CVSS0.00337EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/22 2:43 p.m.7 views

EUVD-2026-38288

IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to bypass authentication and gain unauthorized access to JAX-WS applications...

7.3CVSS5.9AI score0.00337EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/22 2:43 p.m.52 views

CVE-2026-10845 IBM WebSphere Application Server is affected by an authentication bypass vulnerability

IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to bypass authentication and gain unauthorized access to JAX-WS applications...

0.00337EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.12 views

PT-2026-51325

Name of the Vulnerable Software and Affected Versions IBM WebSphere Application Server version 8.5 IBM WebSphere Application Server version 9.0 Description A remote attacker could bypass authentication to gain unauthorized access to JAX-WS applications. JAX-WS Java API for XML Web Services is a...

7.3CVSS5.8AI score0.00337EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/19 8:47 p.m.7 views

CoreWCF: XML Signature Wrapping in WS-Security endorsing/supporting signature verification allows replay of captured signed messages

Impact The attacker, with one captured signed SOAP envelope from a victim and no other privileges, can invoke arbitrary operations on the service as the victim principal for the lifetime of the captured signing key. There is no rate limit on replays. The DetectReplays setting on transport-securit...

7.4CVSS6AI score0.00143EPSS
Exploits0References2Affected Software1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in Ansible

A flaw was discovered in Ansible’s amazon.aws collection when using the towercallback parameter from the amazon.aws.ec2instance module. This flaw allows an attacker to exploit the issue, as the module handles the parameter insecurely, resulting in the password being leaked in the logs...

7.5CVSS6.8AI score0.00712EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.10 views

PT-2026-51081

Name of the Vulnerable Software and Affected Versions CoreWCF versions prior to 1.9.1 Description CoreWCF SPNEGO SecurityContextToken SCT negotiation can expose the proof key recovered from the RSTR when TransportWithMessageCredential with Windows client credentials and session establishment are...

7.4CVSS5.9AI score0.00175EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.15 views

PT-2026-50900

Name of the Vulnerable Software and Affected Versions containerd versions prior to 2.3.2 containerd versions prior to 2.2.5 containerd versions prior to 2.1.9 containerd versions prior to 2.0.10 containerd versions prior to 1.7.33 Description The CRI checkpoint import process fails to validate...

9.9CVSS6.4AI score0.00354EPSS
Exploits0References43
Cvelist
Cvelist
added 2026/06/18 11:37 p.m.38 views

CVE-2026-12047 pgAdmin 4: HTML injection in cloud verify_credentials / deploy endpoints via unsanitised SDK exception text

HTML injection in pgAdmin 4's cloud deployment module. The verifycredentials, deploy, regions, and update-server endpoints under /rds/, /azure/, /google/, and the top-level /cloud/ blueprint propagated AWS / Azure / Google SDK exception text — and the related file-resolution and database-commit...

4.8CVSS0.00137EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/18 8:32 a.m.24 views

CVE-2025-10560 Hardcoded cloud credentials in Worksnaps client application binaries expose production cloud resources

Worksnaps before version 1.6.20260201 contains hardcoded cloud credentials and related secret material in the Worksnaps client application binaries. The exposed credentials included AWS access keys, S3 bucket names, and related cloud access information. The originally exposed AWS credentials...

9.3CVSS0.00388EPSS
Exploits1References2
CVE
CVE
added 2026/06/18 8:32 a.m.27 views

CVE-2025-10560

The CVE-CWE entry documents a vulnerability in Worksnaps before version 1.6.20260201 where hardcoded cloud credentials and related secret material were embedded in Worksnaps client binaries. The exposed data included AWS access keys and S3 bucket information, and the credentials authenticated as ...

9.3CVSS5.3AI score0.00388EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.22 views

PT-2026-50648

Name of the Vulnerable Software and Affected Versions Worksnaps versions prior to 1.6.20260201 Description The Worksnaps client application binaries contain hardcoded cloud credentials and secret material. These exposed credentials include AWS access keys and S3 bucket names, which authenticated ...

9.3CVSS5.9AI score0.00388EPSS
Exploits1References8
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 9:34 p.m.9 views

Malicious code in disksweep (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5a6449a8f35de848928e7f17d88c87db80e5aee40e8b53c375e07fc7d43cc05e On every import disksweep, the package's top-level src/disksweep/init.py lines 18-24 calls ctypes.CDLL on a 2.9 MB Windows binary parser.pyd shipped...

5.8AI score
Exploits0References5
Veracode
Veracode
added 2026/06/17 11:35 a.m.10 views

Authentication Bypass

Spring Web Services is vulnerable to Authentication Bypass. The vulnerability is due to X509AuthenticationProvider issuing a fully authenticated X509AuthenticationToken based solely on certificate-to-user mapping, without enforcing standard account status checks such as disabled, locked, expired,...

5.4CVSS5.3AI score0.00148EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/06/17 10:40 a.m.9 views

CVE-2026-35267

Vulnerability in the Identity Manager product of Oracle Fusion Middleware component: REST WebServices. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Identity Manager...

8.8CVSS0.00432EPSS
Exploits0References1
Veracode
Veracode
added 2026/06/17 9:37 a.m.9 views

Server-Side Request Forgery (SSRF)

Spring Web Services is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient validation of WS-Addressing ReplyTo and FaultTo headers, where destinations supplied in incoming requests are used directly by configured WebServiceMessageSender instances to initiate...

8.6CVSS5.5AI score0.00383EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder