Lucene search
K

1232017 matches found

NVD
NVD
added 9 minutes ago1 views

CVE-2026-61459

MCP Server Kubernetes before 3.9.0 contains an argument injection vulnerability in structured tools kubectlget, kubectldescribe, kubectldelete that allows attackers to bypass the assertNoDangerousFlags security check by supplying resourceType and name parameters with leading dashes. Attackers can...

9.8CVSS
Exploits0References5
NVD
NVD
added 9 minutes ago1 views

CVE-2026-55474

Snipe-IT is an IT asset/license management system. Prior to 8.5.0, ActionlogController::displaySig concatenates the route filename parameter into a private upload-directory path without sanitization, allowing an authenticated attacker to traverse outside the intended directory and read arbitrary...

7.1CVSS
Exploits0References4
NVD
NVD
added 9 minutes ago1 views

CVE-2026-53449

Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.13.0, the psd print sessions dump CLI command in coturn takes a filename argument and directly passes it to fopen with no path validation. An authenticated admin with CLI access can overwrite arbitrary files writable ...

6CVSS
Exploits0References3
NVD
NVD
added 9 minutes ago1 views

CVE-2026-53450

Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.13.0, coturn rejects loopback peers by default unless allow-loopback-peers is enabled, but the default loopback guard can be bypassed by using the IPv4-mapped IPv6 peer address ::ffff:127.0.0.1 in a TURN...

7.4CVSS
Exploits0References2
NVD
NVD
added 9 minutes ago1 views

CVE-2026-53448

Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.12.0, the coturn HTTPS admin panel passes HTTP query parameters directly into SQL queries via snprintf string interpolation without sanitization. The issecurestring filter that protects the STUN protocol path is not...

7.2CVSS
Exploits0References4
NVD
NVD
added 9 minutes ago1 views

CVE-2026-15146

GNU Wget does not validate the IP address provided by an FTP PASV response while operating in FTP passive mode. A malicious FTP server, or an HTTP server that redirects to an FTP URL, can exploit this behavior to redirect Wget’s data connection to an arbitrary IP address and port. This allows an...

Exploits0References2
Cvelist
Cvelist
added 52 minutes ago3 views

CVE-2026-61459 MCP Server Kubernetes < 3.9.0 Argument Injection via kubectl Structured Tools

MCP Server Kubernetes before 3.9.0 contains an argument injection vulnerability in structured tools kubectlget, kubectldescribe, kubectldelete that allows attackers to bypass the assertNoDangerousFlags security check by supplying resourceType and name parameters with leading dashes. Attackers can...

9.8CVSS
Exploits0References5
CVE
CVE
added 52 minutes ago3 views

CVE-2026-61459

MCP Server Kubernetes before 3.9.0 contains an argument injection vulnerability in structured tools kubectlget, kubectldescribe, kubectldelete that allows attackers to bypass the assertNoDangerousFlags security check by supplying resourceType and name parameters with leading dashes. Attackers can...

9.8CVSS6.1AI score
Exploits0References5
Cvelist
Cvelist
added 57 minutes ago3 views

CVE-2026-55474 Snipe-IT: Directory traversal in displaySig

Snipe-IT is an IT asset/license management system. Prior to 8.5.0, ActionlogController::displaySig concatenates the route filename parameter into a private upload-directory path without sanitization, allowing an authenticated attacker to traverse outside the intended directory and read arbitrary...

7.1CVSS
Exploits0References4
CVE
CVE
added 57 minutes ago3 views

CVE-2026-55474

Snipe-IT is an IT asset/license management system. Prior to 8.5.0, ActionlogController::displaySig concatenates the route filename parameter into a private upload-directory path without sanitization, allowing an authenticated attacker to traverse outside the intended directory and read arbitrary...

7.1CVSS6.2AI score
Exploits0References4
Cvelist
Cvelist
added 1 hour ago3 views

CVE-2026-15146 CVE-2026-15146

GNU Wget does not validate the IP address provided by an FTP PASV response while operating in FTP passive mode. A malicious FTP server, or an HTTP server that redirects to an FTP URL, can exploit this behavior to redirect Wget’s data connection to an arbitrary IP address and port. This allows an...

Exploits0References2
CVE
CVE
added 1 hour ago3 views

CVE-2026-15146

GNU Wget does not validate the IP address provided by an FTP PASV response while operating in FTP passive mode. A malicious FTP server, or an HTTP server that redirects to an FTP URL, can exploit this behavior to redirect Wget’s data connection to an arbitrary IP address and port. This allows an...

6.2AI score
Exploits0References2
NVD
NVD
added 1 hour ago2 views

CVE-2026-55671

ZITADEL is an open source identity management platform. From 4.0.0-rc.1 through 4.15.1, ZITADEL's HTTP notification channels, OIDC BackChannel Logout, and SAML metadata URL fetches do not consistently validate user-defined URLs against protected denylist handling, allowing server-side requests to...

2.3CVSS
Exploits0References3
Cvelist
Cvelist
added 1 hour ago3 views

CVE-2026-53450 Coturn: IPv4-mapped 127.0.0.1 bypasses default loopback peer protection

Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.13.0, coturn rejects loopback peers by default unless allow-loopback-peers is enabled, but the default loopback guard can be bypassed by using the IPv4-mapped IPv6 peer address ::ffff:127.0.0.1 in a TURN...

7.4CVSS
Exploits0References2
Vulnrichment
Vulnrichment
added 1 hour ago2 views

CVE-2026-53450 Coturn: IPv4-mapped 127.0.0.1 bypasses default loopback peer protection

Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.13.0, coturn rejects loopback peers by default unless allow-loopback-peers is enabled, but the default loopback guard can be bypassed by using the IPv4-mapped IPv6 peer address ::ffff:127.0.0.1 in a TURN...

7.4CVSS6.1AI score
Exploits0References2
EUVD
EUVD
added 1 hour ago2 views

EUVD-2026-42971

Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.13.0, coturn rejects loopback peers by default unless allow-loopback-peers is enabled, but the default loopback guard can be bypassed by using the IPv4-mapped IPv6 peer address ::ffff:127.0.0.1 in a TURN...

7.4CVSS6.1AI score
Exploits0References2
CVE
CVE
added 1 hour ago7 views

CVE-2026-53450

Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.13.0, coturn rejects loopback peers by default unless allow-loopback-peers is enabled, but the default loopback guard can be bypassed by using the IPv4-mapped IPv6 peer address ::ffff:127.0.0.1 in a TURN...

7.4CVSS6.1AI score
Exploits0References2
Cvelist
Cvelist
added 1 hour ago3 views

CVE-2026-53449 Coturn: Arbitrary File Write via CLI psd Command

Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.13.0, the psd print sessions dump CLI command in coturn takes a filename argument and directly passes it to fopen with no path validation. An authenticated admin with CLI access can overwrite arbitrary files writable ...

6CVSS
Exploits0References3
CVE
CVE
added 1 hour ago5 views

CVE-2026-53449

Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.13.0, the psd print sessions dump CLI command in coturn takes a filename argument and directly passes it to fopen with no path validation. An authenticated admin with CLI access can overwrite arbitrary files writable ...

6CVSS6.2AI score
Exploits0References3
EUVD
EUVD
added 1 hour ago2 views

EUVD-2026-42970

Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.13.0, the psd print sessions dump CLI command in coturn takes a filename argument and directly passes it to fopen with no path validation. An authenticated admin with CLI access can overwrite arbitrary files writable ...

6CVSS6.2AI score
Exploits0References3
Rows per page
Query Builder