Lucene search
+L
CvelistRecent

367067 matches found

Cvelist
Cvelist
•added 1 hour ago•8 views

CVE-2026-56171 Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability

...

7.1CVSS
Exploits0References1
Cvelist
Cvelist
•added 1 hour ago•5 views

CVE-2026-57980 Microsoft Edge (Chromium-based) Tampering Vulnerability

...

5.4CVSS
Exploits0References1
Cvelist
Cvelist
•added 1 hour ago•7 views

CVE-2026-56740 JLine: Unauthenticated Remote Memory Exhaustion via Unbounded Telnet NEW-ENVIRON Variables

JLine is a Java library for handling console input. Prior to 3.30.14, 4.0.16, and 4.2.1, the JLine3 Telnet server remote-telnet module does not limit the number of environment variables a client may inject via the Telnet NEW-ENVIRON option, and TelnetIO.readNEVariables in TelnetIO.java:1127-1180...

7.5CVSS
Exploits0References9
Cvelist
Cvelist
•added 1 hour ago•6 views

CVE-2026-56741 JLine: Unauthenticated Remote DoS via Unbounded Telnet NAWS Terminal Geometry

JLine is a Java library for handling console input. Prior to 3.30.14, 4.0.16, and 4.2.1, the JLine3 Telnet server remote-telnet module does not apply an upper bound to terminal dimensions received via the Telnet NAWS option, and TelnetIO.handleNAWS in TelnetIO.java:856-879 reads client-supplied...

7.5CVSS
Exploits0References7
Cvelist
Cvelist
•added 1 hour ago•6 views

CVE-2026-48049 @hapi/inert: Static-file confinement bypass via sibling-prefix path

@hapi/inert provides static file and directory handlers for hapi.js. From 4.0.0 to 7.1.0, @hapi/inert serves static files from a directory configured with path in the directory or file handlers or relativeTo for h.file, with confinement enforced by the confine option, but the confinement check...

5.3CVSS0.00062EPSS
Exploits0References4
Cvelist
Cvelist
•added 1 hour ago•7 views

CVE-2026-48022 @hapi/wreck: Sensitive credential headers leak across cross-port and cross-scheme redirects

@hapi/wreck is an HTTP client utility. Prior to 18.1.2, Wreck strips credential headers including Authorization, Cookie, and Proxy-Authorization before following a cross-origin redirect, but the origin check compares hostnames only and ignores scheme and port, so credentials are forwarded intact...

6.5CVSS0.0001EPSS
Exploits0References4
Cvelist
Cvelist
•added 1 hour ago•5 views

CVE-2026-44979 @hapi/wreck : Sensitive `Proxy-Authorization` header leaked across cross-hostname redirects

@hapi/wreck is an HTTP client utility. Prior to 18.1.1, when @hapi/wreck follows a 3xx redirect to a different hostname, only the Authorization and Cookie headers are stripped, and the standard credential header Proxy-Authorization is forwarded intact to the redirect target, potentially exposing...

6.3CVSS0.00054EPSS
Exploits0References4
Cvelist
Cvelist
•added 1 hour ago•4 views

CVE-2026-49485 HAPI FHIR: ReDoS via FHIRPath matches()/replaceMatches() in FHIR Validator HTTP Endpoint

HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to 6.9.9 and 6.9.4.2, all implementations of FHIRPathEngine accept arbitrary FHIRPath expressions and evaluate them without input validation, and the FHIRPath functions matches,...

7.5CVSS
Exploits0References6
Cvelist
Cvelist
•added 1 hour ago•5 views

CVE-2026-54335 Feathersjs: Prototype pollution in @feathersjs/commons _.merge via JSON-parsed __proto__

Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. In 5.0.44 and earlier, the .mergetarget, source utility exported by @feathersjs/commons recursively merges source into target by iterating Object.keyssource. When source was produced by...

3.7CVSS
Exploits0References4
Cvelist
Cvelist
•added 1 hour ago•4 views

CVE-2026-54490 websocket-driver: Resource limit bypass via message compression

websocket-driver is a WebSocket protocol handler with pluggable I/O. Prior to 0.7.5, if this library is used with the permessage-deflate extension, a WebSocket server or client can be made to accept messages that are larger than the configured maximum message size because the limit is checked...

6.3CVSS
Exploits0References2
Cvelist
Cvelist
•added 1 hour ago•4 views

CVE-2026-54466 websocket-driver: Message corruption via abuse of protocol length headers

websocket-driver is a WebSocket protocol handler with pluggable I/O. Prior to 0.7.5, the frame format in draft versions of the WebSocket protocol includes a length header that allows an arbitrarily large integer to be encoded as a sequence of bytes with the high bit set. By sending an indefinite...

9.2CVSS
Exploits0References2
Cvelist
Cvelist
•added 1 hour ago•5 views

CVE-2026-55518 Avo: Missing Authorization in Avo Association Attach Endpoint Allows Unauthorized Relationship Manipulation and Privilege Escalation

Avo is a framework to create admin panels for Ruby on Rails apps. Prior to 3.32.1 and 4.0.0.beta.51, Avo's association attach workflow checks attach? in the UI and GET /resources/:resource/:id/:related/new path, but the actual write endpoint, POST /resources/:resource/:id/:related, does not run t...

9.6CVSS
Exploits0References4
Cvelist
Cvelist
•added 1 hour ago•5 views

CVE-2026-54498 view_component: around_render HTML-Safety Bypass

viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 4.0.0 until 4.12.0, ViewComponent::Basearoundrender can return HTML-unsafe strings that bypass the escaping behavior applied to normal call return values. This creates an XSS risk...

8.7CVSS
Exploits0References4
Cvelist
Cvelist
•added 2 hours ago•4 views

CVE-2026-54497 view_component: Reused Component Instances Retain Stale Render Context

viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 4.0.0 until 4.12.0, ViewComponent::Base instances retain render-scoped objects across calls to renderin; if the same component, collection, or spacer component instance is reused...

6.8CVSS
Exploits0References3
Cvelist
Cvelist
•added 2 hours ago•4 views

CVE-2026-13445 Langflow is affected by remote code execution, denial of service, path traversal, and exposed credentials due to multiple unauthenticated and insufficiently authorized API endpoints

IBM Langflow OSS 1.0.0 through 1.10.1 can allow an authenticated attacker to exploit the SaveToFile component to read and modify another user's uploaded files by specifying absolute paths pointing to victim storage locations. In append mode, the attacker's workflow reads victim file contents,...

8.1CVSS
Exploits0References1
Cvelist
Cvelist
•added 2 hours ago•4 views

CVE-2026-13446 Langflow is affected by remote code execution, denial of service, path traversal, and exposed credentials due to multiple unauthenticated and insufficiently authorized API endpoints

IBM Langflow OSS 1.0.0 through 1.10.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data...

9.8CVSS
Exploits0References1
Cvelist
Cvelist
•added 2 hours ago•4 views

CVE-2026-50271 dd-trace-py: Improper parsing of W3C baggage headers may lead to DoS

Datadog dd-trace-py is the Datadog Python APM client. Prior to 4.8.2, Datadog tracing libraries that implement W3C baggage propagation parse incoming baggage HTTP headers without enforcing DDTRACEBAGGAGEMAXITEMS or DDTRACEBAGGAGEMAXBYTES limits on the extract path. A remote, unauthenticated...

7.5CVSS0.00106EPSS
Exploits0References4
Cvelist
Cvelist
•added 2 hours ago•4 views

CVE-2026-50274 dd-trace-go: Improper parsing of W3C baggage headers may lead to DoS

Datadog dd-trace-go is a Go client library for Datadog application performance monitoring, profiling, and security monitoring. Prior to 2.8.1, Datadog tracing libraries that implement W3C baggage propagation parse incoming baggage HTTP headers without enforcing DDTRACEBAGGAGEMAXITEMS or...

7.5CVSS0.00106EPSS
Exploits0References4
Cvelist
Cvelist
•added 2 hours ago•4 views

CVE-2026-54159 ps_facetedsearch: PHP Object Injection in faceted search cache allows unauthenticated RCE

PrestaShop psfacetedsearch is a module that adds layered navigation filters. From 3.0.0 until 4.0.4, the psfacetedsearch module rebuilds selected search filters from the request URL, and the value of a slider filter, price or weight, is taken from the URL without sufficient validation and stored ...

10CVSS0.00092EPSS
Exploits0References3
Cvelist
Cvelist
•added 2 hours ago•4 views

CVE-2026-45785 OpenMcdf: Uncatchable infinite loop in DirectoryTree.TryGetDirectoryEntry on crafted CFB directory cycle

OpenMcdf is a fully .NET / C library to manipulate Compound File Binary File Format files, also known as Structured Storage. In 3.1.3 and earlier, the BST name-lookup loop in DirectoryTree.TryGetDirectoryEntry OpenMcdf/DirectoryTree.cs:35-46 walks directory entries by repeatedly calling...

6.2CVSS0.00017EPSS
Exploits0References3
Cvelist
Cvelist
•added 2 hours ago•4 views

CVE-2026-48062 CodeIgniter: Uploaded file extension validation bypass in `ext_in` rule

CodeIgniter is a PHP full-stack web framework. Prior to 4.7.3, the extin upload validation rule in system/Validation/StrictRules/FileRules.php checked the MIME-derived guessed extension instead of the client-provided filename extension. As a result, an uploaded file named shell.php containing...

9.8CVSS0.00078EPSS
Exploits0References3
Cvelist
Cvelist
•added 2 hours ago•8 views

CVE-2026-53727 css_parser: SSRF and Local File Disclosure in `CssParser::Parser#read_remote_file`

cssparser is a Ruby CSS parser. From 2.2.0 until 3.0.0, CssParser::Parserreadremotefile in lib/cssparser/parser.rb, and therefore loaduri! and the @import-following branch of addblock!, issued HTTP and HTTPS requests against any host, port, and URI without a scheme allowlist, host or IP filtering...

8.9CVSS
Exploits0References4
Cvelist
Cvelist
•added 2 hours ago•5 views

CVE-2026-50272 dd-trace: Improper parsing of W3C baggage headers may lead to DoS

dd-trace is the Datadog APM client for Node.js. Prior to 5.100.0, W3C baggage propagation in packages/dd-trace/src/baggage.js and packages/dd-trace/src/opentracing/propagation/textmap.js parsed incoming baggage HTTP headers without enforcing DDTRACEBAGGAGEMAXITEMS or DDTRACEBAGGAGEMAXBYTES on...

7.5CVSS0.00106EPSS
Exploits0References4
Cvelist
Cvelist
•added 2 hours ago•7 views

CVE-2026-45784 rust-openssl: Potential out-of-bounds write in `CipherCtxRef::cipher_update_inplace` for AES-KW-PAD ciphers

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.10.50 until 0.10.80, CipherCtxRef::cipherupdateinplace in openssl/src/cipherctx.rs incorrectly sized output buffers when used with AES key-wrap-with-padding ciphers EVPaes128,192,256wrappad. For a non-multiple-of-8...

5.1CVSS0.00019EPSS
Exploits0References4
Cvelist
Cvelist
•added 2 hours ago•5 views

CVE-2026-54243 Statamic: CSV formula injection in form submission exports

Statamic is a Laravel and Git powered content management system CMS. Prior to 5.73.24 and 6.20.1, form submission values in src/Forms/Exporters/CsvExporter.php were not neutralized for spreadsheet formula characters when exported to CSV. A submission containing a value beginning with a formula...

6.1CVSS
Exploits0References5
Cvelist
Cvelist
•added 2 hours ago•5 views

CVE-2026-54242 Statamic: Server-Side Request Forgery via Glide (DNS rebinding)

Statamic is a Laravel and Git powered content management system CMS. Prior to 5.73.24 and 6.20.1, the Glide image proxy's URL validation in src/Imaging/RemoteUrlValidator.php and src/Imaging/GuzzleAdapter.php could be bypassed using DNS rebinding. The remote hostname was validated as publicly...

4.9CVSS
Exploits0References5
Cvelist
Cvelist
•added 2 hours ago•5 views

CVE-2026-54244 Statamic: Incorrect authorization lets view-only users submit Live Preview content reserved for editors

Statamic is a Laravel and Git powered content management system CMS. Prior to 5.74.0 and 6.20.3, the Live Preview endpoint for existing entries and terms in src/Http/Controllers/CP/PreviewController.php only checked view authorization, but it accepts and renders caller-supplied field values. A...

3.5CVSS
Exploits0References5
Cvelist
Cvelist
•added 2 hours ago•7 views

CVE-2026-49977 tarteaucitron.js: data-cookie attribute can be used to delete arbitrary cookies

tarteaucitron.js is a compliant and accessible cookie banner. Prior to 1.33.0, tarteaucitron.cookie.purge is called on any element with the purgeBtn class and does not check whether the element is a legitimate tarteaucitron button or whether the cookie corresponds to a service handled by...

4.3CVSS
Exploits0References3
Cvelist
Cvelist
•added 2 hours ago•6 views

CVE-2026-54163 secure_headers: CSP directive injection via sandbox, plugin_types, and report_to when given untrusted input

secureheaders manages application of security headers with many safe defaults. Prior to 7.3.0, secureheaders builds the Content-Security-Policy value by stitching directives with ; separators, and buildsandboxlistdirective, buildmediatypelistdirective, and buildreporttodirective interpolate...

4.7CVSS0.00031EPSS
Exploits0References3
Cvelist
Cvelist
•added 2 hours ago•4 views

CVE-2026-44891 Netty: Denial of Service via Unbounded Headers in StompSubframeDecoder

Netty is a network application framework for development of protocol servers and clients. Prior to 4.1.136.Final and 4.2.16.Final, io.netty.handler.codec.stomp.StompSubframeDecoder fails to limit the total number of headers or their cumulative size per frame, and the maxLineLength parameter only...

7.5CVSS
Exploits0References7
Cvelist
Cvelist
•added 2 hours ago•5 views

CVE-2026-16074 AstrBotDevs AstrBot Plugin Update plugin.py update_all_plugins server-side request forgery

A vulnerability was detected in AstrBotDevs AstrBot up to 4.25.2. This affects the function updateplugin/updateallplugins of the file astrbot/dashboard/routes/plugin.py of the component Plugin Update Handler. The manipulation of the argument downloadurl/downloadurls/proxy results in server-side...

6.5CVSS
Exploits0References5
Cvelist
Cvelist
•added 2 hours ago•3 views

CVE-2026-48504 OpenTelemetry Rust: Unbounded memory allocation in W3C Baggage propagation

OpenTelemetry Rust is the Rust OpenTelemetry implementation. In 0.32.0 and earlier, BaggagePropagator::extractwithcontext in opentelemetrysdk did not enforce W3C Baggage size limits before parsing an inbound baggage header, so a large attacker-controlled header could cause unnecessary CPU work an...

5.3CVSS0.00096EPSS
Exploits0References2
Cvelist
Cvelist
•added 2 hours ago•3 views

CVE-2026-44974 Parameter smuggling in @hapi/content header parser allows upload-filter bypass via duplicate parameters

@hapi/content provided HTTP Content- headers parsing. Prior to 6.0.2, Content.disposition retained the last occurrence of each duplicate parameter while Content.type retained the first occurrence of duplicate charset and boundary parameters, creating a parameter-smuggling primitive when another...

7.7CVSS0.00052EPSS
Exploits0References2
Cvelist
Cvelist
•added 2 hours ago•4 views

CVE-2026-54171 Excon: redact additional sensitive/risky headers when following redirects

Excon is usable, fast, simple HTTP 1.1 for Ruby. Prior to 1.5.0, Excon's RedirectFollower middleware failed to strip additional sensitive headers when following redirects and did not provide a custom list of headers to strip. This could cause inadvertent leakage of sensitive data when the initial...

6.5CVSS
Exploits0References3
Cvelist
Cvelist
•added 2 hours ago•4 views

CVE-2026-54465 websocket-driver: Memory exhaustion in HTTP header parser

websocket-driver is a WebSocket protocol handler with pluggable I/O. Prior to 0.8.1, when websocket-driver is used to implement a WebSocket server on top of a TCP server using WebSocket::Driver.server or to complement a WebSocket client, a peer can make a single connection consume an unbounded...

6.3CVSS
Exploits0References2
Cvelist
Cvelist
•added 2 hours ago•3 views

CVE-2026-54463 websocket-driver: Memory exhaustion via abuse of protocol length headers

websocket-driver is a WebSocket protocol handler with pluggable I/O. Prior to 0.8.1, draft versions of the WebSocket protocol in websocket-driver include a length header that allows an arbitrarily large integer to be encoded as bytes with the high bit set, and a server or client can send an...

6.9CVSS
Exploits0References2
Cvelist
Cvelist
•added 2 hours ago•3 views

CVE-2026-54464 websocket-driver: Resource limit bypass via message compression

Impact If this library is used in tandem with the permessage-deflate extension, a WebSocket server or client can be made to accept messages that are larger than the configured maximum message size. This is because this limit is checked against the message frames' length headers, which give the si...

6.3CVSS
Exploits0References2
Cvelist
Cvelist
•added 2 hours ago•6 views

CVE-2026-13448 Langflow is affected by remote code execution, denial of service, path traversal, and exposed credentials due to multiple unauthenticated and insufficiently authorized API endpoints

IBM Langflow OSS 1.0.0 through 1.10.1 Lanflow OSS contains an unauthenticated remote code execution vulnerability in the public flow build endpoint /api/v1/buildpublictmp/flowid/flow . The vulnerability stems from an incomplete denylist in the validatepublicflownocodeexecution function that fails...

8.1CVSS
Exploits0References1
Cvelist
Cvelist
•added 2 hours ago•4 views

CVE-2026-13473 IBM Storage Protect Client is vulnerable to Heap-Based Buffer Overflow

IBM Storage Protect Client 8.1.0.0 through 8.1.27.0, 8.1.27.1, and 8.2.0.0 through 8.2.1.0 IBM Storage Protect is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote attacker could overflow a buffer and execute arbitrary code on the system or cause the server ...

8.1CVSS
Exploits0References1
Cvelist
Cvelist
•added 2 hours ago•4 views

CVE-2026-14499 Langflow is affected by remote code execution, denial of service, path traversal, and exposed credentials due to multiple unauthenticated and insufficiently authorized API endpoints

IBM Langflow OSS 1.0.0 through 1.10.1 Langflow could allow an authenticated user to execute arbitrary commands with elevated privileges on the system due to improper validation of user supplied input in the Python Interpreter component...

8.8CVSS
Exploits0References1
Cvelist
Cvelist
•added 2 hours ago•4 views

CVE-2026-14501 Use of Potentially Dangerous Functionthat in IBM Db2 Genius Hub

IBM Db2 Genius Hub 1.1, 1.1.1, 1.1.2 and IBM Agentics 1.0 could allow an attacker to execute arbitrary code or obtain sensitive information due to the use of dangerous functions without sufficient restrictions...

4.3CVSS
Exploits0References1
Cvelist
Cvelist
•added 2 hours ago•4 views

CVE-2026-55254 NCalc: Denial of Service via Unbounded and Non-Terminating Factorial Evaluation

NCalc is a fast, lightweight expression evaluator for .NET. Prior to 6.1.1, the factorial operator implementation in src/NCalc.Core/Helpers/MathHelper.cs permits specially crafted expressions with extremely large factorial operands, causing excessive CPU consumption or a non-terminating loop due ...

4.8CVSS
Exploits0References4
Cvelist
Cvelist
•added 2 hours ago•5 views

CVE-2026-46420 setup-php: Command Injection in Repository-Derived PHP Version Resolution

setup-php is a GitHub action to set up PHP with extensions, php.ini configuration, coverage drivers, and tools. From 2.25.0 prior to 2.37.1, shivammathur/setup-php resolves the PHP version from repository-controlled files such as .php-version, composer.lock through platform-overrides.php, and...

5.6CVSS0.01576EPSS
Exploits0References3
Cvelist
Cvelist
•added 2 hours ago•4 views

CVE-2026-14971 This PowerVM Novalink update is being released to address

IBM PowerVM Novalink 2.2.02.2.12.2.1.1, and 2.3.02.3.0.12.3.12.3.2 IBM NovaLink APIs misconfiguration may increase attack surface and enable unintended or unauthorized operations under non-default conditions...

3.9CVSS
Exploits0References1
Cvelist
Cvelist
•added 2 hours ago•3 views

CVE-2026-45799 Wire: skipGroup() missing negative-length check allows 10-byte payload to crash any Wire-decoding service

Wire provides gRPC and protocol buffers for Android, Kotlin, Swift, and Java. Prior to 6.3.0 and 7.0.0-alpha03, ByteArrayProtoReader32.skipGroup and ProtoReader.skipGroup in wire-runtime do not validate that a LENGTHDELIMITED field length is non-negative before skip, allowing a crafted protobuf...

7.5CVSS0.00055EPSS
Exploits0References7
Cvelist
Cvelist
•added 2 hours ago•4 views

CVE-2026-14979 IBM Engineering Lifecycle Management - Jazz Foundation is vulnerable to XML Entity Expansion attack

IBM Engineering Lifecycle Management 7.0.3 Interim Fix 001 through Interim Fix 021, 7.1.0 Interim Fix 001 through Interim Fix 009, and 7.2.0 and 7.2.0 Interim Fix 001 DOORS could allow a remote attacker to cause a denial of service due to improper handling of XML entity expansion...

5.3CVSS
Exploits0References1
Cvelist
Cvelist
•added 3 hours ago•7 views

CVE-2026-48819 Hey API: `buildClientParams` template: prototype chain substitution via unknown `$<slot>___proto__` key

Hey API is an ecosystem for turning API specifications into production-ready code. Prior to 0.97.3, dist/clients/core/params.ts ships a runtime template copied into generated SDKs as params.gen.ts, and buildClientParams writes unknown slot-prefixed keys such as $body, $headers, $path, and $query...

4.8CVSS
Exploits0References4
Cvelist
Cvelist
•added 3 hours ago•6 views

CVE-2026-16118 Xdgmime: heap-based buffer overflow in _xdg_mime_magic_parse_magic_line() in xdgmimemagic.c

A flaw was found in xdgmime. A heap-based buffer overflow can be triggered in xdgmimemagicparsemagicline in the xdgmimemagic.c file on little-endian systems when an attacker-controlled MIME magic file in a user-writable XDG data location e.g., in the $XDGDATAHOME/mime/magic path is parsed by an...

7.1CVSS
Exploits0References3
Cvelist
Cvelist
•added 3 hours ago•7 views

CVE-2026-50289 systeminformation: OS command injection in networkInterfaces() via interfaces(5) source-directive path on Linux

systeminformation is a System and OS information library for node.js. Prior to 5.31.7, networkInterfaces on Linux is vulnerable to OS command injection through the Debian/Ubuntu interfaces5 source directive because lib/network.js checkLinuxDCHPInterfaces reads /etc/network/interfaces, extracts a...

8.7CVSS
Exploits0References3
Cvelist
Cvelist
•added 3 hours ago•7 views

CVE-2026-50151 oras-go: credential forwarding via unvalidated Location header in blob upload

oras-go is a Go library for managing OCI artifacts. Prior to 2.6.1, registry/remote/repository.go in blobStore.completePushAfterInitialPost follows a registry-controlled Location header during monolithic blob upload and reuses the Authorization header from the initial POST request for the...

7.5CVSS
Exploits0References4
Total number of security vulnerabilities367067