Lucene search
+L
VulnrichmentRecent

163701 matches found

Vulnrichment
Vulnrichment
added 2026/06/11 6:47 p.m.10 views

CVE-2025-24284

This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in macOS Sequoia 15.4. An app may be able to break out of its sandbox...

5.4AI score0.00127EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/11 6:47 p.m.8 views

CVE-2025-24165

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to cause unexpected system termination...

5.3AI score0.00121EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/11 6:47 p.m.12 views

CVE-2025-46313

A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data...

6.5AI score0.0013EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/11 6:47 p.m.10 views

CVE-2025-43278

This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.4. An app may be able to access protected user data...

5.2AI score0.00151EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/11 6:47 p.m.9 views

CVE-2025-46308

An authorization issue was addressed with improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may be able to leak sensitive user information...

5.4AI score0.0023EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/11 6:46 p.m.9 views

CVE-2026-47174 Duck Site: Untrusted pull request code can trigger privileged production deployment

In Duck Site before version 1.0.1, the repository has a deploy workflow that runs after the build workflow completes. The build workflow runs on pull requests, while the deploy workflow runs with package-write permissions and deployment secrets. If an attacker can make a pull request build satisf...

9.5CVSS5.3AI score0.00312EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/11 6:40 p.m.7 views

CVE-2026-45177 Idira Secrets Manager SaaS Edge: Authentication Bypass of an internal validation mechanism

Idira Secrets Manager SaaS Edge versions prior to 1.8 exhibit improper access control within its internal authentication components. A remote, unauthenticated attacker could exploit this by submitting a specially crafted request. Under specific circumstances, this could allow the attacker to...

9.1CVSS5.5AI score0.00503EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/11 6:38 p.m.12 views

CVE-2026-47170 Garlic-Hub: SSRF vulnerability in uploadFromUrl endpoint

Garlic-Hub manages digital signage network — devices, content, and playlists — from a single self-hosted interface. Prior to version 1.1, authenticated users can cause the server to issue arbitrary HTTP requests to internal services via the uploadFromUrl endpoint. This allows internal port...

7.7CVSS5.4AI score0.00209EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/11 6:35 p.m.17 views

CVE-2026-47250 mcp-server-kubernetes: kubectl-generic flag injection enables Kubernetes bearer token exfiltration

mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Prior to version 3.7.0, the kubectlgeneric tool in mcp-server-kubernetes passes user-supplied flags directly to kubectl without any allowlist, enabling a privilege escalation attack within Kubernetes...

6.1CVSS5.3AI score0.00267EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/11 6:34 p.m.8 views

CVE-2026-46519 mcp-server-kubernetes Affected By Tool Access Control Bypass: Presentation-Layer Filtering Without Execution-Layer Enforcement

mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Prior to version 3.6.0, mcp-server-kubernetes exposes three environment variables ALLOWONLYREADONLYTOOLS, ALLOWONLYNONDESTRUCTIVETOOLS, ALLOWEDTOOLS documented as access controls for restricting which...

8.8CVSS5.6AI score0.00376EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/11 6:33 p.m.11 views

CVE-2026-52860 Vim: Arbitrary Code Execution via Python Omni-Completion

Vim is an open source, command line text editor. Prior to version 9.2.0597, Vim's Python omni-completion executes reconstructed function and class definitions from the current buffer with exec as part of populating the completion dictionary. Python evaluates function default values, parameter...

7.5CVSS5.6AI score0.00224EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/11 6:33 p.m.11 views

CVE-2026-48547 KanaDojo < 0.1.18 Command Injection via patchNotesData.json in release.yml

KanaDojo contains a command injection vulnerability that allows an attacker with pull request access to execute arbitrary shell commands by inserting shell metacharacters into the version or changes fields of patchNotesData.json, which are interpolated unsanitized into a childprocess.execSync cal...

8.5CVSS6AI score0.0091EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/11 6:33 p.m.10 views

CVE-2026-52859 Vim: Out-of-bounds Read in Terminal Screen Snapshot

Vim is an open source, command line text editor. Prior to version 9.2.0565, the updatesnapshot function in src/terminal.c copies the visible terminal screen into the scrollback buffer when a snapshot is taken. For each screen cell it walks the cell's chars array with no upper bound, stopping only...

6.9CVSS5.7AI score0.00303EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/11 6:32 p.m.11 views

CVE-2026-52858 Vim: Arbitrary Code Execution via Python Omni-Completion

Vim is an open source, command line text editor. Prior to version 9.2.0561, the Python omni-completion script in python3complete.vim for Vim with the +python3 interpreter enabled and the legacy pythoncomplete.vim for builds with the +python interpreter executes the import and from statements foun...

7.3CVSS5.4AI score0.00201EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/11 6:32 p.m.9 views

CVE-2026-47162 Vim: Vimscript Code Injection in netrw NetrwBookHistSave() via crafted directory name

Vim is an open source, command line text editor. Prior to version 9.2.0495, a Vimscript code injection vulnerability exists in s:NetrwBookHistSave in the netrw plugin runtime/pack/dist/opt/netrw/autoload/netrw.vim when serializing browsed directory paths to the history file /.vim/.netrwhist. A...

7.3CVSS5.8AI score0.00219EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/11 6:31 p.m.9 views

CVE-2026-47167 Vim: Vimscript Code Injection in cucumber filetype plugin via crafted step-definition regex

Vim is an open source, command line text editor. Prior to version 9.2.0496, a code injection vulnerability exists in s:stepmatch in the cucumber filetype plugin runtime/ftplugin/cucumber.vim on Vim builds with +ruby support. Step-definition patterns read from .rb files under the repository's...

5.1CVSS5.9AI score0.00135EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/11 6:31 p.m.12 views

CVE-2026-47189 Quest Bot: AutoMod removal can delete rules from another guild by global rule ID

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.5, the AutoMod remove flow looks up and deletes rules by global database ID without verifying that the rule belongs to the guild where the command is executed. A user can learn a victim...

8.3CVSS5.4AI score0.00307EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/11 6:30 p.m.13 views

CVE-2026-47188 Quest Bot: Unban and unwarn reason fields still allow bot-powered mass mentions.

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.5, the latest release suppresses mentions in several moderation commands, but /unban and /unwarn still echo user-controlled reason text in public bot messages without allowedMentions. A...

2.3CVSS5.3AI score0.00235EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/11 6:30 p.m.10 views

CVE-2026-47177 Quest Bot: Ticket transcripts can disclose private ticket contents to a lower-visibility channel

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.4, a user who can configure bot settings can set the ticket transcript channel to a channel they can read. When tickets are closed, the bot exports the full ticket history and sends it ...

5.7CVSS5.4AI score0.00251EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/11 6:29 p.m.9 views

CVE-2026-47176 Quest Bot: Logging module can disclose private-channel message contents to a lower-visibility log channel

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.4, a user who can configure bot settings can enable logging and choose a logging channel they can read. The bot then logs deleted and edited message contents from every channel it can...

5.7CVSS5.3AI score0.00251EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/11 6:29 p.m.10 views

CVE-2026-47175 Quest Bot: Moderation reason fields allow bot-powered `@everyone` / `@here` pings

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.4, several moderation commands echo user-controlled reason text in public bot replies without disabling mention parsing. A moderator who does not have permission to mention everyone can...

2.3CVSS5.4AI score0.00235EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/11 6:29 p.m.11 views

CVE-2026-47173 Quest Bot: Ticket reason allows mass-mention injection

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, a normal user can create a ticket with a reason containing @everyone, @here, user mentions, or role mentions. When the ticket is created, the bot posts the attacker-controlled reason...

6.3CVSS5.2AI score0.00263EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/11 6:28 p.m.9 views

CVE-2026-47172 Quest Bot: Untrusted pull request code can be built and deployed by privileged `workflow_run` deployment.

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, the repository has a privileged deploy workflow that runs after the unprivileged build workflow completes. The build workflow runs on pull requests, and the deploy workflow checks ou...

9.5CVSS5.5AI score0.00324EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/11 6:28 p.m.8 views

CVE-2026-47171 Quest Bot: Reminder messages allow stored mass mentions through `@everyone` and `@here`

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, a normal user can create a reminder whose message contains @everyone or @here. When the reminder triggers, the bot sends the stored message back into the channel without suppressing...

8.8CVSS5.4AI score0.00324EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/11 6:27 p.m.12 views

CVE-2026-47163 Quest Bot: Unprivileged users can create and remove AutoMod rules.

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.1, any guild member who can invoke slash commands can use /automod add, /automod remove, and /automod list because the command has no Discord default permission requirement and no runti...

7.2CVSS5.4AI score0.00215EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/11 6:25 p.m.10 views

CVE-2026-47169 Quest Bot: Manage Server users can configure AutoRole to grant Administrator to controlled joining accounts

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, a user with Manage Server / ManageGuild, but without Manage Roles or Administrator, can configure the bot’s AutoRole feature to assign an arbitrary role to new members. If the select...

7.5CVSS5.5AI score0.00238EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/11 6:19 p.m.8 views

CVE-2026-45178 Idira Secrets Manager Self-Hosted: Improper Access Control in Internal Cluster Endpoints

Idira Secrets Manager Self-Hosted versions 13.8.0 and lower exhibit improper access control within internal cluster endpoints. A remote, authenticated attacker possessing standard node-level credentials could leverage these endpoints to potentially retrieve unauthorized secrets or cause a denial ...

8.4CVSS5.5AI score0.00361EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/11 6:15 p.m.9 views

CVE-2026-53702 Gstreamer1-plugins-bad-free: gstreamer: stack buffer overflow in h.265 buffering period sei parser

A stack buffer overflow flaw was found in the GStreamer H.265 codec parser library gst-plugins-bad. When parsing a buffering period SEI message, the parser uses an incorrect loop bound derived from cpbcntminus1i the loop index instead of the sub-layer 0 CPB count cpbcntminus10 from the referenced...

6.5CVSS5.7AI score0.00228EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/11 6:15 p.m.8 views

CVE-2026-53701 Gstreamer1-plugins-bad-free: gstreamer: out-of-bounds write in h.266/vvc pps picture partition parser

An out-of-bounds write vulnerability was found in GStreamer's H.266/VVC PPS picture partition parser in gst-plugins-bad. In the multi-slice-in-tile processing of gsth266parserparsepicturepartition gsth266parser.c, the loop iterates without checking that the slice index stays within bounds, writin...

6.5CVSS5.5AI score0.00206EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/11 5:54 p.m.25 views

CVE-2026-11774 389-ds-base: 389-ds-base: integer overflow in sasl packet length bypasses size limit leading to heap buffer overflow

An integer overflow flaw was found in the SASL I/O layer of 389 Directory Server 389-ds-base. In sasliostartpacket, adding sizeofuint32t to a crafted SASL packet length prefix of 0xFFFFFFFC causes unsigned wraparound to zero, bypassing the nsslapd-maxsasliosize limit and leading to a heap buffer...

7.6CVSS5.9AI score0.0067EPSS
Exploits0References19
Vulnrichment
Vulnrichment
added 2026/06/11 5:53 p.m.9 views

CVE-2026-48546 KanaDojo < 0.1.18 Sandbox Escape RCE via messages.cjs

KanaDojo before 0.1.18 contains a sandbox escape vulnerability that allows an attacker to execute arbitrary code by exploiting the explicit passing of the global require function into a Node.js vm.runInNewContext sandbox context in the issue-auto-respond.yml workflow. Attackers can submit a pull...

8.5CVSS6.7AI score0.00487EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/11 5:18 p.m.11 views

CVE-2026-47157 aiograpi: Unsafe signup challenge path handling

aiograpi is an asynchronous Instagram API for Python. aiograpi versions before 0.9.10 accepted server-supplied signup challenge paths and used them to build request URLs before validating that the paths were relative Instagram API paths. If an attacker can influence a challenge response, for...

6.5CVSS5.4AI score0.00195EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/11 5:16 p.m.10 views

CVE-2026-46697 Fediverse Embeds: Unauthenticated SSRF / open proxy via REST media-proxy endpoint

Fediverse Embeds embeds fediverse posts on WordPress sites. Prior to version 1.5.8, Fediverse Embeds registered an unauthenticated REST route ftf/media-proxy includes/MediaProxy.php with permissioncallback = returntrue that accepted a base64-encoded URL and forwarded it to wpremoteget$url without...

7.5CVSS5.4AI score0.00234EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/11 5:15 p.m.11 views

CVE-2026-46698 Fediverse Embeds: Public-nonce SSRF via ftf_get_site_info AJAX action

Fediverse Embeds embeds fediverse posts on WordPress sites. Prior to version 1.5.9, Fediverse Embeds registered the unauthenticated AJAX action wpajaxnoprivftfgetsiteinfo includes/SiteInfo.php that verified a nonce ftf-fediverse-embeds-nonce and then called filegethtml$siteurl on the...

5.3CVSS5.4AI score0.00229EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/11 5:13 p.m.15 views

CVE-2026-49261 MariaDB server has unsafe parameter handling in `wsrep_notify_cmd`

MariaDB server is a community developed fork of MySQL server. Versions 10.6.1 through 10.6.26, 10.11.1 through 10.11.17, 11.4.1 through 11.4.11, 11.8.1 through 11.8.7, and 12.3.1 with wsrepnotifycmd enabled would execute shell commands embedded in the name of the joiner node. This is fixed in...

10CVSS5.6AI score0.00998EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/11 5:0 p.m.10 views

CVE-2026-3329 Nexus Repository Manager - Improper Restriction of Excessive Authentication Attempts

A remote unauthenticated attacker may be able to conduct credential-guessing attacks against user accounts in Sonatype Nexus Repository via authentication endpoints...

8.7CVSS5.5AI score0.00503EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/11 4:47 p.m.10 views

CVE-2026-11986 Keycloak-rest-admin-ui-ext: authorization bypass vulnerability in the admin-ui-ext bulk role-mapping-delete endpoints of keycloak

A flaw was found in the admin-ui-ext component of Keycloak, which provides extended administrative user interface capabilities. The issue occurs because certain bulk role-removal endpoints fail to perform granular permission checks when deleting role mappings. This allows a delegated administrato...

4.9CVSS5.4AI score0.00201EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/11 3:53 p.m.9 views

CVE-2026-11945 PostgreSQL Anonymizer: SQL injection in the rules import functions

PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a JSON document and placing malicious code inside a particular key-value pair. If a superuser calls the importdatabaserules or importrolesrules functions, the malicious code is executed with...

6.4CVSS5.5AI score0.00247EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/06/11 3:45 p.m.9 views

CVE-2026-49982 tmp: Type-confusion bypass of _assertPath in [email protected] allows path traversal via non-string prefix/postfix/template

tmp is a temporary file and directory creator for node.js. In version 0.2.6, the assertPath guard added to tmp rejects only string values that contain the substring ... It is bypassed when prefix, postfix, or template is supplied as a non-string value Array, Buffer, or any object whose includes'....

8.2CVSS5.5AI score0.00496EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/06/11 3:42 p.m.10 views

CVE-2026-44705 tmp: Path Traversal via unsanitized prefix/postfix enables directory escape

tmp is a temporary file and directory creator for node.js. Prior to 0.2.6, the tmp npm package contains a path traversal vulnerability that allows escaping the intended temporary directory when untrusted data flows into the prefix, postfix, or dir options. By embedding traversal sequences e.g., ....

8.7CVSS5.3AI score0.00354EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/06/11 3:39 p.m.10 views

CVE-2026-44486 Axios: Proxy-Authorization header leaks to redirect target when proxy is re-evaluated to direct connection

Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios’ Node.js HTTP adapter can leak proxy credentials to a redirect target in affected versions. When a request is sent through an authenticated proxy, Axios may add a Proxy-Authorization header. If Axi...

7.5CVSS5.4AI score0.00532EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/06/11 3:38 p.m.11 views

CVE-2026-44487 Axios: Proxy-Authorization Credential Leak to Origin Server Across HTTP-to-HTTPS Redirect in Axios Node.js HTTP Adapter

Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios’s Node.js HTTP adapter may forward a Proxy-Authorization header to a redirected origin during specific proxy-to-direct redirect flows. This affects Node.js usage, where an initial HTTP request is...

8.2CVSS5.5AI score0.00664EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/06/11 3:37 p.m.21 views

CVE-2026-44488 Axios: Allocation of Resources Without Limits or Throttling in axios

Axios is a promise based HTTP client for the browser and Node.js. Axios versions 1.7.0 through 1.15.x did not enforce configured request and response size limits when requests were sent with the fetch adapter. Applications that selected adapter: 'fetch', or ran in environments where axios resolve...

7.5CVSS5.5AI score0.0063EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/06/11 3:36 p.m.9 views

CVE-2026-44490 Axios: DoS & Header Injection via Prototype Pollution Read-Side Gadgets in axios merge functions

Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, axios exposes two read-side prototype-pollution gadgets. When Object.prototype is polluted by an upstream dependency in the same process e.g. lodash .merge / CVE-2018-16487, axios silently picks up the...

4.8CVSS5.5AI score0.00287EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/06/11 3:34 p.m.11 views

CVE-2026-44496 Axios: Regular Expression Denial of Service (ReDoS) via Cookie Name Injection

Axios is a promise based HTTP client for the browser and Node.js. Axios versions before 0.32.0 on the 0.x line and before 1.16.0 on the 1.x line build a regular expression from the configured XSRF cookie name without escaping regex metacharacters. In standard browser environments, an attacker who...

7.5CVSS5.5AI score0.00622EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/06/11 3:33 p.m.10 views

CVE-2026-44495 Axios: Credential Theft and Response Hijacking via Prototype Pollution Gadget in Config Merge

Axios is a promise based HTTP client for the browser and Node.js. From 0.19.0 to before 0.31.1 and 1.15.2, Axios contains prototype-pollution gadgets in request config processing. If another vulnerability in the same JavaScript process has already polluted Object.prototype.transformResponse,...

7CVSS5.3AI score0.00495EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/11 3:32 p.m.11 views

CVE-2026-44494 Axios: Full Man-in-the-Middle via Prototype Pollution Gadget in `config.proxy`

Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.16.0, the Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype pollution in the application's dependency tree to be escalated into a full Man-in-the-Middle MIT...

8.7CVSS5.4AI score0.01041EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/06/11 3:30 p.m.8 views

CVE-2026-44489 Axios: Proxy-Authorization Header Injection via Prototype Pollution — Incomplete Null-Prototype Fix

Axios is a promise based HTTP client for the browser and Node.js. From 1.15.2 to before 1.16.0, nested objects created by utils.merge e.g., config.proxy are still constructed as plain with Object.prototype in their chain. The setProxy function at lib/adapters/http.js:209-223 reads proxy.username,...

3.7CVSS5.5AI score0.00228EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/06/11 3:29 p.m.11 views

CVE-2026-44492 Axios: shouldBypassProxy does not recognize IPv4-mapped IPv6 addresses, allowing NO_PROXY bypass (incomplete fix for CVE-2025-62718)

Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios does not normalise IPv4-mapped IPv6 addresses. When NOPROXY lists an IPv4 address such as 127.0.0.1 or 169.254.169.254, a request URL using the IPv4-mapped IPv6 form ::ffff:7f00:1, ::ffff:a9fe:a9fe...

8.6CVSS5.4AI score0.00889EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/06/11 3:10 p.m.13 views

CVE-2024-45636 IBM Security QRadar EDR Software has a vulnerability where user credentials may be stored in plain text, potentially exposing sensitive information.

IBM Security QRadar EDR 3.12 through 3.12.24 stores user credentials in plain text which can be read by a local privileged user...

4.1CVSS5.4AI score0.00094EPSS
Exploits0References1
Total number of security vulnerabilities163701