Lucene search
K
VulnrichmentRecent

161701 matches found

Vulnrichment
Vulnrichment
•added 2026/06/23 3:41 p.m.•4 views

CVE-2026-54311 n8n: Merge Node SQL Mode Prototype Pollution

n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, an authenticated user with permission to create or modify workflows could pollute the sandbox used by the Merge node's SQL Query mode. Because the sandbox context was cached and reused across all workflow executions o...

6CVSS6AI score0.00316EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/23 3:36 p.m.•7 views

CVE-2026-56695 OpenHarness - Cross-Session Disclosure via /resume and /summary Commands

OpenHarness ohmo gateway /resume and /summary slash commands default remoteinvocable to True, allowing admitted remote senders to enumerate and load arbitrary session snapshots by ID. Attackers can exploit this to access victim snapshots containing private prompts, credentials, tool output, and...

7.1CVSS6.1AI score0.00231EPSS
Exploits0References3
Vulnrichment
Vulnrichment
•added 2026/06/23 3:35 p.m.•6 views

CVE-2026-56694 NanoClaw < 2.1.0 - Privilege Escalation via Forged Channel Approval Callback

NanoClaw before 2.1.0 contains a privilege escalation vulnerability in the channel-registration approval flow where handleChannelApprovalResponse fails to validate admin privileges over target agent groups. Scoped admins can submit forged or stale connect callback values to wire messaging channel...

5.4CVSS5.9AI score0.00171EPSS
Exploits0References3
Vulnrichment
Vulnrichment
•added 2026/06/23 3:35 p.m.•7 views

CVE-2026-56693 NanoClaw < 2.1.17 - Privilege Escalation via Unauthorized create_agent System Action

NanoClaw before 2.1.17 contains a privilege escalation vulnerability in the createagent delivery-action handler that performs privileged central-database writes without host-side authorization checks. Confined agent containers can invoke createagent to create arbitrary agent groups, container...

6.8CVSS6AI score0.00113EPSS
Exploits0References3
Vulnrichment
Vulnrichment
•added 2026/06/23 3:34 p.m.•5 views

CVE-2026-56692 NanoClaw < 2.1.17 - Arbitrary File Read via Symlink Following in forwardAttachedFiles

NanoClaw before 2.1.17 contains a symlink following vulnerability in forwardAttachedFiles that allows container-controlled agents to exfiltrate host-readable files. The host validates attachment filenames using only isSafeAttachmentName before copying with fs.copyFileSync, which follows symlinks...

6.8CVSS5.9AI score0.00131EPSS
Exploits0References3
Vulnrichment
Vulnrichment
•added 2026/06/23 3:34 p.m.•7 views

CVE-2026-56402 NanoClaw < 2.1.17 - Privilege Escalation via Unverified Approval Response Handler

NanoClaw before 2.1.17 contains a privilege escalation vulnerability in the handleApprovalsResponse function that fails to verify responder role authorization. Attackers with a valid questionId can approve or reject privileged actions like package installation by submitting approval response...

7.1CVSS5.9AI score0.00213EPSS
Exploits0References3
Vulnrichment
Vulnrichment
•added 2026/06/23 3:33 p.m.•4 views

CVE-2026-54314 n8n: Denial of Service via ZIP decompression in webhook workflow

n8n is an open source workflow automation platform. Prior to 2.24.0, the Compression node's Decompress operation expanded attacker-controlled archives into memory without enforcing limits on decompressed output size. An unauthenticated attacker could send a small compressed archive to a public...

6.3CVSS5.9AI score0.00375EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/23 3:33 p.m.•4 views

CVE-2026-54312 n8n: Microsoft SQL Node Prototype Pollution

n8n is an open source workflow automation platform. Prior to 2.24.0, an authenticated user with permission to create or modify workflows could achieve global prototype pollution via the Microsoft SQL node by supplying a crafted value as the table parameter. This pollutes Object.prototype...

7.2CVSS5.9AI score0.00294EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/23 3:32 p.m.•4 views

CVE-2026-54303 n8n: Reflected XSS via Facebook, WhatsApp, and Microsoft Teams Trigger Webhook Verification Endpoints

n8n is an open source workflow automation platform. Prior to 2.24.0, an endpoint in the Meta and Microsoft Teams trigger nodes reflects a query parameter into the HTTP response without sanitization or Content-Security-Policy headers, enabling reflected XSS in the n8n origin when a logged-in user...

6.8CVSS5.8AI score0.00177EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/23 3:31 p.m.•5 views

CVE-2026-54313 n8n: NoSQL Injection in MongoDB Node Find And Replace Operation

n8n is an open source workflow automation platform. Prior to 2.24.0, an authenticated user with workflow edit access could supply a malicious filter value in the MongoDB node's Find And Replace operation. The value was not validated before being passed to MongoDB as a query filter, allowing...

6.5CVSS5.8AI score0.0026EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/23 3:17 p.m.•6 views

CVE-2025-15619 HCL Connections is vulnerable to broken access control

HCL Connections contains a broken access control vulnerability that may allow an unauthorized user to view data in a single specific scenario...

3.5CVSS5.8AI score0.00098EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/23 3:7 p.m.•21 views

CVE-2026-55766 guzzlehttp/psr7: CRLF Injection in HTTP Start-Line Serialization

guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Prior to 2.12.1, guzzlehttp/psr7 did not reject CR/LF characters in certain first-party HTTP start-line fields: the request method, protocol version, and response reason phrase. If an application placed attacker-controlled dat...

4.8CVSS5.8AI score0.00158EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/23 3:5 p.m.•3 views

CVE-2026-55767 Guzzle: Dot-Only Cookie Domains Match All Hosts in guzzlehttp/guzzle

Guzzle is an extensible PHP HTTP client. Prior to 7.12.1, CookieJar incorrectly accepts cookies with a dot-only Domain attribute and whitespace-padded variants. SetCookie::matchesDomain removes leading dots from the cookie domain, normalizing dot-only values to the empty string; SetCookie::valida...

5.8CVSS5.9AI score0.00111EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/23 2:48 p.m.•5 views

CVE-2025-62180 Pega Platform versions 8.3.0 through Infinity 25.1.2 are affected by an authorization weakness that may allow authenticated users to access certain additional data via crafted URLs.

Pega Platform versions 8.3.0 through Infinity 25.1.2 are affected by an authorization weakness that may allow authenticated users to access certain additional data via crafted URLs...

7.1CVSS5.8AI score0.00215EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/23 2:25 p.m.•5 views

CVE-2026-27604 FOSSBilling: Improper API Role Validation (system) Enables Unauthenticated Access to Privileged Admin Functions

FOSSBilling is a free, open-source billing and client management system. Starting in version 0.5.4 and prior to version 0.8.0, an authorization bypass in the API role handling allows unauthenticated access to privileged /api/system/ endpoints. Because system resolves to the cron admin identity,...

10CVSS5.9AI score0.00408EPSS
Exploits0References3
Vulnrichment
Vulnrichment
•added 2026/06/23 2:20 p.m.•26 views

CVE-2026-28496 FOSSBilling: Server-side template injection in Twig template rendering enables information disclosure and RCE

FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 have a Server-Side Template Injection SSTI vulnerability in the template rendering system. Administrators with access to features that render Twig templates email templates, mass mail campaigns, custo...

9.4CVSS6.4AI score0.01892EPSS
Exploits1References3
Vulnrichment
Vulnrichment
•added 2026/06/23 1:57 p.m.•6 views

CVE-2026-56815

pwnlift before d7a9544, in a privileged deployment, contains a symlink following vulnerability in the upload handler in Components/Pages/Home.razor...

7.4CVSS5.9AI score0.00142EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/23 1:48 p.m.•6 views

CVE-2026-35019 NetComm NF20MESH < R6B032 Hardcoded AES Key Authentication Bypass

NetComm NF20MESH routers running firmware R6B031 and earlier contain an authentication bypass vulnerability that allows unauthenticated attackers to gain administrative access by exploiting a hardcoded AES-256 key used to encrypt session cookies for the web management interface. Attackers can for...

9.2CVSS5.9AI score0.00431EPSS
Exploits0References4
Vulnrichment
Vulnrichment
•added 2026/06/23 1:46 p.m.•4 views

CVE-2026-35018 NetComm NF20MESH < R6B032 Authenticated RCE via OS Command Injection

NetComm NF20MESH routers running firmware R6B031 and earlier contain an authenticated remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands as root by injecting shell metacharacters into the username JSON parameter processed by the...

8.8CVSS6.8AI score0.00664EPSS
Exploits0References4
Vulnrichment
Vulnrichment
•added 2026/06/23 1:31 p.m.•10 views

CVE-2026-11772 Reflected XSS in DRIMO CMS

DRIMO CMS is vulnerable to Reflected XSS via q parameter in searching functionality. An attacker can prepare an URL that, when opened, results in arbitrary JavaScript execution in the victim's browser. Product is in End Of Life phase and will not receive any updates. However, deleting info.php fi...

5.1CVSS6.1AI score0.00378EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/23 1:28 p.m.•7 views

CVE-2026-12969 Dnsmasq: dnsmasq: out-of-bounds read in find_soa() due to missing extrabytes validation

An out-of-bounds read vulnerability exists in dnsmasq's findsoa function in src/rfc1035.c. When parsing NS section records, extractname is called with extrabytes=0, failing to validate that 10 additional bytes exist for fixed-length DNS record fields. A remote attacker controlling a DNS zone can...

5.3CVSS6AI score0.00239EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/23 1:26 p.m.•9 views

CVE-2026-10609 Openshift/cluster-logging-operator: cluster logging operator creates and forwards serviceaccount tokens without verifying clf creator authorization

A missing authorization flaw was found in the OpenShift Cluster Logging Operator. The operator creates and forwards ServiceAccount tokens to output destinations without verifying that the ClusterLogForwarder creator has permission to use those credentials, allowing a delegated editor to exfiltrat...

6.8CVSS5.8AI score0.00226EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/23 12:32 p.m.•3 views

CVE-2026-4610 ProfileGrid <= 5.9.9.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Message Content

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pmauthormessage' parameter in the pmsendmessagetoauthor function in all versions up to, and including, 5.9.9.2 due to insufficient input sanitization and output...

6.4CVSS5.9AI score0.00201EPSS
Exploits0References6
Vulnrichment
Vulnrichment
•added 2026/06/23 12:31 p.m.•8 views

CVE-2026-54892 Plug: quadratic-time decoding of nested query/body parameters enables denial of service

Inefficient algorithmic complexity in Plug's nested-parameter decoder allows an unauthenticated remote attacker to cause denial of service. Plug.Conn.Query.decode/4 and Plug.Conn.Query.decodeeach/2 parse query strings and application/x-www-form-urlencoded request bodies. When a key contains many...

8.7CVSS5.9AI score0.00707EPSS
Exploits0References8
Vulnrichment
Vulnrichment
•added 2026/06/23 12:15 p.m.•7 views

CVE-2026-10857 Reflected XSS in Akinsoft's e-Commerce

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in AKIN Software Computer Import Export Industry and Trade Ltd. E-Commerce allows Reflected XSS. This issue affects e-Commerce: before 1.25.01.06...

6.1CVSS5.8AI score0.00149EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/23 12:13 p.m.•4 views

CVE-2026-56784 OpenRemote < 1.25.0 IDOR via Bulk Alarm Deletion Endpoint

OpenRemote before 1.25.0 contains an insecure direct object reference IDOR vulnerability in the bulk alarm deletion endpoint that allows authenticated users to permanently delete alarms belonging to other tenants by supplying arbitrary alarm IDs. The removeAlarms method in AlarmResourceImpl.java...

8.6CVSS6AI score0.00258EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/23 12:13 p.m.•9 views

CVE-2026-56762 Hono - Missing Cookie Name Validation in setCookie()

Hono before 4.12.12 does not validate cookie names on the write path in the setCookie, serialize, and serializeSigned functions, allowing invalid characters such as control characters e.g. \r or \n when an application passes a user-controlled cookie name. This can produce malformed Set-Cookie...

6.9CVSS5.9AI score0.00247EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/23 12:13 p.m.•5 views

CVE-2026-56701 Grav - XML External Entity Injection via SVG Upload

Grav before 2.0.0-beta.2 contains an XML external entity injection vulnerability in SVG file upload processing that allows authenticated attackers to read arbitrary files. The application uses simplexmlloadstring without disabling external entity loading, enabling attackers to inject XXE payloads...

7.1CVSS6AI score0.00233EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/23 12:13 p.m.•5 views

CVE-2026-56379 ImageMagick - Command Injection via SVG Decoder

ImageMagick before 7.1.2-15 and 6.9.13-40 contains a command injection vulnerability in the SVG decoder that allows attackers to inject arbitrary MVG drawing commands. Attackers can craft malicious SVG files with injected Magick Vector Graphics commands that execute during rendering...

9.2CVSS6.1AI score0.00895EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/23 12:13 p.m.•4 views

CVE-2026-56371 ImageMagick - Memory Leak in TXT File Processing via Texture Attribute

ImageMagick before 7.1.2-15 and 6.9.13-40 contains a memory leak in coders/txt.c when processing TXT files with texture attributes: the texture object allocated via ReadImage is not released when GetTypeMetrics fails, leaking memory each time a crafted TXT file with a texture attribute is process...

6.9CVSS5.8AI score0.00257EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/23 12:13 p.m.•7 views

CVE-2026-56376 ImageMagick - Heap Use-After-Free in Meta Coder

ImageMagick before 7.1.2-15 and 6.9.13-40 contains a heap use-after-free in the meta coder: when memory allocation fails, a single byte is written to a stale pointer. Remote attackers can trigger it by processing specially crafted image files, causing a denial of service...

6.3CVSS5.9AI score0.00184EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/23 12:13 p.m.•5 views

CVE-2026-56322 Capgo - Information Disclosure via Unauthenticated /updates defaultChannel Parameter

Capgo before 12.128.2 contains an information disclosure vulnerability in the unauthenticated /updates endpoint that resolves the defaultChannel parameter before enforcing privacy restrictions, allowing attackers to enumerate private channels and leak version/config state. Unauthenticated attacke...

8.7CVSS5.9AI score0.00334EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/23 12:13 p.m.•6 views

CVE-2026-56301 Nuxt - Arbitrary File Read via World-Connectable vite-node IPC Socket on Linux

Nuxt 4.0.0 before 4.4.7 and 3.18.0 before 3.21.7, when running the development server nuxt dev on Linux, binds the vite-node IPC server to an abstract-namespace Unix socket without permission restrictions, allowing local users to enumerate and connect. Unprivileged co-resident users can exploit t...

6.8CVSS6AI score0.00103EPSS
Exploits0References4
Vulnrichment
Vulnrichment
•added 2026/06/23 12:13 p.m.•5 views

CVE-2026-56315 picklescan - Remote Code Execution via Unblocked Standard Library Modules

picklescan before 1.0.4 fails to block at least seven Python standard library modules including uuid, osxsupport, aixsupport, pyrepl.pager, and imaplib exposing eight functions that provide direct arbitrary command execution. Attackers can craft malicious pickle files importing these unblocked...

9.8CVSS6.7AI score0.00757EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/23 12:13 p.m.•5 views

CVE-2026-56275 Flowise - Server-Side Request Forgery via Execute Flow Base URL

Flowise before 3.1.0 contains a server-side request forgery vulnerability in the Execute Flow node that allows attackers to bypass security validation by providing intranet addresses through the base URL field. Attackers can initiate HTTP requests to internal network addresses, access cloud...

6CVSS5.9AI score0.00183EPSS
Exploits1References2
Vulnrichment
Vulnrichment
•added 2026/06/23 12:13 p.m.•4 views

CVE-2026-56263 Crawl4AI - Stored Cross-Site Scripting in Monitor Dashboard

Crawl4AI before 0.8.7 contains a stored cross-site scripting vulnerability in the monitor dashboard that renders crawl URLs and error messages via innerHTML without escaping. An attacker can submit a crafted crawl request with malicious markup that executes in an operator's browser when viewing t...

6.1CVSS5.7AI score0.00195EPSS
Exploits0References3
Vulnrichment
Vulnrichment
•added 2026/06/23 12:13 p.m.•4 views

CVE-2026-56274 Flowise - Remote Code Execution via MCP Security Bypass in validateCommandFlags and validateArgsForLocalFileAccess

Flowise before 3.1.2 contains multiple OS command injection vulnerabilities in the Custom MCP Server feature due to incomplete command-flag validation and a regex bypass in local file access restrictions. An attacker with a Flowise account of any role, or API access with view/update permissions f...

9.9CVSS6.2AI score0.02683EPSS
Exploits1References2
Vulnrichment
Vulnrichment
•added 2026/06/23 12:12 p.m.•5 views

CVE-2026-56258 Crawl4AI - Arbitrary File Write via output_path Symlink and TOCTOU

Crawl4AI before 0.8.8 contains an arbitrary file write vulnerability in the screenshot and PDF endpoints that allows unauthenticated attackers to write files outside the intended directory via symlink and time-of-check-time-of-use TOCTOU attacks on the outputpath parameter. Remote attackers can...

9.2CVSS6.5AI score0.00656EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/23 12:12 p.m.•6 views

CVE-2026-56248 Capgo - Unauthenticated Denial-of-Service via audit_logs RLS Policy

Cap-go capgo capgo-backend before 12.128.12 contains an unauthenticated denial-of-service vulnerability arising from the auditlogs table's Row-Level Security RLS policy when accessed via the Supabase PostgREST API. Because the PostgreSQL query planner executes costly logic before RLS rejection,...

8.7CVSS5.9AI score0.00359EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/23 12:12 p.m.•7 views

CVE-2026-56243 Capgo - Hashed API Key Enforcement Bypass via PostgREST/RLS Plane

Capgo before 12.128.2 contains a security control bypass vulnerability where the PostgREST/RLS plane accepts plaintext API keys through the capgkey header despite enforcehashedapikeys being enabled. Attackers can bypass org-level hashed-key enforcement by sending plaintext API keys directly to th...

8.6CVSS5.9AI score0.00273EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/23 12:12 p.m.•6 views

CVE-2026-56234 Capgo - Password Spraying via Public-Key Accessible Credential Validation Endpoint

Capgo before 12.128.2 contains a credential validation vulnerability in the POST /functions/v1/private/validatepasswordcompliance endpoint that is callable using only the public Supabase key without authentication. The endpoint is CORS-permissive with wildcard origin allowance and lacks rate...

6.9CVSS5.9AI score0.00247EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/23 12:12 p.m.•5 views

CVE-2026-56225 Capgo - Authorization Bypass in API Key Management via App-Limited Keys

Capgo before 12.128.2 contains an authorization bypass vulnerability in its public API key management handlers get/put/delete/post. API keys created with mode=all but restricted to a single app via limitedtoapps are only checked for limitedtoorgs and not for limitedtoapps, so an app-scoped key ca...

8.7CVSS5.9AI score0.00292EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/23 12:12 p.m.•5 views

CVE-2026-56222 Capgo - Cross-Organization App Takeover via Mismatched org_id and app_id in /private/role_bindings

Capgo before 12.128.2 contains an authorization bypass vulnerability in POST /private/rolebindings that fails to verify appid ownership during app-scoped role binding creation. An attacker with administrative privileges in one organization can create role bindings targeting applications owned by...

8.6CVSS6AI score0.00356EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/23 12:12 p.m.•5 views

CVE-2025-71376 picklescan - Arbitrary Code Execution via Undetected idlelib.autocomplete.AutoComplete.fetch_completions

picklescan before 0.0.29 fails to detect malicious pickle files using idlelib.autocomplete.AutoComplete.fetchcompletions in reduce methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when loaded by victims...

8.1CVSS6.1AI score0.003EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/23 12:12 p.m.•5 views

CVE-2025-71370 picklescan - Remote Code Execution via torch.jit.unsupported_tensor_ops.execWrapper

picklescan before 0.0.28 fails to detect malicious torch.jit.unsupportedtensorops.execWrapper function calls embedded in pickle files. Attackers can craft malicious pickle files that bypass picklescan detection and execute arbitrary code when loaded via pickle.load...

8.1CVSS6.2AI score0.00379EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/23 12:12 p.m.•5 views

CVE-2025-71341 picklescan - Remote Code Execution via Undetected profile.Profile.runctx

picklescan before 0.0.29 fails to detect the profile.Profile.runctx function when analyzing pickle files, allowing attackers to embed undetected malicious code. Remote attackers can craft malicious pickle files using profile.Profile.runctx in the reduce method to achieve remote code execution whe...

8.1CVSS6.5AI score0.00466EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/23 12:12 p.m.•5 views

CVE-2025-71365 picklescan - Arbitrary Code Execution via numpy.f2py.crackfortran.myeval Detection Bypass

picklescan before 0.0.33 fails to detect malicious pickle files that invoke numpy.f2py.crackfortran.myeval function through the reduce method. Attackers can craft malicious pickle files embedding arbitrary code that evades picklescan detection and executes remote code when loaded...

8.1CVSS6.3AI score0.003EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/23 12:12 p.m.•5 views

CVE-2025-71337 Flowise - Unverified Email Change via Account Profile Endpoint

Flowise before 3.0.10 affected versions 3.0.7 and earlier contains an unverified email change vulnerability. An authenticated user can change the account email address, used as a login identifier and password-recovery channel, via the account profile endpoint without confirming the change to the...

8.7CVSS5.8AI score0.00296EPSS
Exploits1References2
Vulnrichment
Vulnrichment
•added 2026/06/23 12:12 p.m.•5 views

CVE-2023-54365 Traefik - Denial of Service via HTTP/2 Request Handling

Traefik before 2.10.5 and 3.0.0-beta4 is affected by a denial-of-service vulnerability in HTTP/2 request handling inherited from the Go standard library's HTTP/2 implementation CVE-2023-44487 / CVE-2023-39325, the 'Rapid Reset' technique. A remote attacker can rapidly create and cancel HTTP/2...

8.7CVSS5.9AI score0.00566EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/23 12:8 p.m.•7 views

CVE-2026-10711 RCE in Akınsoft's CafePlus

Missing authentication for critical function vulnerability in AKIN Software Computer Import Export Industry and Trade Ltd. CafePlus allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects CafePlus: from 12.05.03 before 12.05.04...

8.8CVSS5.9AI score0.00228EPSS
Exploits0References1
Total number of security vulnerabilities161701