Lucene search
+L

362 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.26 views

EulerOS Virtualization 2.13.0 : avahi (EulerOS-SA-2026-2394)

According to the versions of the avahi packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. Prior to version 0.9-rc...

6.5CVSS5.4AI score0.00252EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/06/09 3:41 a.m.36 views

CVE-2026-8940 WP Meta Sort Posts <= 0.9 - Cross-Site Request Forgery to Plugin Settings Update

The WP Meta Sort Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9. This is due to missing or incorrect nonce validation on the top-level included script in msp-options.php. This makes it possible for unauthenticated attackers to chan...

4.3CVSS0.00128EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2026/06/01 10:29 a.m.6 views

org.apache.fluss:fluss-dist (=0.8.0-incubating), org.apache.fluss:fluss-docgen (=0.9.0-incubating) +21 more potentially affected by CVE-2026-49361 via org.apache.fluss:fluss-common (>=0.8.0-incubating <=0.9.0-incubating)

org.apache.fluss:fluss-common MAVEN version =0.8.0-incubating, =0.8.0-incubating, =0.8.0-incubating, =0.8.0-incubating, =0.8.0-incubating, =0.8.0-incubating, =0.8.0-incubating, =0.8.0-incubating, =0.8.0-incubating, =0.8.0-incubating, =0.8.0-incubating, =0.8.0-incubating, =0.8.0-incubating,...

7.5CVSS5.5AI score0.0058EPSS
Exploits0
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in unoconv

The unoconv package before version 0.9 mishandles untrusted pathnames, resulting in SSRF and local file inclusions...

7.5CVSS7.1AI score0.01927EPSS
Exploits1References2
OSV
OSV
added 2026/05/15 7:48 p.m.4 views

CVE-2026-44555 Open WebUI: Base Model Routing Bypasses Access Control via Model Chaining

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, Open WebUI supports model composition via basemodelid: a user-defined model e.g., "Cheap Assistant" can reference an existing base model e.g., "gpt-4-turbo-restricted" that provides...

7.6CVSS6AI score0.00248EPSS
Exploits1References3
OSV
OSV
added 2026/05/05 6:46 p.m.6 views

GHSA-4V58-8P28-2RQ3 awslabs/tough is Missing Delegated Metadata Validation

Summary Missing expiration, hash, and length enforcement in delegated metadata validation in awslabs/tough before tough-v0.22.0 allows remote authenticated users with delegated signing authority to bypass TUF specification integrity checks for delegated targets metadata and poison the local...

7.1CVSS5.9AI score0.00246EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/04/30 10:45 p.m.5 views

CVE-2026-7508 Bootstrap CMS Page Creation show.blade.php code injection

A vulnerability was found in Bootstrap CMS 0.9.0-alpha. Affected is an unknown function of the file resources/views/pages/show.blade.php of the component Page Creation Handler. Performing a manipulation of the argument body results in code injection. Remote exploitation of the attack is possible...

6.5CVSS6.3AI score0.00233EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/04/30 1:58 p.m.9 views

tomcat: security constraint bypass with HTTP/0.9

A flaw was found in Tomcat. An improper input validation vulnerability allows an attacker to bypass security constraints. Specifically, if a security constraint is configured to permit HEAD requests to a URI but deny GET requests, a malformed or specification invalid HEAD request using the HTTP/0...

6.5CVSS7.2AI score0.00494EPSS
Exploits0References5
OSV
OSV
added 2026/04/17 1:3 p.m.13 views

OESA-2026-1986 avahi security update

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. This enables you to plug your laptop or computer into a network and instantly be able to view other people who you can chat with, find printers to print to or find files being shared...

5.5CVSS5.7AI score0.00203EPSS
Exploits1References2
OSV
OSV
added 2026/04/11 2:3 p.m.4 views

OESA-2026-1854 avahi security update

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. This enables you to plug your laptop or computer into a network and instantly be able to view other people who you can chat with, find printers to print to or find files being shared...

5.5CVSS5.7AI score0.00203EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/04/05 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-34933

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. Prior to version 0.9-rc4, any unprivileged local us...

5.5CVSS5.9AI score0.00203EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2026/04/03 11:17 p.m.8 views

CVE-2026-34933

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. Prior to version 0.9-rc4, any unprivileged local user can crash avahi-daemon by sending a single D-Bus method call with conflicting publish flags. This issue has been patched in version...

5.5CVSS5.8AI score0.00203EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/04/03 10:43 p.m.25 views

CVE-2026-34933 Avahi: Reachable assertion in `transport_flags_from_domain()` via conflicting publish flags crashes avahi-daemon

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. Prior to version 0.9-rc4, any unprivileged local user can crash avahi-daemon by sending a single D-Bus method call with conflicting publish flags. This issue has been patched in version...

5.5CVSS5.8AI score0.00203EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/04/03 10:43 p.m.18 views

CVE-2026-34933 Avahi: Reachable assertion in `transport_flags_from_domain()` via conflicting publish flags crashes avahi-daemon

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. Prior to version 0.9-rc4, any unprivileged local user can crash avahi-daemon by sending a single D-Bus method call with conflicting publish flags. This issue has been patched in version...

5.5CVSS0.00203EPSS
Exploits1References3
EUVD
EUVD
added 2026/04/03 10:43 p.m.8 views

EUVD-2026-18910

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. Prior to version 0.9-rc4, any unprivileged local user can crash avahi-daemon by sending a single D-Bus method call with conflicting publish flags. This issue has been patched in version...

5.5CVSS5.8AI score0.00203EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/04/03 12:0 a.m.13 views

PT-2026-30270

Name of the Vulnerable Software and Affected Versions Avahi versions prior to 0.9-rc4 Description Avahi, a system for local network service discovery using mDNS/DNS-SD, is susceptible to a denial-of-service condition. An unprivileged local user can terminate the avahi-daemon process by sending a...

5.5CVSS5.8AI score0.00203EPSS
Exploits1References41
OSV
OSV
added 2026/04/01 9:31 a.m.10 views

CLEANSTART-2026-FN44356 Security fixes for CVE-2022-29526, CVE-2025-47907, CVE-2025-61726, CVE-2025-61728, CVE-2025-61730, CVE-2025-68121, CVE-2026-24515, CVE-2026-25210, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142 applied in versions: 0.10-r0, 0.11-r0, 0.9-r0, 0.9-r1, 0.9-r2

Multiple security vulnerabilities affect the druid-exporter-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

10CVSS6.9AI score0.02593EPSS
Exploits3References23
OSV
OSV
added 2026/03/20 2:24 p.m.7 views

OESA-2026-1651 tomcat security update

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Security Fixes: Improper Input Validation...

9.1CVSS5.7AI score0.00498EPSS
Exploits0References4
OSV
OSV
added 2026/03/19 10:26 a.m.9 views

SUSE-SU-2026:0932-1 Security update for tomcat

This update for tomcat fixes the following issues: Update to Tomcat 9.0.115: - CVE-2025-66614: client certificate verification bypass due to virtual host mapping bsc1258371. - CVE-2026-24733: improper input validation on HTTP/0.9 requests bsc1258385. - CVE-2026-24734: certificate revocation bypas...

9.1CVSS7.4AI score0.00498EPSS
Exploits0References7
OSV
OSV
added 2026/03/18 9:15 a.m.4 views

SUSE-SU-2026:0922-1 Security update for tomcat

This update for tomcat fixes the following issues: - CVE-2026-24733: improper input validation on HTTP/0.9 requests bsc1258385...

6.5CVSS5.8AI score0.00494EPSS
Exploits0References3
Rows per page
Query Builder