Lucene search
K

1305 matches found

CVE
CVE
added 2026/06/22 2:31 p.m.8 views

CVE-2023-33854

IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data are affected (versions 4.8, 5.0, 5.1, 5.2, 5.3). The issue allows an authenticated user to bypass client-side validation and manipulate input data via man-in-the-middle techniques. Underlying impact is HIGH for integrity, with ...

5.3CVSS5.9AI score0.00188EPSS
Exploits0References1Affected Software2
EUVD
EUVD
added 2026/06/22 1:15 p.m.6 views

EUVD-2024-55643

IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8,5.0,5.1,5.2,5.3 could allow an authenticated user to cause a denial of service when creating new databases due to improper allocation of resources...

6.5CVSS5.9AI score0.0024EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 3:51 a.m.15 views

EUVD-2026-35340

A vulnerability in Spring Expression Language SpEL evaluation logic allows for arbitrary zero-argument method invocation, even within restricted or read-only contexts, which may allow an attacker to invoke unintended application logic. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2....

3.7CVSS5.6AI score0.00164EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 3:51 a.m.16 views

EUVD-2026-35338

Applications that evaluate user-supplied Spring Expression Language SpEL expressions are vulnerable to an Algorithmic Denial of Service DoS. By providing a specially crafted expression, an attacker can trigger excessive resource consumption during evaluation, leading to application degradation or...

7.5CVSS5.5AI score0.0036EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 3:49 a.m.47 views

CVE-2026-41838 Spring Framework Predictable Session ID in WebSocket Module

IDs for WebSocket sessions in the spring-websocket module are not cryptographically unpredictable, which may be possible to exploit in combination with inadequate authorization rules. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 throug...

4.8CVSS0.00171EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.18 views

PT-2026-47655

Name of the Vulnerable Software and Affected Versions Spring Framework versions 7.0.0 through 7.0.7 Spring Framework versions 6.2.0 through 6.2.18 Spring Framework versions 6.1.0 through 6.1.27 Spring Framework versions 5.3.0 through 5.3.48 Description A Spring MVC or Spring WebFlux application...

6.1CVSS5.4AI score0.00134EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/06/05 7:21 p.m.10 views

CVE-2026-3120

Improper Control of Generation of Code 'Code Injection' vulnerability in Profelis Information and Consulting Trade and Industry Limited Company SambaBox allows OS Command Injection. This issue affects SambaBox: from 5.1 before 5.3...

7.2CVSS5.5AI score0.01182EPSS
Exploits0References1
OSV
OSV
added 2026/05/26 11:56 p.m.6 views

GHSA-9HX7-C53C-V6X8 Kirby CMS has pre-authentication path traversal and PHP file inclusion during user lookup

TL;DR This vulnerability affects all Kirby sites on Kirby 5.3.0-5.4.0 and is independent from setup conditions and authentication. This vulnerability is of high severity for all Kirby sites. ---- Introduction Path traversal is a type of attack that allows to access arbitrary filesystem paths. By...

8.8CVSS6AI score0.00173EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.11 views

PT-2026-37726

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows...

5.3CVSS5.8AI score0.02877EPSS
Exploits0References8
NVD
NVD
added 2026/05/04 12:16 p.m.13 views

CVE-2026-3120

Improper Control of Generation of Code 'Code Injection' vulnerability in Profelis Information and Consulting Trade and Industry Limited Company SambaBox allows OS Command Injection. This issue affects SambaBox: from 5.1 before 5.3...

7.2CVSS0.01182EPSS
Exploits0References2
CVE
CVE
added 2026/05/04 11:53 a.m.25 views

CVE-2026-3120

Affected product: SambaBox (Profelis Information and Consulting) – versions 5.1 up to 5.3 (exclusive). Issue: Improper control of code generation leading to OS command injection. This is a network-vector vulnerability with no user interaction, potentially enabling remote command execution; CVSSv3...

7.2CVSS5.8AI score0.01182EPSS
Exploits0References2
OSV
OSV
added 2026/03/20 12:31 a.m.3 views

GHSA-6HCQ-HMM3-JJ3C Spring MVC and WebFlux has Server Sent Event stream corruption

Spring MVC and WebFlux applications are vulnerable to stream corruption when using Server-Sent Events SSE. This issue affects Spring Foundation: from 7.0.0 through 7.0.5, from 6.2.0 through 6.2.16, from 6.1.0 through 6.1.25, from 5.3.0 through 5.3.46...

2.6CVSS5.9AI score0.00112EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/02 11:21 a.m.7 views

Security Bulletin: Multiple Vulnerabilities affect IBM Decision Optimization for Cloud Pak for Data.

Summary Multiple Vulnerabilities were addressed in IBM Decision Optimization for Cloud Pak for Data version 5.3 Vulnerability Details CVEID:CVE-2025-65945 DESCRIPTION: auth0/node-jws is a JSON Web Signature implementation for Node.js. In versions 3.2.2 and earlier and version 4.0.0, auth0/node-jw...

8.2CVSS6.3AI score0.00743EPSS
Exploits5Affected Software1
vulnersOsv
vulnersOsv
added 2026/02/27 3:21 a.m.8 views

com.github.psi-probe:psi-probe-tomcat10 (>=5.0.0 <=5.3.0), com.github.psi-probe:psi-probe-tomcat11 (>=5.0.0 <=5.3.0) +5 more potentially affected by CVE-2026-3268 via com.github.psi-probe:psi-probe-core (>=3.0.0 <=5.3.0)

com.github.psi-probe:psi-probe-core MAVEN version =3.0.0, =5.0.0, =5.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =5.3.0 Source cves: CVE-2026-3268 Source advisory: SNYK:JAVA-COMGITHUBPSIPROBE-15369740...

5.5CVSS6AI score0.00226EPSS
Exploits1
SUSE Linux
SUSE Linux
added 2026/01/22 12:18 p.m.6 views

Security update for libsodium

This update for libsodium fixes the following issues: CVE-2025-15444: fixed cryptographic bypass via improper elliptic curve point validation bsc1256070. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

6.8CVSS5.5AI score0.00228EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2026/01/13 9:48 p.m.11 views

afipcaeqrdecode (=0.0.15), afw (>=0.0.6 <=0.0.21) +208 more potentially affected by CVE-2026-23949 via jaraco-context (>=5.3.0 <=6.0.2)

jaraco-context PYPI version =5.3.0, =0.0.6, =0.1.0, =0.1.23, =0.0.1, =0.9.5, =1.0.5, =0.1.6, =0.1.0, =0.0.2, =0.1.2, =1.0.1, =1.0.1.9 - azvaultcopy =1.0.0b1 and more Source cves: CVE-2026-23949 Source advisory: OSV:GHSA-58PV-8J8X-9VJ2...

8.6CVSS7.2AI score0.00527EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/01/09 10:15 a.m.14 views

CVE-2019-2704

Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite subcomponent: IPS Package Manager. The supported version that is affected is 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Solaris. Successfu...

5.3CVSS5.2AI score0.01366EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/06 11:22 a.m.6 views

Security Bulletin: Due to crypto.js in IBM WebSphere Application Server Liberty, IBM Operations Analytics - Log Analysis is affected by weaker than expected security

Summary crypto.js in IBM WebSphere Application Server Liberty is used by IBM Operations Analytics - Log Analysis is use to generate random numbers necessary for cryptographic operations. CVE-2020-36732. Vulnerability Details CVEID:CVE-2020-36732 DESCRIPTION: The crypto-js package before 3.2.1 for...

5.3CVSS6.6AI score0.01075EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.9 views

WordPress tagDiv Composer plugin <= 5.3 - Reflected Cross-Site Scripting via 'data' vulnerability

Reflected Cross-Site Scripting via 'data' vulnerability discovered by Truoc Phan - Techlab Corporation in WordPress Plugin tagDiv Composer versions = 5.3...

6.1CVSS5.4AI score0.00277EPSS
Exploits0References1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/17 2:25 p.m.7 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an arbitrary code execution in Python-Future [CVE-2025-50817]

Summary IBM Watson Speech Services Cartridge is vulnerable to an arbitrary code execution in Python-Future, due to the unintended import of a file named test.py. CVE-2025-50817. Python-Future is used in our service runtimes. This vulnerabilitiy has been addressed. Please read the details for...

5.4CVSS7.9AI score0.00271EPSS
Exploits0Affected Software1
Rows per page
Query Builder