Lucene search
K

395 matches found

EUVD
EUVD
added 2026/06/09 3:48 a.m.10 views

EUVD-2026-35322

In specific scenarios involving HTTP redirects from a secure to an insecure endpoint, the Reactor Netty HTTP client may leak credentials. In order for this to happen, the HTTP client must have been explicitly configured to follow redirects. Affected versions: Reactor Netty 1.0.0 through 1.0.51;...

6.1CVSS5.5AI score0.00172EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.18 views

Spring Reactor Netty 信任管理问题漏洞

VMware Reactor Netty is a product of the US company VMware, which provides non-blocking and backpressure-compliant TCP/HTTP/UDP/QUIC clients and servers based on the Netty framework. Security vulnerabilities exist in versions 1.0.0 to 1.0.51, 1.1.0 to 1.1.35, 1.2.0 to 1.2.17, and 1.3.0 to 1.3.5 o...

6.1CVSS5.8AI score0.00172EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/08 12:55 p.m.11 views

Important: Red Hat Security Advisory: RHTAS 1.3.5 - Red Hat Trusted Artifact Signer Release

The 1.3.5 release of Red Hat Trusted Artifact Signer OpenShift Operator. For more details please visit the product documentation at https://access.redhat.com/documentation/en-us/redhattrustedartifactsigner/1.3 The RHTAS Operator can be used with OpenShift Container Platform 4.16, 4.17, 4.18, 4.19...

9.8CVSS6.8AI score0.00651EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/08 12:54 p.m.17 views

Important: Red Hat Security Advisory: RHTAS 1.3.5 - Red Hat Trusted Artifact Signer Release

The 1.3.5 release of Red Hat Trusted Artifact Signer OpenShift Operator. For more details please visit the product documentation at https://access.redhat.com/documentation/en-us/redhattrustedartifactsigner/1.3 The RHTAS Operator can be used with OpenShift Container Platform 4.16, 4.17, 4.18, 4.19...

8.8CVSS7.2AI score0.00615EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2026/06/08 12:54 p.m.12 views

Important: Red Hat Security Advisory: RHTAS 1.3.5 - Red Hat Trusted Artifact Signer Release

The 1.3.5 release of Red Hat Trusted Artifact Signer OpenShift Operator. For more details please visit the product documentation at https://access.redhat.com/documentation/en-us/redhattrustedartifactsigner/1.3 The RHTAS Operator can be used with OpenShift Container Platform 4.16, 4.17, 4.18, 4.19...

9.8CVSS6.2AI score0.00651EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/08 12:34 p.m.15 views

Important: Red Hat Security Advisory: RHTAS 1.3.5 - Red Hat Trusted Artifact Signer Release

The 1.3.5 release of Red Hat Trusted Artifact Signer OpenShift Operator. For more details please visit the product documentation at https://access.redhat.com/documentation/en-us/redhattrustedartifactsigner/1.3 The RHTAS Operator can be used with OpenShift Container Platform 4.16, 4.17, 4.18, 4.19...

9.9CVSS6.1AI score0.01186EPSS
Exploits3References7
Cvelist
Cvelist
added 2026/06/01 9:30 p.m.58 views

CVE-2026-10294 PackageKit API pk-transaction.c g_file_test improper authorization

A vulnerability has been found in PackageKit up to 1.3.5. Affected is the function gfiletest of the file src/pk-transaction.c of the component API. Such manipulation of the argument frontend-socket leads to improper authorization. The attack can be executed remotely. The exploit has been disclose...

5.3CVSS0.00222EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2026/06/01 9:30 p.m.8 views

CVE-2026-10294

A vulnerability has been found in PackageKit up to 1.3.5. Affected is the function gfiletest of the file src/pk-transaction.c of the component API. Such manipulation of the argument frontend-socket leads to improper authorization. The attack can be executed remotely. The exploit has been disclose...

5.3CVSS5.5AI score0.00222EPSS
Exploits0
Cvelist
Cvelist
added 2026/05/27 1:48 p.m.42 views

CVE-2024-40684 IBM Operations Analytics - Log Analysis is affected by Weak Password Policy and Inadequate Account Lockout Mechanism

IBM Operations Analytics - Log Analysis 1.3.5.0, 1.3.5.1, 1.3.5.2, 1.3.5.3, 1.3.6.0, 1.3.6.1, 1.3.7.0, 1.3.7.1, 1.3.7.2, and 1.3.8.0, 1.3.8.1, 1.3.8.2, 1.3.8.3, 1.3.8.4 IBM SmartCloud Analytics - Log Analysis does not require that users should have strong passwords by default, which makes it easi...

5.9CVSS0.0036EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/26 1:6 a.m.8 views

CVE-2025-71310

The GDPR cookies module for Backdrop CMS before 1.x-1.3.5 doesn't sufficiently protect visitors from Cross Site Scripting XSS if a malicious value has been provided for the optional 'Info content' field for the YouTube service. This is mitigated by the fact that an attacker must have a role with...

1.8CVSS5.7AI score0.00264EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/25 12:0 a.m.11 views

Alibaba Cloud Linux 3 : 0127: PackageKit (ALINUX3-SA-2026:0127)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2026:0127 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-41651: PackageKit is a a D-Bus abstraction...

8.8CVSS6.1AI score0.0046EPSS
Exploits10References2
OSV
OSV
added 2026/05/20 7:15 p.m.7 views

MAL-2026-4195 Malicious code in instal (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 988f86dc0694b7d27a640809cef5d04ed431a36bb02bb02e69e20724a20db2b9 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

5.9AI score
Exploits0References1
GithubExploit
GithubExploit
added 2026/05/18 10:53 a.m.107 views

Exploit for OS Command Injection in Lfprojects Mlflow

Below is a structured, markdown-formatted vulnerability research...

9.6CVSS7.9AI score0.01328EPSS
Exploits2
Vulnrichment
Vulnrichment
added 2026/05/15 6:36 p.m.11 views

CVE-2021-47959 WordPress Plugin WPGraphQL 1.3.5 Denial of Service

WordPress Plugin WPGraphQL 1.3.5 contains a denial of service vulnerability that allows unauthenticated attackers to exhaust server resources by sending batched GraphQL queries with duplicated fields. Attackers can send POST requests to the GraphQL endpoint with amplified field duplication payloa...

8.7CVSS5.8AI score0.00451EPSS
Exploits0References3
Amazon
Amazon
added 2026/05/14 12:0 a.m.11 views

Important: PackageKit

Issue Overview: PackageKit is a a D-Bus abstraction layer that allows the user to manage packages in a secure way using a cross-distro, cross-architecture API. PackageKit between and including versions 1.0.2 and 1.3.4 is vulnerable to a time-of-check time-of-use TOCTOU race condition on transacti...

8.8CVSS6AI score0.0046EPSS
Exploits10
Positive Technologies
Positive Technologies
added 2026/05/03 12:0 a.m.18 views

PT-2026-36672

Name of the Vulnerable Software and Affected Versions crmeb java versions prior to 1.3.5 Description An unrestricted file upload issue exists within the Admin Upload component, specifically affecting the file crmeb/crmeb-service/src/main/java/com/zbkj/service/service/impl/UploadServiceImpl.java...

5.8CVSS5.8AI score0.00223EPSS
Exploits0References8
OSV
OSV
added 2026/04/28 12:0 a.m.4 views

OPENSUSE-SU-2026:10629-1 PackageKit-1.3.5-1.1 on GA media

These are all security issues fixed in the PackageKit-1.3.5-1.1 package on the GA media of openSUSE Tumbleweed...

8.8CVSS5.2AI score0.0046EPSS
Exploits10References1
GithubExploit
GithubExploit
added 2026/04/23 9:58 a.m.221 views

Exploit for CVE-2026-41651

Pack2TheRoot — CVE-2026-41651 TOCTOU race condition in Pack...

8.8CVSS6AI score0.0046EPSS
Exploits10
Cvelist
Cvelist
added 2026/04/22 1:11 p.m.37 views

CVE-2026-41651 PackageKit vulnerable to TOCTOU Race on Transaction Flags leads to arbitrary package installation as root

PackageKit is a a D-Bus abstraction layer that allows the user to manage packages in a secure way using a cross-distro, cross-architecture API. PackageKit between and including versions 1.0.2 and 1.3.4 is vulnerable to a time-of-check time-of-use TOCTOU race condition on transaction flags that...

8.8CVSS0.0046EPSS
Exploits10References5
EUVD
EUVD
added 2026/04/22 1:11 p.m.4 views

EUVD-2026-24742

PackageKit is a a D-Bus abstraction layer that allows the user to manage packages in a secure way using a cross-distro, cross-architecture API. PackageKit between and including versions 1.0.2 and 1.3.4 is vulnerable to a time-of-check time-of-use TOCTOU race condition on transaction flags that...

8.8CVSS6AI score0.0046EPSS
Exploits10References5
Rows per page
Query Builder