Lucene search
+L

706 matches found

OSV
OSV
added 2026/04/20 12:32 p.m.5 views

GHSA-5PV2-86QJ-5JF9 Cockpit has NoSQL Injection Through Content Aggregation Pipelines

A vulnerability was detected in Cockpit-HQ Cockpit up to 2.13.5. Affected by this issue is some unknown functionality of the component Asset Handler/Aggregate Handler. The manipulation results in improper neutralization of special elements in data query logic. It is possible to launch the attack...

6.3CVSS6.2AI score0.00232EPSS
Exploits0References6
Packet Storm News
Packet Storm News
added 2026/04/17 12:0 a.m.6 views

Modeling Sparse and Bursty Vulnerability Sightings: Forecasting under Data Constraints

Understanding and anticipating vulnerability-related activity is a major challenge in cyber threat intelligence. This work investigates whether vulnerability sightings, such as proof-of-concept releases, detection templates, or online discussions, can be forecast over time. Building on our earlie...

5.8AI score
Exploits0
hivepro
hivepro
added 2026/04/13 5:49 a.m.3 views

What Is CAASM? Cyber Asset Attack Surface Management Explained

Your security team runs scans from five different tools. Each one gives you a different number of assets, a different count of vulnerabilities, and a different view of your risk. Meanwhile, your CMDB is outdated, shadow IT keeps expanding, and nobody can confidently answer a basic question: "What...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/13 12:0 a.m.7 views

DeepGuard Secure Code Generation

Large Language Models LLMs for code generation can replicate insecure patterns from their training data. To mitigate this, a common strategy for security hardening is to fine-tune models using supervision derived from the final transformer layer. However, this design may suffer from a final-layer...

5.9AI score
Exploits0
NVD
NVD
added 2026/04/07 9:17 p.m.10 views

CVE-2026-29181

OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.36.0 to 1.40.0, multi-value baggage: header extraction parses each header field-value independently and aggregates members across values. This allows an attacker to amplify cpu and allocations by sending many baggage: header lines...

7.5CVSS0.00435EPSS
Exploits1References5
Debian CVE
Debian CVE
added 2026/04/07 8:29 p.m.21 views

CVE-2026-29181

OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.36.0 to 1.40.0, multi-value baggage: header extraction parses each header field-value independently and aggregates members across values. This allows an attacker to amplify cpu and allocations by sending many baggage: header lines...

7.5CVSS5.2AI score0.00435EPSS
Exploits1
OSV
OSV
added 2026/04/06 7:54 a.m.4 views

BIT-MONGODB-2026-4358 Memory safety issues in slot-based execution hash table spill

A specially crafted aggregation query with $lookup by an authenticated user with write privileges can cause a double-free or use-after-free memory issue in the slot-based execution SBE engine when an in-memory hash table is spilled to disk...

7.5CVSS6AI score0.00342EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/03/26 3:5 p.m.4 views

CVE-2026-31891

Cockpit is a headless content management system. Any Cockpit CMS instance running version 2.13.4 or earlier with API access enabled is potentially affected by a a SQL Injection vulnerability in the MongoLite Aggregation Optimizer. Any deployment where the /api/content/aggregate/model endpoint is...

7.7CVSS5.9AI score0.00397EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:2 p.m.4 views

CVE-2026-32306

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.23, the telemetry aggregation API accepts user-controlled aggregationType, aggregateColumnName, and aggregationTimestampColumnName parameters and interpolates them directly into ClickHouse SQL queries via the .appe...

9.9CVSS6.7AI score0.00603EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 2:58 p.m.6 views

CVE-2026-22322

A stored cross‑site scripting XSS vulnerability in the Link Aggregation configuration interface allows an unauthenticated remote attacker to create a trunk entry containing malicious HTML/JavaScript code. When the affected page is viewed, the injected script executes in the context of the victim’...

7.1CVSS5.8AI score0.00253EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 2:57 p.m.9 views

CVE-2026-22323

A CSRF vulnerability in the Link Aggregation configuration interface allows an unauthenticated remote attacker to trick authenticated users into sending unauthorized POST requests to the device by luring them to a malicious webpage. This can silently alter the device’s configuration without the...

7.1CVSS5.9AI score0.00178EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/03/20 12:0 a.m.4 views

Cockpit < 2.13.5 SQLi (GHSA-7x5c-vfhj-9628)

The version of Cockpit CMS running on the remote web server is prior to 2.13.5. It is, therefore, affected by a SQL injection vulnerability in the MongoLite Aggregation Optimizer. - An unsanitized field name in the toJsonExtractRaw method in lib/MongoLite/Aggregation/Optimizer.php allows an...

7.7CVSS6.1AI score0.00397EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/03/19 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-31891

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cockpit is a headless content management system. Any Cockpit CMS instance running version 2.13.4 or earlier with API access enabled is potentially affected by a...

7.7CVSS5.9AI score0.00397EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/03/19 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-4148

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A use-after-free vulnerability can be triggered in sharded clusters by an authenticated user with the read role who issues a specially crafted $lookup or...

8.8CVSS5.8AI score0.00323EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/03/19 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-4358

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A specially crafted aggregation query with $lookup by an authenticated user with write privileges can cause a double-free or use-after-free memory issue in the...

7.5CVSS6.1AI score0.00342EPSS
Exploits1References2
EUVD
EUVD
added 2026/03/18 9:30 a.m.7 views

EUVD-2026-12794

A CSRF vulnerability in the Link Aggregation configuration interface allows an unauthenticated remote attacker to trick authenticated users into sending unauthorized POST requests to the device by luring them to a malicious webpage. This can silently alter the device’s configuration without the...

7.1CVSS5.9AI score0.00178EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/18 9:30 a.m.5 views

EUVD-2026-12791

A stored cross‑site scripting XSS vulnerability in the Link Aggregation configuration interface allows an unauthenticated remote attacker to create a trunk entry containing malicious HTML/JavaScript code. When the affected page is viewed, the injected script executes in the context of the victim’...

7.1CVSS5.8AI score0.00253EPSS
Exploits0References2
NVD
NVD
added 2026/03/18 8:16 a.m.14 views

CVE-2026-22323

A CSRF vulnerability in the Link Aggregation configuration interface allows an unauthenticated remote attacker to trick authenticated users into sending unauthorized POST requests to the device by luring them to a malicious webpage. This can silently alter the device’s configuration without the...

7.1CVSS0.00178EPSS
Exploits0References1
NVD
NVD
added 2026/03/18 8:16 a.m.13 views

CVE-2026-22322

A stored cross‑site scripting XSS vulnerability in the Link Aggregation configuration interface allows an unauthenticated remote attacker to create a trunk entry containing malicious HTML/JavaScript code. When the affected page is viewed, the injected script executes in the context of the victim’...

7.1CVSS0.00253EPSS
Exploits0References1
CVE
CVE
added 2026/03/18 7:35 a.m.14 views

CVE-2026-22323

CVE-2026-22323 describes a CSRF flaw in the Link Aggregation configuration interface. An unauthenticated attacker can lure authenticated users to a malicious page to cause unauthorized POSTs, silently altering device configuration. Availability impact is low because the device auto-recovers after...

7.1CVSS5.9AI score0.00178EPSS
Exploits0References1
Rows per page
Query Builder