Lucene search
K

2849360 matches found

NVD
NVD
added yesterday5 views

CVE-2026-59195

pnpm is a package manager. Prior to 10.34.4 and 11.8.0, pnpm accepts package names from the env lockfile configDependencies section and uses those names directly when creating config dependency symlinks under nodemodules/.pnpm-config. A malicious repository can commit a crafted pnpm-lock.yaml who...

8.2CVSS
Exploits0References1
NVD
NVD
added yesterday5 views

CVE-2026-13122

OpenVPN version 2.6.0 through 2.6.20 and 2.7alpha1 through 2.7.4 allows remote attackers to cause a denial of service via a malformed authentication token that triggers a reachable assertion when external-auth is enabled...

5.9CVSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added yesterday35 views

Security Bulletin: IBM® Db2® is vulnerable to remote code execution due to improper pre-auth DRDA handshake handling (CVE-2026-10109)

Summary IBM® Db2® is vulnerable to remote code execution due to improper pre-auth DRDA handshake handling. Vulnerability Details CVEID:CVE-2026-10109 DESCRIPTION: IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to remote code execution due to improper pre-auth DRDA handshak...

9.8CVSS6.6AI score0.0086EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added yesterday21 views

CVE-2026-40140 High-Severity Pre-Authentication Vulnerability in BeyondTrust Remote Support and Privileged Remote Access

BeyondTrust Remote Support and Privileged Remote Access contain a high-severity pre-authentication vulnerability in the network communication subsystem. Insufficient validation of client-supplied input may allow an unauthenticated remote attacker to trigger a denial-of-service condition affecting...

8.7CVSS
Exploits0References1
CVE
CVE
added yesterday12 views

CVE-2026-40140

BeyondTrust Remote Support and Privileged Remote Access are affected by CVE-2026-40140, a pre-authentication vulnerability in the network communication subsystem. The issue stems from insufficient validation of client-supplied input, enabling an unauthenticated remote attacker to trigger a denial...

8.7CVSS6AI score
Exploits0References1
Circl
Circl
added yesterday8 views

CVE-2026-59195

creationtimestamp| type| source ---|---|--- 2026-07-06 16:13:06+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpyiac7bhz2h 2026-07-07 09:00:57+00:00| seen| https://bsky.app/profile/hugovalters.bsky.social/post/3mq2akkns5g2g...

8.2CVSS5.9AI score
Exploits0References2
EUVD
EUVD
added yesterday5 views

EUVD-2026-41887

A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support. Improper processing of authentication requests may allow an unauthenticated remote attacker to bypass access controls and gain unauthorized access to the appliance, including accounts...

9.2CVSS6AI score
Exploits0References1
EUVD
EUVD
added yesterday4 views

EUVD-2026-41886

A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support and Privileged Remote Access. Improper validation of authentication data may allow a network-positioned attacker to bypass access controls and gain unauthorized access to the appliance...

9.2CVSS6AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-40138

A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support and Privileged Remote Access. Improper validation of authentication data may allow a network-positioned attacker to bypass access controls and gain unauthorized access to the appliance...

9.2CVSS6AI score
Exploits0References2
Circl
Circl
added yesterday7 views

CVE-2026-13708

creationtimestamp| type| source ---|---|--- 2026-07-06 16:06:06+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpyhtqbcj22n 2026-07-06 16:57:46+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mpykq7ysww2t...

7.5CVSS5.9AI score
Exploits0References2
Circl
Circl
added yesterday7 views

CVE-2026-58203

creationtimestamp| type| source ---|---|--- 2026-07-06 16:04:02+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpyhq5g5xd27...

5.3CVSS5.9AI score
Exploits0References1
Circl
Circl
added yesterday6 views

CVE-2025-53827

creationtimestamp| type| source ---|---|--- 2026-07-06 16:02:09+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpyhmrqo542c 2026-07-06 17:24:05+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mpym7ct5ri23...

9.1CVSS5.9AI score
Exploits0References2
Circl
Circl
added yesterday6 views

CVE-2025-53830

creationtimestamp| type| source ---|---|--- 2026-07-06 16:00:22+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpyhjmgtvk2d 2026-07-06 16:24:04+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mpyity4fct2z...

9.1CVSS5.9AI score
Exploits0References2
Circl
Circl
added yesterday7 views

CVE-2026-59196

creationtimestamp| type| source ---|---|--- 2026-07-06 15:58:42+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpyhgmpw5b27...

7.1CVSS5.9AI score
Exploits0References1
Circl
Circl
added yesterday6 views

CVE-2026-5268

creationtimestamp| type| source ---|---|--- 2026-07-06 15:57:07+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpyhdrykfp22 2026-07-06 19:26:08+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mpyszhqb762x...

9.1CVSS5.9AI score
Exploits0References2
EUVD
EUVD
added yesterday4 views

EUVD-2026-41885

Untrusted Java Deserialization in Apache OpenNLP SvmDoccatModel Versions Affected: before 3.0.0-M4 libsvm document categorization module; introduced in OPENNLP-1808 and only present on the 3.x line Description: SvmDoccatModel.deserializeInputStream reads an attacker-controlled stream with...

7.3CVSS6.7AI score
Exploits0References1
OSV
OSV
added yesterday5 views

BIT-PYTHON-2026-4786 Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()

Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open" API could have commands injected into the underlying shell. See CVE-2026-4519 for details...

7.1CVSS5.8AI score0.0029EPSS
Exploits0References58
CVE
CVE
added yesterday9 views

CVE-2026-5268

Technical details about CVE-2026-5268 are not publicly provided in the supplied documents. No affected products, versions, root cause, or remediation are enumerated here. Monitor for updates and additional technical disclosures.

9.1CVSS6AI score
Exploits0References1
OSV
OSV
added yesterday6 views

BIT-LIBPYTHON-2026-12003 CPython >3.11 Insecure Input Validation resulting in privilege escalation

To allow builds of Python to be run from an in-tree layout rather than an installed file layout, the VPATH variable is defined at build time and used to locate certain landmarks - specifically, Modules/setup.local. When this landmark is found relative to VPATH relative to the executable, Python...

5.3CVSS5.4AI score0.00136EPSS
Exploits0References9
CVE
CVE
added yesterday8 views

CVE-2026-59195

CVE-2026-59195 affects pnpm prior to versions 10.34.4 and 11.8.0. The issue arises when pnpm reads package names from the env lockfile’s configDependencies section and uses those names directly to create config dependency symlinks under node_modules/.pnpm-config. A crafted pnpm-lock.yaml with a t...

8.2CVSS6AI score
Exploits0References1
Rows per page
Query Builder