Lucene search
K

2960 matches found

Cvelist
Cvelist
added 5 days ago31 views

CVE-2026-57218 RabbitMQ: AMQP 0-9-1 in combination with OAuth 2: consumer persistence can lead to post-revocation message disclosure

RabbitMQ is a messaging and streaming broker. Prior to 4.2.6, RabbitMQ AMQP 0-9-1 allows an existing consumer to keep receiving messages after OAuth token expiry or connection.updatesecret refresh to reduced scopes because existing consumers are not canceled or reauthorized at delivery time after...

4.9CVSS0.00321EPSS
Exploits1References6
CVE
CVE
added 2026/07/08 2:16 p.m.8 views

CVE-2026-10698

CVE-2026-10698 is an Improper Neutralization of Special Elements in Data Query Logic vulnerability in Progress MOVEit Transfer, specifically affecting the Custom Reports module . Affected versions are MOVEit Transfer 2025.0.0–before 2025.0.8, 2025.1.0–before 2025.1.4, and 2026.0.0–before 2026.0.1...

7.2CVSS5.9AI score0.00442EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/07/07 10:17 a.m.3 views

PYSEC-2026-996 TensorFlow vulnerable to `CHECK`-fail in `tensorflow::full_type::SubstituteFromAttrs`

Impact When tensorflow::fulltype::SubstituteFromAttrs receives a FullTypeDef& t that is not exactly three args, it triggers a CHECK-fail instead of returning a status. cpp Status SubstituteForEachAttrMap& attrs, FullTypeDef& t DCHECKEQt.argssize, 3; const auto& cont = t.args0; const auto& tmpl =...

7.5CVSS7.1AI score0.00547EPSS
Exploits0References8
OSV
OSV
added 2026/07/06 8:16 p.m.12 views

DEBIAN-CVE-2026-41515

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.9.0 and prior to version 4.11.0, the RSA-OAEP decryption implementation in the NXP CAAM crypto driver uses...

3.3CVSS6AI score0.00094EPSS
Exploits0References1
Debian
Debian
added 2026/07/05 11:13 a.m.6 views

[SECURITY] [DSA 6379-1] bird3 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6379-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 05, 2026 https://www.debian.org/security/faq -...

5.9AI score
Exploits0
Photon
Photon
added 2026/07/04 12:0 a.m.5 views

Important Photon OS Security Update - PHSA-2026-4.0-1050

Updates of 'docker' packages of Photon OS have been released...

7.5CVSS5.9AI score0.00153EPSS
Exploits0
Debian
Debian
added 2026/06/28 2:13 p.m.13 views

[SECURITY] [DSA 6372-1] tor security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6372-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 28, 2026 https://www.debian.org/security/faq -...

5.8AI score
Exploits0
Fedora
Fedora
added 2026/06/26 1:14 a.m.12 views

[SECURITY] Fedora 43 Update: librabbitmq-0.16.0-1.fc43

This is a C-language AMQP client library for use with AMQP servers speaking protocol versions 0-9-1...

5.8AI score
Exploits0
Debian
Debian
added 2026/06/22 7:26 p.m.24 views

[SECURITY] [DSA 6361-1] ffmpeg security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6361-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 22, 2026 https://www.debian.org/security/faq -...

8.8CVSS6.1AI score0.00477EPSS
Exploits4
Cvelist
Cvelist
added 2026/06/18 8:52 p.m.25 views

CVE-2026-49454 Relyra SAML SignatureValue not cryptographically verified -> authentication bypass

Relyra is a strict-by-default SAML 2.0 Service Provider library for Elixir and Phoenix. Versions 1.0.0 and 1.1.0 accept forged SAML signatures because SignatureValue was not cryptographically verified before the library returned a successful authentication result. The XMLDSig trust boundary was...

9.1CVSS0.00135EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/18 5:57 p.m.66 views

Security Bulletin: MySQL 0-day exploit (CVE-2016-6662)

Question Security Bulletin: MySQL 0-day exploit CVE-2016-6662 "Business Unit":"code":"BU059","label":"IBM Software w/o TPS","Product":"code":"SS8NDZ","label":"IBM Aspera","Component":"","Platform":"code":"PF025","label":"Platform Independent","Version":"All Versions","Edition":"","Line of...

10CVSS8.4AI score0.6773EPSS
Exploits16Affected Software1
Debian
Debian
added 2026/06/15 8:30 p.m.12 views

[SECURITY] [DSA 6347-1] bird2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6347-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 15, 2026 https://www.debian.org/security/faq -...

5.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.12 views

GitLab 12.0 < 18.10.8 / 18.11 < 18.11.5 / 19.0 < 19.0.2 (CVE-2026-3553)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.0 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an...

3.1CVSS5.5AI score0.00236EPSS
Exploits0References5
Snyk
Snyk
added 2026/06/10 11:12 p.m.10 views

Out-of-bounds Write

Overview Magick.NET-Q16-HDRI-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

6.8CVSS5.5AI score0.00103EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/08 9:0 a.m.7 views

CVE-2026-11500

A vulnerability was identified in Weaviate up to 1.37.7. This vulnerability affects the function validateConfig of the file usecases/auth/authentication/apikey/client.go of the component Static API Key Handler. The manipulation of the argument StaticApiKey leads to authorization bypass. It is...

5CVSS4.9AI score0.00281EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/08 9:0 a.m.13 views

EUVD-2026-35034

A vulnerability was identified in Weaviate up to 1.37.7. This vulnerability affects the function validateConfig of the file usecases/auth/authentication/apikey/client.go of the component Static API Key Handler. The manipulation of the argument StaticApiKey leads to authorization bypass. It is...

5CVSS4.6AI score0.00281EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/08 9:0 a.m.45 views

CVE-2026-11500 Weaviate Static API Key client.go validateConfig authorization

A vulnerability was identified in Weaviate up to 1.37.7. This vulnerability affects the function validateConfig of the file usecases/auth/authentication/apikey/client.go of the component Static API Key Handler. The manipulation of the argument StaticApiKey leads to authorization bypass. It is...

5CVSS0.00281EPSS
Exploits0References8
CVE
CVE
added 2026/06/08 9:0 a.m.38 views

CVE-2026-11500

The CVE affects Weaviate up to version 1.37.7, specifically the Static API Key Handler’s validateConfig function in usecases/auth/authentication/apikey/client.go. The issue arises from manipulation of the StaticApiKey argument, enabling remote authorization bypass. The vulnerability has a publicl...

5CVSS4.9AI score0.00281EPSS
Exploits0References8
OSV
OSV
added 2026/06/08 9:0 a.m.2 views

CVE-2026-11500 Weaviate Static API Key client.go validateConfig authorization

A vulnerability was identified in Weaviate up to 1.37.7. This vulnerability affects the function validateConfig of the file usecases/auth/authentication/apikey/client.go of the component Static API Key Handler. The manipulation of the argument StaticApiKey leads to authorization bypass. It is...

2.3CVSS5AI score0.00281EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.19 views

PT-2026-47262

A vulnerability was identified in Weaviate up to 1.37.7. This vulnerability affects the function validateConfig of the file usecases/auth/authentication/apikey/client.go of the component Static API Key Handler. The manipulation of the argument StaticApiKey leads to authorization bypass. It is...

5CVSS4.9AI score0.00281EPSS
Exploits0References9
Rows per page
Query Builder