Lucene search
K

2960 matches found

OSV
OSV
added 2026/06/07 7:24 p.m.8 views

MINI-M8RJ-8QFC-4PHR

Bulletin has no description...

7.5CVSS5.2AI score0.00359EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/06/07 4:47 a.m.10 views

SUSE CVE-2026-11017

Inappropriate implementation in Link Preview in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.5AI score0.0027EPSS
Exploits0References2
NVD
NVD
added 2026/06/05 8:17 p.m.13 views

CVE-2026-46401

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions prior to 26.0.0 suffer from an improper session termination vulnerability where authentication tokens remain valid after user logout. This allows attackers who obtain valid tokens to maintain persistent access to...

5.3CVSS0.00311EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:22 p.m.10 views

CVE-2026-43991

JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, substring-based blocklist in plugin-shell's command-safety check could be bypassed by adversarial argument constructions, allowing unauthorized command execution on the host when combined with the companion...

8.4CVSS5.7AI score0.00171EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/03 1:16 p.m.40 views

CVE-2026-35193 Potential exposure of private data via missing Vary: Authorization in UpdateCacheMiddleware

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.middleware.cache.UpdateCacheMiddleware in Django does not add Authorization to the Vary response header for requests bearing that header without Cache-Control: public, which allows remote attackers to read private...

3.1CVSS0.00359EPSS
Exploits0References3
CVE
CVE
added 2026/06/02 6:32 p.m.89 views

CVE-2026-47265

AIOHTTP prior to 3.14.0 is vulnerable: cookies provided via the cookies parameter on per-request calls are sent after following a cross-origin redirect, which may leak sensitive data if an attacker can control the redirect. Version 3.14.0 patches the issue. As a workaround, using a Cookie header ...

8.7CVSS5.8AI score0.0015EPSS
Exploits0References2Affected Software1
Chainguard
Chainguard
added 2026/06/01 7:18 p.m.12 views

GHSA-X368-4G9H-FVV4 vulnerabilities

Vulnerabilities for packages: tritonserver-backend-vllm-cuda-13.0, py3-vllm-cuda-12.9...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/06/01 7:18 p.m.19 views

CVE-2026-44222 vulnerabilities

Vulnerabilities for packages: tritonserver-backend-vllm-cuda-13.0...

7.5CVSS5.8AI score0.00414EPSS
Exploits1
NVD
NVD
added 2026/05/29 1:16 p.m.24 views

CVE-2026-45043

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, improper validation in the PUT /rustfs/admin/v3/import-iam endpoint allows a user with ImportIAMAction to create service accounts under arbitrary parent identities, including the root user minioadmin. The endpoint...

9.3CVSS0.00226EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2026/05/29 12:0 a.m.70 views

📄 D-Link DSL2600U Password Disclosure

D-Link DSL2600U suffers from an administrative password disclosure vulnerability. Exploit Title: D-Link DSL2600U - 'rom-0' Admin Password Disclosure Date: 2026-05-02 Exploit Author: Amir Hossein Jamshidi Vendor Homepage: https://www.dlink.com Version: DSL-2600U Tested on: ubuntu CVE : N/A Firmwar...

5.8AI score
Exploits0
Cvelist
Cvelist
added 2026/05/28 10:25 p.m.40 views

CVE-2026-9996

Out of bounds read in WebRTC in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

0.00191EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.19 views

PT-2026-44782

These are all security issues fixed in the libsuricata8 0 5-8.0.5-1.1 package on the GA media of openSUSE Tumbleweed...

5.8AI score0.02219EPSS
Exploits0References16
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.22 views

PT-2026-44776

These are all security issues fixed in the libsuricata8 0 5-8.0.5-1.1 package on the GA media of openSUSE Tumbleweed...

5.8AI score0.02219EPSS
Exploits0References16
CVE
CVE
added 2026/05/27 2:54 p.m.47 views

CVE-2026-45022

CVE-2026-45022 affects the Go Git library, go-git, where prior to v5.19.0 and v6.0.0-alpha.3 it may parse malformed commit/tag objects differently from upstream Git. The decoded representation can expose values differently and the commit signing/verification may operate on reconstructed data rath...

7.5CVSS5.8AI score0.00159EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/05/26 4:49 p.m.3 views

CVE-2026-44680 MikroORM: SQL injection via runtime-controlled identifiers and JSON-path keys

MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Prior to @mikro-orm/knex 6.6.14 and @mikro-orm/sql 7.0.14, MikroORM's identifier-quoting helper Platform.quoteIdentifier and the postgres/mssql overrides and its JSON-path emitters...

7.6CVSS6.2AI score0.01252EPSS
Exploits2References7
Exploit DB
Exploit DB
added 2026/05/26 12:0 a.m.76 views

D-Link DSL2600U - 'rom-0' Admin Password Disclosure

Exploit Title: D-Link DSL2600U - 'rom-0' Admin Password Disclosure Date: 2026-05-02 Exploit Author: Amir Hossein Jamshidi Vendor Homepage: https://www.dlink.com Version: DSL-2600U Tested on: ubuntu CVE : N/A Firmware Version: v1.08 from routersploit.libs.lzs.lzs import LZSDecompress import reques...

5.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.17 views

PT-2026-42856

In OCaml-tar before 3.4.0, a crafted archive with ../ path segments in its name allows escaping the current working directory. This is not desired behavior, and tar1 rejects such extractions, but ocaml-tar decompresses it anyway. The impact is that it allows arbitrary file writes outside of the...

8.2CVSS5.4AI score0.00373EPSS
Exploits0References2
Debian
Debian
added 2026/05/20 6:59 p.m.23 views

[SECURITY] [DSA 6284-1] pdns security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6284-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 20, 2026 https://www.debian.org/security/faq -...

8.6CVSS5.8AI score0.00365EPSS
Exploits0
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in imagemagick

In the function SetImageExtent in /MagickCore/image.c, an incorrect image depth value can lead to a memory leak. This occurs because the code that checks for the correct image depth value does not reset the value if an invalid size is encountered. The patch resets the depth value to a valid one...

4.3CVSS6.7AI score0.00852EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in imagemagick

There are 4 locations in HistogramCompare in MagickCore/histogram.c where integer overflow is possible during simple mathematical calculations. This occurs with the rgb values and the count value for a color. The patch uses casts to the ssizet type for these calculations, rather than using int...

4.3CVSS6.6AI score0.01163EPSS
Exploits1References2
Rows per page
Query Builder