Lucene search
+L

11418 matches found

Cloud Foundry
Cloud Foundry
added 2026/04/06 12:0 a.m.10 views

CVE-2026-22734 - UAA SAML 2.0 Signature Bypass | Cloud Foundry

Severity 8.8 / High CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:N 8.6 / HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N Vendor CloudFoundry Foundation Description Cloud Foundry UAA versions v77.21.0 through v78.8.0 are vulnerable to a bypass that allows an attacker to obtain a...

8.6CVSS5.3AI score0.00364EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/02 9:55 p.m.3 views

Security Bulletin: IBM WebSphere Application Server Liberty is affected by server-side request forgery (CVE-2026-1561)

Summary IBM WebSphere Application Server Liberty is affected by server-side request forgery with the samlWeb-2.0 feature enabled. Vulnerability Details CVEID:CVE-2026-1561 DESCRIPTION: IBM WebSphere Application Server Liberty is vulnerable to server-side request forgery SSRF. This may allow remot...

5.4CVSS5.9AI score0.00284EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/01 8:53 p.m.6 views

Security Bulletin:IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by a vulnerability that could provide weaker than expected security (CVE-2025-14917)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by a vulnerability that could provide weaker than expected security when administering security settings with the appSecurity-1.0, appSecurity-2.0, appSecurity-3.0, appSecurity-4.0 or...

9.8CVSS5.9AI score0.00355EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/01 8:50 p.m.4 views

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by a server-side request forgery vulnerability (CVE-2026-1561)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by a server-side request forgery vulnerability with the samlWeb-2.0 feature enabled. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes secti...

5.4CVSS5.9AI score0.00284EPSS
Exploits0Affected Software1
vulnersOsv
vulnersOsv
added 2026/04/01 12:23 a.m.8 views

@tinacms/app (>=0.0.0-0a1049d-20260309051347 <=2.4.0), @tinacms/cli (>=0.0.0-0a1049d-20260309051347 <=2.2.0) +4 more potentially affected by CVE-2026-34603 via @tinacms/graphql (>=2.0.0 <=2.2.1)

@tinacms/graphql NPM version =2.0.0, =0.0.0-0a1049d-20260309051347, =0.0.0-0a1049d-20260309051347, =2.0.0, =0.0.0-0b7103c-20251216023146, =0.0.0-0a1049d-20260309051347, =0.0.0-0a1049d-20260309051347, =3.7.0 Source cves: CVE-2026-34603 Source advisory: SNYK:JS-TINACMSGRAPHQL-15870346...

8.3CVSS5.8AI score0.00408EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/04/01 12:0 a.m.3 views

CBL Mariner 2.0 Security Update: CBL-Mariner Releases (CVE-2026-33343)

The version of CBL-Mariner Releases installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-33343 advisory. - etcd is a distributed key-value store for the data of a distributed system. Prior to versions...

6.5CVSS6AI score0.0021EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/01 12:0 a.m.9 views

CBL Mariner 2.0 Security Update: CBL-Mariner Releases (CVE-2026-33413)

The version of CBL-Mariner Releases installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-33413 advisory. - etcd is a distributed key-value store for the data of a distributed system. Prior to versions...

8.8CVSS6AI score0.00249EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/03/29 12:0 a.m.11 views

CBL Mariner 2.0 Security Update: CBL-Mariner Releases (CVE-2025-69720)

The version of CBL-Mariner Releases installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-69720 advisory. - The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow...

9.8CVSS6.3AI score0.00414EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 2:56 p.m.4 views

CVE-2024-44722

SysAK v2.0 and before is vulnerable to command execution via aaa;cat /etc/passwd...

9.8CVSS6AI score0.00505EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/21 3:26 a.m.38 views

CVE-2026-2496 Ed's Font Awesome <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Ed's Font Awesome plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's edsfontawesome shortcode in all versions up to, and including, 2.0. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00243EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2026/03/18 6:31 p.m.18 views

appscanstandard-integration:ibm-security-appscanstandard-scanner (>=1.0 <=2.8), au.com.versent.jenkins.plugins:ignore-committer-strategy (>=55.v51410e712e0c <=57.v0756db_b_f6926) +668 more potentially affected by CVE-2026-33001 via org.jenkins-ci.main:jenkins-core (>=2.0 <=2.554)

org.jenkins-ci.main:jenkins-core MAVEN version =2.0, =1.0, =55.v51410e712e0c, =4.1.0.506.v619d63bec9d8, =66.v12c841920f7d, =109.v2c51a117a7b4, =1.155.v3d884c1bdee1, =1.281.v331e3f5a05a9, =4050.v8ba69b587c39, =4050.v8ba69b587c39, =1.0.5, =2.0.0, =2.0, =1.0.2, =1.0.0, =1.0.6 and more Source...

8.8CVSS7.5AI score0.01161EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/03/17 12:0 a.m.9 views

EulerOS 2.0 SP11 : haproxy (EulerOS-SA-2026-1580)

According to the versions of the haproxy package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Inefficient algorithm complexity in mjson in HAProxy allows remote attackers to cause a denial of service via specially crafted JSON...

7.5CVSS7.1AI score0.00524EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/03/16 12:0 a.m.5 views

EulerOS 2.0 SP12 : util-linux (EulerOS-SA-2026-1383)

According to the versions of the util-linux packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the...

6.1CVSS6AI score0.00179EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/03/16 12:0 a.m.8 views

EulerOS 2.0 SP12 : net-snmp (EulerOS-SA-2026-1375)

According to the versions of the net-snmp packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : net-snmp is a SNMP application library, tools and daemon. Prior to versions 5.9.5 and 5.10.pre2, a specially crafted packet to an net-snmp...

9.8CVSS6.1AI score0.4269EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2026/03/16 12:0 a.m.7 views

EulerOS 2.0 SP10 : libtasn1 (EulerOS-SA-2026-1343)

According to the versions of the libtasn1 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in...

7.5CVSS6.1AI score0.01109EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/03/16 12:0 a.m.5 views

EulerOS 2.0 SP10 : python-urllib3 (EulerOS-SA-2026-1322)

According to the versions of the python-urllib3 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by...

8.9CVSS6.5AI score0.02667EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/03/16 12:0 a.m.5 views

EulerOS 2.0 SP12 : python-ldap (EulerOS-SA-2026-1377)

According to the versions of the python-ldap packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, the sanitization method...

6.9CVSS5.9AI score0.00427EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2026/03/16 12:0 a.m.5 views

EulerOS 2.0 SP10 : libarchive (EulerOS-SA-2026-1340)

According to the versions of the libarchive package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : An issue was discovered in libarchive bsdtar before version 3.8.1 in function applysubstitution in file tar/subst.c when processing crafted -s...

5.5CVSS6.1AI score0.00157EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/03/16 12:0 a.m.31 views

EulerOS 2.0 SP10 : rsync (EulerOS-SA-2026-1349)

According to the versions of the rsync package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array...

4.3CVSS5.9AI score0.00319EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/03/16 12:0 a.m.9 views

EulerOS 2.0 SP11 : ruby (EulerOS-SA-2026-1593)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : URI is a module providing classes to handle Uniform Resource Identifiers. In versions prior to 0.12.5, 0.13.3, and 1.0.4, a bypass exists for the fi...

7.5CVSS6.5AI score0.0051EPSS
Exploits0References2
Rows per page
Query Builder