Lucene search
+L

11418 matches found

EUVD
EUVD
added 2026/05/25 8:20 p.m.14 views

EUVD-2026-31738

Apache Shiro’s Jakarta EE module used the HTTP Referer header in certain cases to issue redirect after a user login. In affected versions, insufficient validation of this client-controlled value could allow an attacker to influence the redirect target in applications using the Jakarta EE module...

5.8AI score0.00352EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/05/25 8:20 p.m.17 views

CVE-2026-48589

Apache Shiro’s Jakarta EE module used the HTTP Referer header in certain cases to issue redirect after a user login. In affected versions, insufficient validation of this client-controlled value could allow an attacker to influence the redirect target in applications using the Jakarta EE module...

5.4CVSS5.8AI score0.00352EPSS
Exploits0
CVE
CVE
added 2026/05/25 2:15 p.m.28 views

CVE-2018-25378

Notebook Pro 2.0 is affected by a local denial-of-service vulnerability in the New Notebook Name field. An attacker can crash the application by supplying a string of 500+ characters, e.g., via a crafted text file pasted into the name field and attempting to create/save the notebook. The vulnerab...

6.9CVSS5.8AI score0.00136EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.17 views

Apache Shiro 安全漏洞

Apache Shiro is a set of Java security frameworks for performing authentication, authorization, encryption, and session management from the Apache Foundation USA. A security vulnerability exists in Apache Shiro versions 2.0-alpha through 2.2.0 and 3.0.0-alpha-1, which stems from insufficient...

5.4CVSS5.8AI score0.00352EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.9 views

Unity Linux 20.1070e Security Update: wildfly-core (UTSA-2026-016736)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016736 advisory. Apache Log4j2 2.0-beta9 through 2.15.0 excluding security releases 2.12.2, 2.12.3, and 2.3.1 JNDI features used in configuration, log messages, and parameters do not...

10CVSS7.3AI score0.99999EPSS
Exploits355References4
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.9 views

Unity Linux 20.1070e Security Update: netty (UTSA-2026-016700)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016700 advisory. Apache Log4j2 versions 2.0-alpha1 through 2.16.0 excluding 2.12.3 and 2.3.1 did not protect from uncontrolled recursion from self-referential lookups. This allows an...

5.9CVSS7AI score0.99999EPSS
Exploits21References4
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.7 views

Unity Linux 20.1070e Security Update: netty (UTSA-2026-016738)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016738 advisory. Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack when a...

8.5CVSS7.7AI score0.97906EPSS
Exploits9References4
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.10 views

Unity Linux 20.1070e Security Update: infinispan (UTSA-2026-016719)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016719 advisory. Apache Log4j2 versions 2.0-alpha1 through 2.16.0 excluding 2.12.3 and 2.3.1 did not protect from uncontrolled recursion from self-referential lookups. This allows an...

5.9CVSS7AI score0.99999EPSS
Exploits21References4
Cvelist
Cvelist
added 2026/05/21 9:20 p.m.33 views

CVE-2026-7887 For Concrete CMS 9.5.0 and below, OAuth 2.0 Authorization-Code Handler Bypasses Account Status

For Concrete CMS 9.5.0 and below, OAuth 2.0 Authorization-Code Handler Bypasses Account Status. A user with uIsActive=0 suspended, banned, terminated employee can still authenticate via OAuth and receive valid API tokens. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score o...

2.3CVSS0.00172EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in gtk+3.0, gtk+2.0

A flaw was discovered in the GTK library. Under certain conditions, it is possible for a library to be injected into a GTK application from the current working directory...

7CVSS7.1AI score0.00464EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/05/18 9:0 p.m.8 views

@agentscope-ai/chat (>=1.1.43 <=1.1.68-beta.1780902884191), @ant-design/charts (>=2.2.2 <=2.6.7) +72 more potentially affected by unknown CVE via @antv/g-svg (>=2.0.0 <=2.1.1)

@antv/g-svg NPM version =2.0.0, =1.1.43, =2.2.2, =2.0.0, =1.0.0, =1.1.0, =2.0.0, =2.0.0, =0.1.6, =0.1.0, =0.1.0, =1.2.0, =2.0.28, =0.0.18, =0.0.23 and more Source cves: unknown CVE Source advisory: SNYK:JS-ANTVGSVG-16754949...

5.7AI score
Exploits0
OSV
OSV
added 2026/05/13 12:0 p.m.17 views

MAL-2026-3715 Malicious code in solc-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2016baa4fe29c296464b8381f88440457a113d79e2773d2252eb609a15ea2e03 package.json's postinstall lifecycle script runs node -e to base64-decode a hidden URL and pipe its contents to bash: curl -s...

5.9AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/10 12:0 a.m.21 views

PT-2026-39460

A vulnerability was found in Dotouch XproUPF 2.0.0-release-088aa7c4. This impacts the function vlib worker loop in the library /usr/xpro/upf/tools/libs/libvlib.so of the component UPF Process. The manipulation results in denial of service. The vendor was contacted early about this disclosure...

5.1CVSS5.6AI score0.0019EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/08 1:38 p.m.38 views

CVE-2026-39816 Apache NiFi: Missing Execute Code Required Permission on TinkerpopClientService

The optional extension component TinkerpopClientService is missing the Restricted annotation with the Execute Code Required Permission in Apache NiFi 2.0.0-M1 through 2.8.0. The TinkerpopClientService supports configuration of ByteCode Submission for the Script Submission Type, enabling Groovy...

7.5CVSS0.0076EPSS
Exploits1References1
HackRead
HackRead
added 2026/05/03 4:7 p.m.10 views

Paying Ransom Won’t Help as VECT 2.0 Ransomware Destroys Data Irreversibly

VECT 2.0 ransomware contains fatal flaws that permanently destroy files, making recovery impossible and rendering ransom payments useless for victims worldwide...

5.8AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/01 9:30 a.m.8 views

ai.platon.pulsar:pulsar-persist (>=1.9.0 <=1.10.23), be.eliwan:eoddata-client (=1.0) +2590 more potentially affected by CVE-2026-42402 via org.apache.neethi:neethi (>=2.0 <=3.2.1)

org.apache.neethi:neethi MAVEN version =2.0, =1.9.0, =1.1.7, =1.1.9, =1.2.5, =3.00.4, =3.00.3, =4.00.10, =11.4-37, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.1.0.RELEASE and more Source cves: CVE-2026-42402 Source advisory: OSV:GHSA-G36M-9G3M-2VMP...

7.5CVSS5.4AI score0.00711EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/04/29 2:48 p.m.5 views

CVE-2026-7151

A vulnerability was determined in Tenda HG3 2.0. Impacted is the function formUploadConfig of the file /boaform/formIPv6Routing. This manipulation of the argument destNet causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been publicly disclosed an...

9CVSS8.7AI score0.00632EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/27 9:30 p.m.2 views

CVE-2026-7160

A vulnerability was determined in Tenda HG3 2.0. This vulnerability affects the function formTracert of the file /boaform/formTracert. Executing a manipulation of the argument datasize can lead to command injection. The attack may be performed from remote. The exploit has been publicly disclosed...

9CVSS5.2AI score0.03269EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2026/04/27 8:16 p.m.5 views

CVE-2026-7151

A vulnerability was determined in Tenda HG3 2.0. Impacted is the function formUploadConfig of the file /boaform/formIPv6Routing. This manipulation of the argument destNet causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been publicly disclosed an...

9CVSS0.00632EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/04/27 7:15 p.m.3 views

CVE-2026-7151

A vulnerability was determined in Tenda HG3 2.0. Impacted is the function formUploadConfig of the file /boaform/formIPv6Routing. This manipulation of the argument destNet causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been publicly disclosed an...

9CVSS8.8AI score0.00632EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder