Lucene search
K

23224 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.15 views

Amazon Linux 2 : thunderbird, --advisory ALAS2-2026-3340 (ALAS-2026-3340)

The version of thunderbird installed on the remote host is prior to 140.11.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3340 advisory. Three inter-frame chunk discard paths in the push-mode APNG parser clear the chunk-header flag without consuming th...

9.8CVSS5.9AI score0.00605EPSS
Exploits0References34
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.16 views

Amazon Linux 2 : perl-Crypt-PasswdMD5, --advisory ALAS2-2026-3343 (ALAS-2026-3343)

The version of perl-Crypt-PasswdMD5 installed on the remote host is prior to 1.3-17. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3343 advisory. Crypt::PasswdMD5 versions through 1.42 for Perl generates insecure random values for salts. The built-in rand function ...

7.5CVSS5.5AI score0.00447EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.15 views

Amazon Linux 2 : perl, --advisory ALAS2-2026-3352 (ALAS-2026-3352)

The version of perl installed on the remote host is prior to 5.16.3-299. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3352 advisory. Buffer overflow in Perlstudychunk CVE-2026-8376 Tenable has extracted the preceding description block directly from the tested...

9.8CVSS5.6AI score0.00398EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.14 views

Amazon Linux 2 : capstone, --advisory ALAS2-2026-3351 (ALAS-2026-3351)

The version of capstone installed on the remote host is prior to 3.0.5-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3351 advisory. Capstone is a disassembly framework. In versions 6.0.0-Alpha5 and prior, an unchecked vsnprintf return in SStreamconcat lets a...

9.8CVSS7.8AI score0.00163EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.9 views

Amazon Linux 2 : postgresql, --advisory ALAS2POSTGRESQL14-2026-024 (ALASPOSTGRESQL14-2026-024)

The version of postgresql installed on the remote host is prior to 14.23-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2POSTGRESQL14-2026-024 advisory. Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use...

8.8CVSS6.7AI score0.00668EPSS
Exploits0References18
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.11 views

Amazon Linux 2 : ecs-init, --advisory ALAS2ECS-2026-120 (ALASECS-2026-120)

The version of ecs-init installed on the remote host is prior to 1.103.2-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2026-120 advisory. When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory an...

7.5CVSS5.9AI score0.00813EPSS
Exploits0References16
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.17 views

Amazon Linux 2 : nerdctl, --advisory ALAS2-2026-3334 (ALAS-2026-3334)

The version of nerdctl installed on the remote host is prior to 2.2.2-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3334 advisory. Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680 Parsing...

10CVSS6.1AI score0.00513EPSS
Exploits0References40
GithubExploit
GithubExploit
added 2026/06/06 5:19 p.m.120 views

Exploit for CVE-2026-42926

CVE-2026-42926 NGINX HTTP/2 Frame Injection Lab A controlled...

6.3CVSS5.7AI score0.00339EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.12 views

RHEL 10 : mod_http2 (RHSA-2026:22528)

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:22528 advisory. The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers. Security Fixes: httpd: Apache HTTP...

7.5CVSS5.6AI score0.04409EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.39 views

Debian dsa-6323 : apache2 - security update

The remote Debian 12 / 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6323 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6323-1 [email protected] https://www.debian.org/security/...

7.5CVSS5.4AI score0.11471EPSS
Exploits8References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:46 p.m.11 views

CVE-2026-42474

SQL injection vulnerability in MixPHP Framework 2.x thru 2.2.17 via crafted data array to the data function in BuildHelper.php...

6.5CVSS5.6AI score0.00201EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:41 p.m.10 views

CVE-2025-54518

A flaw was found in AMD Zen 2-based processors, affecting components such as the kernel and Xen hypervisor. Improper isolation of shared resources within the CPU operation cache could allow an attacker to corrupt instructions executed at a different privilege level. This could potentially result ...

7.3CVSS5.7AI score0.00258EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/05 7:32 p.m.11 views

CVE-2026-6395

The Word 2 Cash plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to Stored Cross-Site Scripting in versions up to and including 0.9.2. This is due to the complete absence of nonce verification on the settings save handler in the w2cadmin function, combined with missing inp...

6.1CVSS5.7AI score0.00153EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:29 p.m.11 views

CVE-2026-46685

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, when RUSTFSCORSALLOWEDORIGINS is unset, the RustFS S3 listener's ConditionalCorsLayer reflects any request Origin value back as Access-Control-Allow-Origin and also sets Access-Control-Allow-Credentials: true and...

6CVSS5.5AI score0.00108EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.10 views

CVE-2026-45044

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the admin router explicitly whitelists /profile/cpu and /profile/memory from the authentication layer, allowing any unauthenticated HTTP client to invoke profiling handlers without credentials. On supported builds...

8.8CVSS5.5AI score0.0031EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.9 views

CVE-2026-45042

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, improper authorization in the UploadPartCopy operation allows copying objects across buckets without enforcing destination bucket restrictions on allowed copy sources. The implementation validates GetObject...

7.1CVSS5.5AI score0.00207EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:11 p.m.11 views

CVE-2026-44237

FreePBX is an open source IP PBX. Prior to 17.0.8, the FreePBX api module's OAuth2 implementation does not sufficiently validate client credentials during token issuance. Knowledge of a valid clientid is required. The validateClient method in ClientRepository.php unconditionally returns true,...

8.1CVSS5.4AI score0.00201EPSS
Exploits0References1
CBLMariner
CBLMariner
added 2026/06/05 12:59 p.m.9 views

CVE-2026-41526 affecting package kf-kcoreaddons for versions less than 5.249.0-2

CVE-2026-41526 affecting package kf-kcoreaddons for versions less than 5.249.0-2. A patched version of the package is available...

7.8CVSS5.4AI score0.0017EPSS
Exploits0
CBLMariner
CBLMariner
added 2026/06/05 12:59 p.m.10 views

CVE-2026-39882 affecting package containerd2 for versions less than 2.2.4-2

CVE-2026-39882 affecting package containerd2 for versions less than 2.2.4-2. A patched version of the package is available...

5.3CVSS7.1AI score0.0019EPSS
Exploits0
CBLMariner
CBLMariner
added 2026/06/05 12:59 p.m.9 views

CVE-2026-33814 affecting package containerd2 for versions less than 2.2.4-2

CVE-2026-33814 affecting package containerd2 for versions less than 2.2.4-2. A patched version of the package is available...

7.5CVSS5.4AI score0.00781EPSS
Exploits0
Rows per page
Query Builder