Lucene search
K

2815 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.5 views

Fedora 43 : rust (2026-d7436d12ae)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-d7436d12ae advisory. Update to Rust 1.96.0: New Range types Assert matching patterns Changes to WebAssembly targets Stabilized APIs Cargo CVE-2026-5222 and CVE-2026-5223...

6.5CVSS5.6AI score0.00328EPSS
Exploits0References3
NVD
NVD
added 2026/06/10 4:16 p.m.9 views

CVE-2026-25700

Improper Restriction of Security Token Assignment vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. Previously issued administrative tokens were not invalidated after an administrator account was suspended, deleted, or deactivated, allowing continued access to...

7.2CVSS0.00448EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.10 views

PT-2026-48456

Name of the Vulnerable Software and Affected Versions Apache Answer versions prior to 2.0.1 Description Improper Restriction of Security Token Assignment occurs when administrative tokens are not invalidated after an administrator account is suspended, deleted, or deactivated. This allows continu...

7.2CVSS5.9AI score0.00448EPSS
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 5:44 p.m.15 views

Malicious code in grateful-checkout (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c2a9600ad3ee3fddd9f06425260c94edf660263800080787155a63d3e5212d12 On npm install, the postinstall hook in src/canary.js performs a DNS lookup and an HTTPS GET to a serveo tunnel host...

5.5AI score
Exploits0References1
NVD
NVD
added 2026/06/09 5:17 p.m.20 views

CVE-2026-42768

Issue summary: The CMSdecrypt and PKCS7decrypt functions are vulnerable to Bleichenbacher-style attack when an attacker is able to provide the CMS or S/MIME messages and observe the error code and/or decryption output. Impact summary: The Bleichenbacher-style attack allows an attacker to use the...

3.7CVSS0.0035EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/08 4:50 p.m.6 views

CVE-2026-25856

OpenBullet2 through version 0.3.2 contains an authenticated remote code execution vulnerability that allows authenticated users to execute arbitrary C code on the server host by creating or modifying job configurations. Attackers can leverage the plain C execution mode, which lacks reference...

8.8CVSS6.6AI score0.00473EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/08 4:50 p.m.9 views

CVE-2026-25856 OpenBullet2 0.3.2 Authenticated RCE via Job Configuration Interface

OpenBullet2 through version 0.3.2 contains an authenticated remote code execution vulnerability that allows authenticated users to execute arbitrary C code on the server host by creating or modifying job configurations. Attackers can leverage the plain C execution mode, which lacks reference...

8.8CVSS6.6AI score0.00473EPSS
Exploits0References2
Amazon
Amazon
added 2026/06/08 12:0 a.m.10 views

Important: firefox

Issue Overview: Three inter-frame chunk discard paths in the push-mode APNG parser clear the chunk-header flag without consuming the chunk body and CRC, allowing attacker-controlled bytes inside an ignored ancillary chunk to be reinterpreted as a fresh chunk header on the next call to...

9.8CVSS5.8AI score0.00605EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/07 5:22 a.m.12 views

CVE-2026-11284

A side-channel information leakage flaw was found in the PerformanceAPIs component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=502073069...

6.5CVSS5.4AI score0.00237EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/07 5:13 a.m.10 views

CVE-2026-11233

An insufficient validation of untrusted input flaw was found in the FoldableAPIs component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=496088449...

8.7CVSS5.4AI score0.00177EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/06/07 4:41 a.m.11 views

SUSE CVE-2026-11234

Inappropriate implementation in FoldableAPIs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: Low...

4.3CVSS5.4AI score0.00177EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/06/07 4:39 a.m.12 views

SUSE CVE-2026-11284

Side-channel information leakage in PerformanceAPIs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...

6.5CVSS5.5AI score0.00237EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/06 6:43 p.m.15 views

CVE-2026-46391

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 9.0.1 and prior to version 26.0.0 of @haxtheweb/open-apis, multiple functions conduct substring-only matching to validate hostnames to which basic authorization should be sent. An attacker can append the...

8.7CVSS5.5AI score0.00457EPSS
Exploits0References1
OSV
OSV
added 2026/06/06 6:0 a.m.12 views

RLSA-2026:22643 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: Incorrect boundary conditions in the JavaScript Engine: JIT component CVE-2026-8388 firefox: Other issue in the JavaScript Engine component CVE-2026-8391 firefox: Sandbox escape in the Profile Backup component...

7.5CVSS5.5AI score0.00605EPSS
Exploits0References20
RedhatCVE
RedhatCVE
added 2026/06/06 12:43 a.m.11 views

CVE-2026-11326

OpenAI Atlas before 1.2025.288.15 exposed privileged browser APIs to web content on .openai.com origins. A cross-site scripting vulnerability in forum.openai.com could be used to access these functions, allowing access to browser history information and the ability to open or close tabs. OpenAI...

6CVSS5.2AI score0.00214EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.13 views

Fedora 44 : rust (2026-e251935c8f)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-e251935c8f advisory. Update to Rust 1.96.0: New Range types Assert matching patterns Changes to WebAssembly targets Stabilized APIs Cargo CVE-2026-5222 and CVE-2026-5223...

6.5CVSS5.6AI score0.00328EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:35 p.m.11 views

CVE-2026-50224

The web administration panel binds broadly to the public IPv6 address space on port :::8080 without default firewall limits, making internal API endpoints reachable over the WAN...

6.9CVSS5.4AI score0.00234EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/05 6:18 p.m.10 views

CVE-2026-46391 HAX open-apis: Credential Theft via Server-Side Request Forgery (SSRF) in open-apis

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 9.0.1 and prior to version 26.0.0 of @haxtheweb/open-apis, multiple functions conduct substring-only matching to validate hostnames to which basic authorization should be sent. An attacker can append the...

8.7CVSS5.4AI score0.00457EPSS
Exploits0References1
CVE
CVE
added 2026/06/05 6:18 p.m.28 views

CVE-2026-46391

CVE-2026-46391 concerns HAX CMS/Open-apis where, from versions before 26.0.0, multiple functions perform substring-only hostname validation for basic auth destinations. The underlying issue is substring matching that can be manipulated by an attacker to exfiltrate credentials by directing request...

8.7CVSS5.5AI score0.00457EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2026/06/05 2:0 p.m.10 views

Chromium: CVE-2026-11233 Insufficient validation of untrusted input in FoldableAPIs

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

4.7CVSS5.4AI score0.00177EPSS
Exploits0
Rows per page
Query Builder