Lucene search
K

9836 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/06/11 9:28 p.m.4 views

Security Bulletin: Multiple security vulnerabilities may affect IBM Java that is shipped with IBM CICS TX Advanced

Summary Multiple security vulnerabilities may affect IBM Java that is shipped with IBM CICS TX Advanced CVE-2026-22016, CVE-2026-22021, CVE-2026-22013, CVE-2026-22018, CVE-2026-34268, CVE-2026-22007. An update to IBM CICS TX Advanced has been released to address these vulnerabilities. Vulnerabili...

7.5CVSS7.2AI score0.00702EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/11 9:25 p.m.5 views

Security Bulletin: An Improper Privilege Management vulnerability may affect IBM WebSphere Liberty that is shipped with IBM CICS TX Advanced (CVE-2026-3621).

Summary An Improper Privilege Management vulnerability may affect IBM WebSphere Liberty that is shipped with IBM CICS TX Advanced CVE-2026-3621. IBM WebSphere Liberty has been updated within IBM CICS TX Advanced to address this vulnerability. Vulnerability Details CVEID:CVE-2026-3621 DESCRIPTION:...

7.5CVSS5.4AI score0.00276EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2026/06/11 8:33 p.m.14 views

EUVD-2026-34901

AWS Advanced Go Wrapper has Privilege Escalation in Aurora PostgreSQL instance...

8.6CVSS5.4AI score0.00305EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/11 2:49 p.m.12 views

Important: Red Hat Security Advisory: Red Hat Advanced Cluster Management for Kubernetes v2.16.2 security update

Red Hat Advanced Cluster Management for Kubernetes 2.16 General Availability release images, which add new features and enhancements, bug fixes, and updated container images. Red Hat Advanced Cluster Management for Kubernetes 2.16 images Red Hat Advanced Cluster Management for Kubernetes provides...

10CVSS7.6AI score0.01163EPSS
Exploits6References15
NVD
NVD
added 2026/06/11 12:16 p.m.15 views

CVE-2022-45813

Missing Authorization vulnerability in BeRocket Advanced AJAX Product Filters allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Advanced AJAX Product Filters: from n/a through 1.6.3.3...

5.4CVSS0.00227EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/11 10:41 a.m.28 views

CVE-2022-45813 WordPress Advanced AJAX Product Filters plugin <= 1.6.3.3 - Broken Access Control + CSRF

Missing Authorization vulnerability in BeRocket Advanced AJAX Product Filters allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Advanced AJAX Product Filters: from n/a through 1.6.3.3...

5.4CVSS0.00227EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/10 8:51 p.m.12 views

Important: Red Hat Security Advisory: Submariner v0.21 security fixes and container updates

Submariner v0.21 General Availability release images, which provide enhancements, security fixes, and updated container images. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

10CVSS6.8AI score0.02667EPSS
Exploits9References16
OSV
OSV
added 2026/06/10 12:0 a.m.50 views

ALSA-2026:25120 Critical: kernel-rt security update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: geneve: Fix use-after-free in genevefinddev. CVE-2025-21858 kernel: smc: Fix use-after-free in tcpwritetimerhandler CVE-2023-53781...

9.8CVSS6.5AI score0.00563EPSS
Exploits0References28
Snyk
Snyk
added 2026/06/09 6:33 p.m.6 views

Missing Cryptographic Step

Overview Affected versions of this package are vulnerable to Missing Cryptographic Step in the AES-OCB provider when an application uses the EVPCipher interface. The handler silently discards the IV, so every message under a given key runs with the all-zero offset state, causing nonce reuse. If...

9.1CVSS5.3AI score0.0032EPSS
Exploits0References2
NVD
NVD
added 2026/06/09 6:16 p.m.14 views

CVE-2025-54509

Improper access control for register interface in the input-output memory management unit IOMMU could allow a privileged attacker to cause non-coherent accesses by the AMD secure processor ASP potentially resulting in loss of integrity...

4CVSS0.00127EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 5:34 p.m.8 views

CVE-2026-28237

Unrestricted resource allocation in AMD uProf may be exploitable to consume excessive system resources, potentially leading to a loss of availability...

6.8CVSS5.4AI score0.00098EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 5:33 p.m.15 views

EUVD-2026-35767

Improper access control in AMD uProf may allow a local attacker with user privileges to write to the kernel-shared memory section, potentially resulting in crash or denial of service...

6.8CVSS5.5AI score0.001EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 5:17 p.m.10 views

CVE-2026-45445

Issue summary: When an application drives an AES-OCB context through the public EVPCipher one-shot interface, the application-supplied initialisation vector IV is silently discarded. Impact summary: Every message encrypted under the same key uses the same effective nonce regardless of the IV...

7.5CVSS0.0032EPSS
Exploits0References6
CVE
CVE
added 2026/06/09 4:3 p.m.253 views

CVE-2026-45445

CVE-2026-45445 describes a vulnerability in AES-OCB when using OpenSSL EVP_Cipher() in one-shot mode: the application-supplied IV is ignored, causing every encrypted message under the same key to use the same effective nonce. This leads to key/nonce reuse and potential confidentiality loss, and, ...

7.5CVSS5.8AI score0.0032EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2026/06/09 1:16 a.m.18 views

CVE-2026-24315

SAP Fiori Launchpad allows attackers to craft malicious URLs that triggers arbitrary service calls on the Fiori domain, this when opened by the user could compromise accounts by stealing user credentials. Successful exploitation requires adversaries to possess advanced knowledge of the system...

4.2CVSS0.00174EPSS
Exploits0References2
CVE
CVE
added 2026/06/09 12:20 a.m.114 views

CVE-2026-27671

Technical details about CVE-2026-27671 are not publicly available in the provided documents. Monitor for updates from SAP/security advisories.

9.8CVSS5.5AI score0.00437EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/09 12:19 a.m.6 views

CVE-2026-24315

SAP Fiori Launchpad allows attackers to craft malicious URLs that triggers arbitrary service calls on the Fiori domain, this when opened by the user could compromise accounts by stealing user credentials. Successful exploitation requires adversaries to possess advanced knowledge of the system...

4.2CVSS5.6AI score0.00174EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/06/09 12:19 a.m.11 views

EUVD-2026-35277

SAP Fiori Launchpad allows attackers to craft malicious URLs that triggers arbitrary service calls on the Fiori domain, this when opened by the user could compromise accounts by stealing user credentials. Successful exploitation requires adversaries to possess advanced knowledge of the system...

4.2CVSS5.6AI score0.00174EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/09 12:19 a.m.36 views

CVE-2026-24315 Path Traversal Vulnerability in SAP Fiori (launchpad)

SAP Fiori Launchpad allows attackers to craft malicious URLs that triggers arbitrary service calls on the Fiori domain, this when opened by the user could compromise accounts by stealing user credentials. Successful exploitation requires adversaries to possess advanced knowledge of the system...

4.2CVSS0.00174EPSS
Exploits0References2
Spring Security Advisories
Spring Security Advisories
added 2026/06/09 12:0 a.m.6 views

CVE-2026-41714: In Spring AMQP the `RabbitConnectionFactoryBean.setUri("amqps://...")` bypasses secure SSL setup, uses `TrustEverythingTrustManager`

Applications that configure their broker connection via RabbitConnectionFactoryBean.setUri"amqps://..." without also calling setUseSSLtrue get TLS encryption with no certificate validation and no hostname verification...

4CVSS5.8AI score0.00132EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder