Lucene search
K

485 matches found

CVE
CVE
added 6 days ago11 views

CVE-2026-54475

Summary of CVE-2026-54475 : A missing authorization check allows unauthorized connections to access temporary destinations in Apache ActiveMQ components. Affected versions include Apache ActiveMQ Broker prior to 5.19.8 and 6.0.0–6.2.6, Apache ActiveMQ All prior to 5.19.8 and 6.0.0–6.2.6, and Apac...

7.5CVSS5.7AI score0.00589EPSS
Exploits0References2Affected Software2
ATTACKERKB
ATTACKERKB
added 2026/06/26 5:31 p.m.5 views

CVE-2026-48044

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.23.0 until 1.35.11, 1.36.7, 1.37.3, and 1.38.1, a vulnerability has been identified in Envoy's zstd decompressor implementation ZstdDecompressorImpl. When zstd decompression is enabled, processing a...

7.5CVSS5.8AI score0.00486EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/06/26 5:31 p.m.15 views

CVE-2026-48044

Summary: CVE-2026-48044 affects Envoy’s zstd decompressor (ZstdDecompressorImpl). From 1.23.0 through 1.35.11, 1.36.7, 1.37.3, and 1.38.1, specially crafted, highly compressed zstd payloads can trigger massive memory allocation when decompression is enabled, potentially causing memory exhaustion ...

7.5CVSS5.8AI score0.00486EPSS
Exploits1References1Affected Software1
F5 Networks
F5 Networks
added 2026/06/26 3:3 a.m.12 views

K000161919: BIND vulnerability CVE-2026-5947

Security Advisory Description Undefined behavior may result due to a race condition leading to a use-after-free violation. If BIND receives an incoming DNS message signed with SIG0, it begins work to validate that signature. If, during that validation, the "recursive-clients" limit is reached as...

7.5CVSS5.8AI score0.01387EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/06/18 4:21 p.m.5 views

CVE-2026-48617

A flaw in Node.js Permission Model enforcement allows Bypass via process.report.writeReport Path Misvalidation. This can lead to confidentiality impact or bypass of the intended security boundary under affected configurations. This vulnerability affects all supported release lines: Node.js 22,...

1.8CVSS5.8AI score0.00208EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.7 views

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Lodash vulnerabilities (USN-8411-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8411-1 advisory. It was discovered that Lodash was vulnerable to a prototype pollution issue in the...

9.8CVSS7.4AI score0.2241EPSS
Exploits4References7
Tenable Nessus
Tenable Nessus
added 2026/06/10 12:0 a.m.5 views

Splunk Enterprise 9.3.0 < 9.3.13, 9.4.0 < 9.4.12, 10.0.0 < 10.0.7, 10.2.0 < 10.2.4 (SVD-2026-0605)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2026-0605 advisory. - In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13...

5.7CVSS5.4AI score0.00245EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:47 p.m.12 views

CVE-2026-6489

A security flaw has been discovered in QueryMine sms up to 7ab5a9ea196209611134525ffc18de25c57d9593. This issue affects some unknown processing of the file admin/addteacher.php of the component Background Management Page. The manipulation of the argument image results in unrestricted upload. The...

6.5CVSS6AI score0.00257EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.11 views

CVE-2026-6479

Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker able to connect to a PostgreSQL AFUNIX socket to achieve sustained denial of service. If SSL and GSS are both disabled, an attacker can do the same via access to a PostgreSQL TCP socket. Versions before PostgreSQL 18....

7.5CVSS5.4AI score0.00471EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/05 2:30 p.m.12 views

EUVD-2026-34842

A flaw has been found in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. This impacts the function sessionstart of the file /login-form.php. Executing a manipulation of the argument UserAuthData can lead to session fixiation...

7.5CVSS5.2AI score0.00232EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/04 3:20 p.m.11 views

mysql: Information Schema unspecified vulnerability (CPU Apr 2026)

Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Information Schema. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with...

4.3CVSS5.8AI score0.00243EPSS
Exploits0References6
CVE
CVE
added 2026/06/03 1:16 p.m.36 views

CVE-2026-8404

Django 5.2 before 5.2.15 and 6.0 before 6.0.6 contains a vulnerability in django.middleware.cache.UpdateCacheMiddleware where Cache-Control directives are not matched case-insensitively, allowing remote attackers to read cached responses. Older series (5.0.x, 4.1.x, 3.2.x) may also be affected. A...

5.3CVSS5.8AI score0.00285EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/01 3:33 a.m.13 views

CVE-2026-48187 Email with special content can lead to DoS

An uncontrolled allocation of resources without limits or throttling in the e-mail handling in OTRS allows excessive allocation which may lead to the abortion of the webserver.This issue affects OTRS: 8.0.X 2023.X 2024.X 2025.X 2026.X before 2026.4.X Please note that OTRS Community Edition 6.x,...

5.7CVSS5.8AI score0.00201EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/31 4:45 a.m.14 views

EUVD-2026-33489

A vulnerability was detected in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. Affected by this vulnerability is the function ajaxforgotpassword of the file application/controllers/Login.php of the component Forgot Password Endpoint. The...

6.3CVSS5.1AI score0.00286EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/22 1:26 p.m.11 views

EUVD-2026-31439

vifm is vulnerable to a heap buffer overflow during the history merge process when saving the state file vifminfo.json. This flaw occurs because the application lacks a runtime check on the length of history entries in release builds, potentially allowing a crafted long path or command in the...

4.8CVSS6AI score0.0014EPSS
Exploits0References2
CVE
CVE
added 2026/05/22 1:26 p.m.19 views

CVE-2026-8997

CVE-2026-8997 : vifm is vulnerable to a heap buffer overflow during the history merge when saving the state file (vifminfo.json). The flaw arises from a missing runtime length check on history entries in release builds, allowing a crafted long path or command in history to cause memory corruption...

4.8CVSS6AI score0.0014EPSS
Exploits0References2
OSV
OSV
added 2026/05/20 1:16 p.m.6 views

ALPINE-CVE-2026-3593

A use-after-free vulnerability exists within the DNS-over-HTTPS implementation. This issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1. BIND 9 versions 9.18.0 through 9.18.48 and 9.18.11-S1 through 9.18.48-S1 are NOT affected...

9.8CVSS5.8AI score0.01844EPSS
Exploits0References1
CVE
CVE
added 2026/05/20 1:9 p.m.38 views

CVE-2026-3593

A use-after-free vulnerability exists in BIND 9’s DNS-over-HTTPS implementation. Affected: BIND 9.20.0–9.20.22, 9.21.0–9.21.21, and 9.20.9-S1–9.20.22-S1. Not affected: 9.18.0–9.18.48 and 9.18.11-S1–9.18.48-S1. Impact: memory corruption with potential denial of service or code execution (per Red H...

9.8CVSS5.8AI score0.01844EPSS
Exploits0References7Affected Software1
AlpineLinux
AlpineLinux
added 2026/05/20 1:9 p.m.11 views

CVE-2026-3592

BIND resolvers are vulnerable to an amplified resource consumption/exhaustion attack. If a victim resolver makes a query to a specially crafted zone, the resolver will consume disproportionate resources. This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.48, 9.20.0...

5.3CVSS5.8AI score0.00406EPSS
Exploits0References4
CheckPoint Security
CheckPoint Security
added 2026/05/20 12:0 a.m.53 views

CVE-2026-48131 - VPND IKE Fragment Reassembly - Heap Out-of-Bounds Write via Sequence Number Zero

Symptoms - The VPN service may mishandle an unexpected IKE fragment value received on the IKE port 500/UDP during the early stage of a connection attempt. This can cause the service to terminate unexpectedly, resulting in denial of service temporary disruption of VPN-related functionality. - The...

8.1CVSS5.5AI score0.02658EPSS
Exploits0
Rows per page
Query Builder