Lucene search
K

25 matches found

Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.23 views

PT-2026-40439

Name of the Vulnerable Software and Affected Versions DNS Cluster affected versions not specified Description SSL verification is disabled in the DNS Cluster system. This allows a malicious server to perform a man-in-the-middle attack, which is a technique where an attacker intercepts communicati...

8.2CVSS5.8AI score0.00252EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.13 views

Apple多款产品 安全漏洞

Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple macOS is a specialized operating system designed for Mac computers. Apple iPadOS is an operating system for iPad tablets. Several of Apple’s products have...

8.8CVSS7.1AI score0.00597EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/28 12:0 a.m.6 views

Juniper Junos OS Vulnerability (JSA100092)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA100092 advisory. - A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon rpd of Juniper Networks Junos OS and Junos OS Evolved allows a local, lo...

6.8CVSS5.5AI score0.00113EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.8 views

Juniper Networks Junos OS SRX 代码问题漏洞

Juniper Networks Junos OS SRX is a network operating system specifically designed for hardware devices used by Juniper Networks. This operating system provides secure programming interfaces and the Junos SDK. There are code vulnerabilities in Juniper Networks Junos OS SRX, which stem from imprope...

8.7CVSS5.9AI score0.00331EPSS
Exploits0References1
OSV
OSV
added 2026/04/01 9:58 a.m.6 views

CLEANSTART-2026-JO01099 Security fixes for CVE-2025-55190, CVE-2025-55191, CVE-2025-58183, CVE-2025-58185, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-59537, CVE-2025-59538, CVE-2025-61723, CVE-2025-61724, CVE-2025-61725, CVE-2026-24051, ghsa-2v5j-vhc3-9cwm, ghsa-2vgg-9h3w-qbr4, ghsa-2xsj-vh29-9cwm, ghsa-37cx-329c-33x3, ghsa-3wgm-2mw2-vh5m, ghsa-4x4m-3c2p-qppc, ghsa-6v2p-p543-phr9, ghsa-92cp-5422-2m47, ghsa-93mq-9ffx-83m2, ghsa-f6x5-jh6r-wrfv, ghsa-hj2p-8wj8-pfq4, ghsa-j5w8-q4qc-rx2x, ghsa-mh63-6h87-95cp, ghsa-mw99-9chc-xw7r applied in versions: 2.13.9-r0, 2.14.20-r0, 3.0.16-r0, 3.0.19-r0, 3.1.4-r0, 3.1.8.-r0, 3.1.9-r4, 3.2.7-r0, 3.3.3-r0

Multiple security vulnerabilities affect the argo-cd package. These issues are resolved in later releases. See references for individual vulnerability details...

9.9CVSS7.1AI score0.04518EPSS
Exploits3References41
PostrgeSql
PostrgeSql
added 2026/02/12 12:0 a.m.24 views

Vulnerability in core server (CVE-2026-2003)

PostgreSQL oidvector discloses a few bytes of memory Improper validation of type "oidvector" in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks that arrange for presence of confidential information in disclosed bytes, but they...

4.3CVSS5.8AI score0.00281EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/02 11:48 p.m.6 views

CVE-2025-61639

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/logging/ManualLogEntry.Php, includes/recentchanges/RecentChangeFactory.Php, includes/recentchanges/RecentChangeStore.Php. This...

6.3CVSS5.4AI score0.0022EPSS
Exploits0References2
CVE
CVE
added 2025/12/19 11:0 a.m.666 views

CVE-2025-14847

MongoDB vulnerability CVE-2025-14847 (MongoBleed) arises from mismatched length fields in zlib decompression headers, allowing unauthenticated read of uninitialized heap memory. Affected versions include MongoDB Server 3.6.x and 4.x lines (various latest vulnerable builds), 5.0.x, 6.0.x, 7.0.x, 8...

8.7CVSS6.5AI score0.83007EPSS
In wildExploits39References6Affected Software1
Positive Technologies
Positive Technologies
added 2025/11/27 12:0 a.m.8 views

PT-2025-48275

Mattermost versions 11.0.x = 11.0.2, 10.12.x = 10.12.1, 10.11.x = 10.11.4, 10.5.x = 10.5.12 fail to sanitize team email addresses to be visible only to Team Admins, which allows any authenticated user to view team email addresses via the GET /api/v4/channels/channel id/common teams endpoint...

4.3CVSS6.7AI score0.00187EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/19 1:46 p.m.8 views

Security Bulletin: IBM Security SOAR is using a component with a known vulnerability (CVE-2025-5889)

Summary IBM Security SOAR uses an older version of brace-expansion that may be identified and exploited. Updates for supported versions have been released which address the issue. It is recommended customers upgrade to version 51.0.7.1 or later. Vulnerability Details CVEID:CVE-2025-5889...

3.1CVSS5.6AI score0.00459EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/08/14 12:0 a.m.4 views

GitLab 11.6 < 18.0.6 / 18.1 < 18.1.4 / 18.2 < 18.2.2 (CVE-2025-2614)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions from 11.6 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed an authenticated user to cause a denial ...

6.5CVSS5.5AI score0.00337EPSS
Exploits0References4
PostrgeSql
PostrgeSql
added 2025/08/14 12:0 a.m.76 views

Vulnerability in core server (CVE-2025-8715)

PostgreSQL pgdump newline in object name executes arbitrary code in psql client and in restore target server Improper neutralization of newlines in pgdump in PostgreSQL allows a user of the origin server to inject arbitrary code for restore-time execution as the client operating system account...

8.8CVSS7AI score0.00385EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/08/13 1:15 p.m.7 views

CVE-2025-48989

Improper Resource Shutdown or Release vulnerability in Apache Tomcat made Tomcat vulnerable to the made you reset attack. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.9, from 10.1.0-M1 through 10.1.43 and from 9.0.0.M1 through 9.0.107. Older, EOL versions may also be affected...

7.5CVSS7.1AI score
Exploits0References3
Amazon
Amazon
added 2024/10/31 12:0 a.m.6 views

Medium: java-1.8.0-amazon-corretto

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12...

4.8CVSS5.7AI score0.01157EPSS
Exploits0
OSV
OSV
added 2024/08/09 11:8 a.m.15 views

OESA-2024-1951 openjdk-17 security update

The OpenJDK runtime environment. Security Fixes: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0....

7.4CVSS6.3AI score0.01257EPSS
Exploits0References6
CNNVD
CNNVD
added 2024/04/09 12:0 a.m.4 views

Microsoft Windows Secure Boot 安全漏洞

Microsoft Windows Secure Boot is a secure boot from Microsoft Corporation USA. A security vulnerability exists in Microsoft Windows Secure Boot. An attacker exploiting this vulnerability could bypass certain features. The following products and versions are affected:Windows 11 version 21H2 for...

7.8CVSS8.5AI score0.00655EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2023/04/19 7:27 p.m.5 views

OpenJDK: missing check for slash characters in URI-to-path conversion (8298667)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploi...

3.7CVSS6.9AI score0.01036EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/09/16 12:0 a.m.7 views

PT-2022-23047 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.0 through 2.9.1 TensorFlow versions 2.8.0 through 2.8.1 TensorFlow versions 2.7.0 through 2.7.2 Description: The AvgPoolOp function in TensorFlow takes an argument ksize that must be...

7.5CVSS7.4AI score0.00562EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2022/09/14 12:0 a.m.25 views

PT-2022-6448 · Fortinet · Fortinac

Name of the Vulnerable Software and Affected Versions: Fortinet FortiNAC versions 8.3.7, 8.5.0 through 8.5.4, 8.6.0 through 8.6.5, 8.7.0 through 8.7.6, 8.8.0 through 8.8.11, 9.1.0 through 9.1.8, 9.2.0 through 9.2.5, 9.4.0 Description: The issue is related to an improper neutralization of input...

7.6CVSS5.4AI score0.00514EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/06/16 12:0 a.m.4 views

Hillrom Welch Allyn ELI 访问控制错误漏洞

The Hillrom Welch Allyn ELI is a series of resting electrocardiographs from Hillrom, Inc. An Access Control Error vulnerability exists in Hillrom Welch Allyn ELI that stems from not restricting or incorrectly restricting access to resources by unauthorized actors. The following products and...

7.7CVSS5.4AI score0.00274EPSS
Exploits0References4
Rows per page
Query Builder