Lucene search
K

35 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/06/12 3:36 p.m.6 views

Security Bulletin: IBM Engineering Lifecycle Management - Engineering Workflow Management is impacted by vulnerabilities HTML / XSS Injection observed

Summary Vulnerabilities have been identified in HTML / XSS Injection, which is used in IBM Engineering Lifecycle Management -Engineering Workflow Management Vulnerability Details CVEID:CVE-2025-33128 DESCRIPTION: IBM Engineering Workflow Management is vulnerable to cross-site scripting. This...

5.4CVSS4.8AI score0.00139EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:11 p.m.11 views

CVE-2026-8843

Creating a "2dspherebucket" index on a non-timeseries bucket collection will succeed, but any subsequent attempt to insert a document which triggers updating that index will crash the server. A similar issue occurs when creating "queryableencryptedrange" indices. This issue affects MongoDB Server...

7.1CVSS5.5AI score0.00235EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/02 5:55 p.m.9 views

CVE-2026-40181 React Router's same-origin redirect with path starting // causes open redirect via protocol-relative URL reinterpretation

React Router is a router for React. In versions 7.0.0 through 7.14.0 and 6.7.0 through 6.30.3, certain URLs passed to the redirect function can trigger an open redirect to an external domain due to path values starting with // being reinterpreted as protocol-relative URLs. The level of impact...

8.7CVSS5.8AI score0.00162EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/02 4:59 p.m.15 views

CVE-2026-33244

React Router is a router for React. In versions 7.5.1 through 7.13.1, when using Framework Mode with pre-rendering enabled, improper neutralization of the HTTP Location header value can permit Cross-Site Scripting XSS in the statically generated HTML files if the redirect location comes from an...

5.4CVSS5.8AI score0.00144EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/06/01 4:16 a.m.18 views

CVE-2026-48208

An improper neutralization of active SVG content in OTRS or OTRS Community Edition ticket article rendering allows attackers to inject specially crafted SVG payloads via email content, leading to browser-side resource exhaustion and denial of service when affected tickets are opened by an agent o...

6.5CVSS0.00333EPSS
Exploits0References1
OSV
OSV
added 2026/05/06 2:42 p.m.6 views

BIT-JAVA-2020-2659

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Networking. Supported versions that are affected are Java SE: 7u241 and 8u231; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols...

4.3CVSS6.8AI score0.04202EPSS
Exploits0References20
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.9 views

PT-2026-37893

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Networking. Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

5.8CVSS6.8AI score0.02984EPSS
Exploits0References28
Vulnrichment
Vulnrichment
added 2026/04/20 4:8 p.m.3 views

CVE-2026-24504

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper input validation vulnerability. A high privileged attacker with remote access could potentially exploit this...

7.2CVSS6.1AI score0.00441EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/25 6:31 p.m.8 views

EUVD-2026-15847

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in QuantumCloud ChatBot chatbot allows Blind SQL Injection.This issue affects ChatBot: from n/a through = 7.7.9...

5.9AI score0.00283EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/03/13 8:41 p.m.6 views

@01.software/cli (>=0.1.1 <=0.2.0-dev.260310.cf511cb), @01.software/sdk (>=0.0.1-251008.90016 <=0.3.0) +398 more potentially affected by CVE-2026-1526 via undici (>=7.0.0 <=7.22.0)

undici NPM version =7.0.0, =0.1.1, =0.0.1-251008.90016, =0.0.6, =0.0.1, =0.0.2, =0.1.0, =0.0.33, =0.0.1, =1.0.0, =21.0.0, =0.5.0, =1.0.1, =2.8.7 and more Source cves: CVE-2026-1526 Source advisory: OSV:GHSA-VRM6-8VPV-QV8Q...

7.5CVSS7AI score0.0115EPSS
Exploits0
OSV
OSV
added 2026/02/06 10:34 p.m.3 views

GHSA-4JQP-9QJV-57M2 Keylime Missing Authentication for Critical Function and Improper Authentication

Impact The Keylime registrar does not enforce mutual TLS mTLS client certificate authentication since version 7.12.0. The registrar's TLS context is configured with ssl.CERTOPTIONAL instead of ssl.CERTREQUIRED, allowing any client to connect to protected API endpoints without presenting a valid...

9.4CVSS5.6AI score0.05431EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.5 views

PT-2026-6781

Name of the Vulnerable Software and Affected Versions Keylime versions 7.12.0 and later Description A flaw exists in Keylime where the registrar does not enforce client-side Transport Layer Security TLS authentication. This allows unauthenticated clients with network access to perform...

9.8CVSS5.4AI score0.05431EPSS
Exploits0References44
RedhatCVE
RedhatCVE
added 2026/01/21 10:24 p.m.6 views

CVE-2026-21982

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are 7.1.14 and 7.2.4. Difficult to exploit vulnerability allows unauthenticated attacker with access to the physical communication segment attached to the hardware wher...

7.5CVSS5.3AI score0.00227EPSS
Exploits0References1
NVD
NVD
added 2026/01/20 10:16 p.m.7 views

CVE-2026-21988

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromis...

8.2CVSS0.00196EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/01/20 10:16 p.m.7 views

CVE-2026-21988

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromis...

8.2CVSS7AI score0.00196EPSS
Exploits0References2
NVD
NVD
added 2026/01/20 10:15 p.m.24 views

CVE-2026-21963

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromis...

6CVSS0.00234EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/20 9:38 p.m.4 views

CVE-2025-58744 Hard-Coded Default Credentials Enable Document Archive Decryption in Milner ImageDirector Capture

Use of Default Credentials, Hard-coded Credentials vulnerability in C2SGlobalSettings.dll in Milner ImageDirector Capture on Windows allows decryption of document archive files using credentials decrypted with hard-coded application encryption key. This issue affects ImageDirector Capture: from...

6.9CVSS5.3AI score0.0013EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/11/25 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2025-62587

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are 7.1.12 and 7.2.2. Easily...

8.2CVSS7.1AI score0.00184EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/10/29 12:0 a.m.7 views

PT-2025-44237

Name of the Vulnerable Software and Affected Versions WooCommerce versions prior to 7.8.3 Description The WooCommerce plugin for WordPress exhibits a sensitive information exposure issue due to improper CORS Cross-Origin Resource Sharing handling on the Store API’s REST endpoints. This allows...

5.3CVSS6.4AI score0.00303EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/10/27 12:0 a.m.11 views

PT-2025-43827

Missing Authorization vulnerability in QuantumCloud ChatBot chatbot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ChatBot: from n/a through = 7.3.0...

8.8CVSS7AI score0.00217EPSS
Exploits0References2
Rows per page
Query Builder