Lucene search
+L

872 matches found

ptsecurity
ptsecurity
added 2026/07/07 12:0 a.m.8 views

PT-2026-56171

Name of the Vulnerable Software and Affected Versions sssd affected versions not specified rhcos affected versions not specified Description A flaw exists in the SSSD LDAP sudo provider due to insecure default configuration and improper scoping of LDAP searches. When the ldap sudo search base...

8.8CVSS6.1AI score0.00348EPSS
Exploits0References16
osv
osv
added 2026/07/06 8:5 a.m.4 views

CVE-2026-46726 Apache Camel Vertx Websocket: The inbound consumer maps externally-supplied WebSocket query and path parameters into the Exchange without a HeaderFilterStrategy, allowing injection of Camel control headers

Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor, Server-Side Request Forgery SSRF vulnerability in Apache Camel in Vertx Websocket component. The camel-vertx-websocket consumer mapped inbound WebSocket query and path parameters into the Camel Exchange header...

7.5CVSS6.1AI score0.00536EPSS
Exploits1References5
cve
cve
added 2026/07/06 8:2 a.m.14 views

CVE-2026-46584

CVE-2026-46584 affects Apache Camel’s Mail component. The MailProducer.getSender could read headers from the mail.smtp/mail.smtps namespace and apply them as JavaMail session properties, overriding endpoint config. This allows attacker-controlled inputs to influence SMTP parameters if untrusted i...

3.7CVSS6AI score0.00378EPSS
Exploits1References2Affected Software1
osv
osv
added 2026/06/29 11:50 a.m.7 views

PYSEC-2026-494 Excessive Attack Surface in pyload-ng

Excessive Attack Surface in GitHub repository pyload/pyload prior to 0.5.0b3.dev41...

9.8CVSS5.8AI score0.0072EPSS
Exploits1References6
cvelist
cvelist
added 2026/06/27 1:43 a.m.39 views

CVE-2025-59868 HCL Traveler for Microsoft Outlook (HTMO) is susceptible to sensitive data exposure

HCL Traveler for Microsoft Outlook HTMO is susceptible to a sensitive data exposure vulnerability which could allow an attacker to exploit application information to then attempt additional attacks and cause unknown behavior in the application...

5.5CVSS0.00108EPSS
Exploits0References1
euvd
euvd
added 2026/06/26 10:21 p.m.11 views

EUVD-2026-38060

js-toml vulnerable to CPU exhaustion via On^2 BigInt construction on radix-prefixed integer literals...

7.5CVSS5.8AI score0.00415EPSS
Exploits1References4
osv
osv
added 2026/06/26 7:1 p.m.8 views

MAL-2026-6535 Malicious code in disksweep (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 31a2c10aba7f3468458529214868e2d8acd9717eb7985c47ab10cf4aed64f87c The package ships a 2.9 MB Windows PE32+ executable at bin/native/parser.node sha256 b1aace6c70312a39ca39e6bba1d9abc6aaf9b23171089b1a548adc89f67f83c3...

5.8AI score
Exploits0References2
osv
osv
added 2026/06/24 4:29 p.m.2 views

CVE-2026-53003 pppoe: drop PFC frames

In the Linux kernel, the following vulnerability has been resolved: pppoe: drop PFC frames RFC 2516 Section 7 states that Protocol Field Compression PFC is NOT RECOMMENDED for PPPoE. In practice, pppd does not support negotiating PFC for PPPoE sessions, and the current PPPoE driver assumes an...

7.5CVSS5.8AI score0.00508EPSS
Exploits0References11
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.19 views

PT-2026-50594

Name of the Vulnerable Software and Affected Versions Claude Code versions 0.2.54 through 2.1.162 Description The WebFetch tool pre-approved the hostname 'huggingface.co' as a bare hostname, allowing any path on that domain to be auto-approved without a permission prompt or restrictions from...

6CVSS5.9AI score0.00403EPSS
Exploits0References4
hackread
hackread
added 2026/06/11 2:0 p.m.15 views

Criminal IP at Infosecurity Europe 2026: Introducing AITEM, the Next Chapter of Attack Surface Management

Torrance, United States / California, 11th June 2026, CyberNewswire...

5.4AI score
Exploits0
packetstormnews
packetstormnews
added 2026/06/11 12:0 a.m.10 views

Joern 4.0.556

Joern is the bug hunter's workbench. With this tool, you can uncover attack surface, sloppy coding practices, and variants of known vulnerabilities using an interactive code analysis shell. Joern supports C, C++, LLVM bitcode, x86 binaries via Ghidra, JVM bytecode via Soot, and Javascript...

5.3AI score
Exploits0
redhatcve
redhatcve
added 2026/06/10 11:45 a.m.14 views

CVE-2026-47774

A denial-of-service vulnerability was found in Envoy's HTTP/2 HPACK header compression implementation. A remote attacker could send a specially crafted HTTP/2 request that triggers disproportionately large memory allocations on the server, leading to resource exhaustion and denial of service...

7.5CVSS5.7AI score0.00815EPSS
Exploits1References3
ossf
ossf
added 2026/06/09 5:29 p.m.19 views

Malicious code in ui-ng-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 198750c8e5d6f4d8a3f3f788a2fd9286f43b5a447bb0e3495b50663c44ddd2a7 Package [email protected] is an empty shell index.js exports , no author, no description, no functionality with a single dependency declared as...

5.9AI score
Exploits0References2
snyk
snyk
added 2026/06/09 12:0 a.m.12 views

Improper Neutralization of Special Elements in Data Query Logic

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the @Query regex parameter binding when a bound parameter is placed inside a regular expression literal using \Q...\E quoting e.g. @Query" name : /^\\Q?0\\E$/ "...

8.2CVSS5.3AI score0.00262EPSS
Exploits0References2
osv
osv
added 2026/06/08 11:2 p.m.10 views

GHSA-5XRH-QMMQ-W6CH Netty: SCTP reassembly nests buffers without bound

For each non-complete SctpMessage fragment the handler does fragments.putstreamId, Unpooled.wrappedBufferfrag, byteBuf, wrapping the previous accumulator and the new slice into a new CompositeByteBuf every time. After N fragments the accumulator is an N-deep chain of composites, each holding...

7.5CVSS5.7AI score0.0038EPSS
Exploits0References5
githubexploit
githubexploit
added 2026/06/07 4:26 a.m.117 views

defi-exploit-pipeline

DeFi Exploit Pipeline Pipeline otomatis untuk menganalisis sm...

5.5AI score
Exploits0
redhatcve
redhatcve
added 2026/06/05 7:38 p.m.9 views

CVE-2026-34277

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: Fluid Core. Supported versions that are affected are 8.61-8.62. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise...

6.6CVSS7.3AI score0.00218EPSS
Exploits0References1
susecve
susecve
added 2026/05/30 2:6 a.m.17 views

SUSE CVE-2026-42534

NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability in the jostle logic that could defeat its purpose and degrade resolution performance. Retransmits of the same query could renew the age of slow running queries and not allow the jostle logic to see them as aged and potentia...

5.9CVSS5.7AI score0.00519EPSS
Exploits0References12
packetstormnews
packetstormnews
added 2026/05/29 12:0 a.m.17 views

Joern 4.0.551

Joern is the bug hunter's workbench. With this tool, you can uncover attack surface, sloppy coding practices, and variants of known vulnerabilities using an interactive code analysis shell. Joern supports C, C++, LLVM bitcode, x86 binaries via Ghidra, JVM bytecode via Soot, and Javascript...

5.9AI score
Exploits0
githubexploit
githubexploit
added 2026/05/27 10:59 a.m.124 views

Hunting-Bugs

2026 Practical Bug Bounty Guide Built on real-world experie...

5.8AI score
Exploits0
Rows per page
Query Builder