Lucene search
K

6098 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.12 views

Astra Linux – Vulnerability in Zabbix

The Zabbix server can execute commands for configured scripts. After the command is executed, an audit entry is added to the “Audit Log”. Since the “clientip” field is not sanitized, it is possible to inject SQL code into the “clientip” field and exploit time-based blind SQL injections...

9.1CVSS7.4AI score0.76618EPSS
Exploits5References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Audit: Added missing syscalls to the read class. The “at” variant of getxattr and listxattr are missing from the audit read class. Calling getxattrat or listxattrat on a file to read its extended attributes will bypass audit rule...

5.5CVSS5.8AI score0.00125EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/18 4:31 a.m.10 views

EUVD-2026-37837

The Equalize Digital Accessibility Checker – WCAG, ADA, EAA and Section 508 compliance plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.42.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This mak...

4.3CVSS5.3AI score0.00245EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/06/17 1:40 p.m.12 views

Important: Red Hat Security Advisory: Logging for Red Hat OpenShift - 6.0.15

Logging for Red Hat OpenShift - 6.0.15 Red Hat OpenShift Logging 6.0.15 is a cluster-wide logging solution for OpenShift that collects and manages applications, infrastructure, and audit logs...

8.8CVSS7.1AI score0.00728EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.18 views

PT-2026-50555

Name of the Vulnerable Software and Affected Versions Steeltoe.Discovery.Eureka versions prior to 3.4.0 Steeltoe.Discovery.Eureka versions prior to 4.2.0 Description The DataCenterInfo.FromJson function throws an ArgumentException when it encounters any name value other than "MyOwn" or "Amazon"...

7.5CVSS5.9AI score0.00339EPSS
Exploits0References10
OSV
OSV
added 2026/06/16 12:37 p.m.6 views

BIT-DISCOURSE-2026-44779 Discourse: Bot debug endpoints disclose whisper translation audit logs

Discourse is an open-source discussion platform. From versions 2026.1.0 to before 2026.1.4, 2026.3.0 to before 2026.3.1, and 2026.4.0 to before 2026.4.1, bot debug endpoints disclose whisper translation audit logs. This issue has been patched in versions 2026.1.4, 2026.3.1, 2026.4.1, and 2026.5.0...

4.3CVSS5.2AI score0.00235EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/06/16 7:39 a.m.71 views

Exploit for UNIX Symbolic Link Following in Litespeedtech Litespeed_Cpanel_Plugin

CVE-2026-54420 Mitigation Toolkit !Licensehttps://img.shie...

8.5CVSS5.8AI score0.01261EPSS
Exploits3
GithubExploit
GithubExploit
added 2026/06/14 7:26 p.m.92 views

VulnPilot

VulnPilot VulnPilot is an automation framework for vulnerabil...

5.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/14 12:0 a.m.15 views

openSUSE 16 Security Update : mariadb (openSUSE-SU-2026:20933-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20933-1 advisory. This update for mariadb fixes the following issues Update to 11.8.8: - CVE-2026-3494: audit plugin comment handling bypass bsc1259176. -...

10CVSS6.8AI score0.00998EPSS
Exploits1References36
NVD
NVD
added 2026/06/12 9:16 p.m.15 views

CVE-2026-44779

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, bot debug endpoints disclose whisper translation audit logs. This issue has been patched in versions 2026.1.4, 2026.3.1,...

4.3CVSS0.00235EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 8:22 p.m.11 views

EUVD-2026-36583

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, bot debug endpoints disclose whisper translation audit logs. This issue has been patched in versions 2026.1.4, 2026.3.1,...

4.3CVSS5.2AI score0.00235EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 8:22 p.m.35 views

CVE-2026-44779

CVE-2026-44779 affects Discourse. From versions 2026.1.0-latest up to before 2026.1.4, 2026.3.0-latest up to before 2026.3.1, and 2026.4.0-latest up to before 2026.4.1, bot debug endpoints disclose whisper translation audit logs. The issue has been patched in 2026.1.4, 2026.3.1, 2026.4.1, and 202...

4.3CVSS5.2AI score0.00235EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/12 8:22 p.m.32 views

CVE-2026-44779 Discourse: Bot debug endpoints disclose whisper translation audit logs

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, bot debug endpoints disclose whisper translation audit logs. This issue has been patched in versions 2026.1.4, 2026.3.1,...

4.3CVSS0.00235EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/12 8:22 p.m.26 views

CVE-2026-44779 Discourse: Bot debug endpoints disclose whisper translation audit logs

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, bot debug endpoints disclose whisper translation audit logs. This issue has been patched in versions 2026.1.4, 2026.3.1,...

4.3CVSS5.2AI score0.00235EPSS
Exploits0References1
OSV
OSV
added 2026/06/12 3:4 p.m.8 views

GHSA-6JQ6-X4CX-QVCM Firefly II has Stored XSS in Audit Log Entry view via piggy bank name (ale.twig)

Summary The Twig template resources/views/list/ale.twig renders the piggy bank name from AuditLogEntry.after.piggy using the |raw filter, bypassing Twig's auto-escaping. A piggy bank created with an HTML payload in its name executes arbitrary JavaScript in any browser viewing that transaction's...

5.1CVSS5.5AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/12 3:4 p.m.14 views

Firefly II has Stored XSS in Audit Log Entry view via piggy bank name (ale.twig)

Summary The Twig template resources/views/list/ale.twig renders the piggy bank name from AuditLogEntry.after.piggy using the |raw filter, bypassing Twig's auto-escaping. A piggy bank created with an HTML payload in its name executes arbitrary JavaScript in any browser viewing that transaction's...

5.5AI score
Exploits0References3Affected Software1
SUSE CVE
SUSE CVE
added 2026/06/12 2:32 a.m.13 views

SUSE CVE-2026-11792

A heap buffer overflow flaw was found in 389 Directory Server. When audit logging is enabled, the createmaskedentrystring function in auditlog.c copies a fixed-length password mask into a precisely-sized heap buffer without checking available space. If a short cleartext password is logged requiri...

3.3CVSS5.7AI score0.00258EPSS
Exploits0References3
Packet Storm News
Packet Storm News
added 2026/06/12 12:0 a.m.8 views

HTTP/2 Exposure Auditor

The script safely evaluates HTTP/2 exposure by negotiating ALPN, initiating a minimal HTTP/2 session, collecting server SETTINGS frames, and identifying potentially permissive protocol configurations. It avoids stream amplification, flooding behavior, connection fan-out, and sustained resource...

5.3AI score
Exploits0
Amazon
Amazon
added 2026/06/12 12:0 a.m.10 views

Medium: mariadb114

Issue Overview: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to...

6.5CVSS6.7AI score0.00303EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.14 views

PT-2026-48977

Name of the Vulnerable Software and Affected Versions Discourse versions 2026.1.0-latest through 2026.1.3 Discourse versions 2026.3.0-latest through 2026.3.0 Discourse versions 2026.4.0-latest through 2026.4.0 Description Bot debug endpoints disclose whisper translation audit logs. Recommendation...

4.3CVSS5.2AI score0.00235EPSS
Exploits0References5
Rows per page
Query Builder