Lucene search
K

545 matches found

EUVD
EUVD
added 2026/05/29 12:11 p.m.10 views

EUVD-2026-33283

An unhandled exception in Suprema BioStar 2 Server, versions 2.9.8, 2.9.10, and 2.9.11, that allows an unauthenticated remote attacker to cause a denial of service DoS by sending HTTP POST requests to the ‘/api/migration’ endpoint. This request triggers a failure that halts critical processes,...

8.7CVSS5.9AI score0.00137EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/15 3:4 a.m.3 views

CVE-2026-0481

Unrestricted IP address binding in the AMD Device Metrics Exporter ROCm ecosystem could allow a remote attacker to perform unauthorized changes to the GPU configuration, potentially resulting in loss of availability...

9.2CVSS5.8AI score0.00194EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/15 12:0 a.m.8 views

PT-2026-41239

Improper validation in Power Management Firmware PMFW may allow an attacker with privileges to pass malformed workload arguments when exporting table data from SMU to DRAM potentially resulting in a loss of confidentiality and/or availability...

6.8CVSS5.8AI score0.00017EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.9 views

PT-2026-40970

Summary Fleet contained a denial-of-service DoS issue in the gRPC Launcher PublishLogs endpoint. In affected versions, certain unexpected input values were not handled gracefully, which could cause the Fleet server process to terminate while processing an authenticated request from an enrolled...

8.7CVSS5.9AI score0.00115EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/12 3:31 a.m.7 views

EUVD-2026-29365

SAP Financial Consolidation allows an authenticated attacker to disconnect other users by terminating their sessions temporarily preventing access. However, the application itself cannot be compromised resulting in a low impact on availability. There is no impact on confidentiality and integrity ...

4.3CVSS5.8AI score0.00014EPSS
Exploits0References3
NVD
NVD
added 2026/05/12 3:16 a.m.8 views

CVE-2026-40135

An OS Command Injection vulnerability exists in the SAP NetWeaver Application Server for ABAP and ABAP Platform that allows an authenticated attacker with administrative access to execute specially crafted shell commands on the server, bypassing the logging mechanism. This allows the execution of...

6.5CVSS0.00129EPSS
Exploits0References2
CVE
CVE
added 2026/05/12 2:21 a.m.16 views

CVE-2026-40136

Technical details are not publicly available in the provided documents; no affected versions, vectors, or mitigations are specified. Monitor for updates to SAP Financial Consolidation CVE-2026-40136.

4.3CVSS5.8AI score0.00014EPSS
Exploits0References2
CVE
CVE
added 2026/05/12 2:19 a.m.11 views

CVE-2026-0502

The CVE-2026-0502 entry concerns SAP BusinessObjects Business Intelligence Platform with a CSRF protection flaw. An authenticated user can be tricked into sending unintended requests to the web server, leading to low impact on integrity and availability and no confidentiality impact. Public detai...

5.4CVSS5.8AI score0.00006EPSS
Exploits0References2
ICS
ICS
added 2026/05/12 12:0 a.m.7 views

Siemens Opcenter RDnL

SUMMARY Opcenter RDnL is affected by missing authentication in critical function in ‘ActiveMQ Artemis’. An unauthenticated attacker within the adjacent network could use the Core protocol to force a target broker to establish an outbound Core federation connection to an attacker-controlled rogue...

9.8CVSS7.3AI score0.00156EPSS
Exploits1References10
Atlassian
Atlassian
added 2026/05/11 11:33 p.m.17 views

DoS (Denial of Service) at commons-fileupload dependency in Crucible Server

This High severity DoS Denial of Service vulnerability was introduced in version 4.9.0 of Crucible Server. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an unauthenticated attacker to cause a resource to...

7.5CVSS5.8AI score0.37743EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.3 views

Unity Linux 20.1060e / 20.1070e Security Update: ImageMagick (UTSA-2026-017523)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017523 advisory. A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in t...

5.5CVSS6.5AI score0.00125EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.4 views

Unity Linux 20.1060e / 20.1070e Security Update: ImageMagick (UTSA-2026-017577)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017577 advisory. A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior i...

4.3CVSS6.7AI score0.00397EPSS
Exploits1References4
Packet Storm News
Packet Storm News
added 2026/05/11 12:0 a.m.4 views

GhostLock: SMB Deny-Share Handles As a Zero-Privilege Availability Weapon

GhostLock demonstrates that a low-privileged Windows domain user with standard read access to an SMB share can produce ransomware-equivalent organizational availability impact with zero writes, zero encryption, and zero signals in every behavioral defense the modern enterprise security stack...

5.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/05/06 11:17 p.m.5 views

CVE-2026-43249

A flaw was found in the Linux kernel's 9p/xen filesystem driver. A race condition can occur when the xenwatch thread and other back-end change notifications concurrently attempt to free the front-end state using the xen9pfsfrontfree function. This can lead to a double-free vulnerability, resultin...

8.8CVSS5.8AI score0.00022EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.5 views

PT-2026-38077

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Oracle Java SE: 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10;...

7.5CVSS7.3AI score0.00066EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.17 views

Astra Linux - уязвимость в edk2

EDK2’s Network Package is vulnerable to an infinite loop vulnerability when parsing unknown options in the Destination Options header of IPv6. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of availability...

7.5CVSS6.9AI score0.00462EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/04/28 6:10 p.m.1 views

CVE-2026-41408 OpenClaw < 2026.3.31 - Disk Exhaustion via Media Download Bypass

OpenClaw before 2026.3.31 contains a resource exhaustion vulnerability in media downloads that bypasses core safety limits for file size, count, and cleanup operations. Attackers can exhaust disk space by downloading media files without triggering intended safety restrictions, causing availabilit...

4.3CVSS5.2AI score0.00051EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.3 views

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: python3 (UTSA-2026-013021)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013021 advisory. When building nested elements using xml.dom.minidom methods such as appendChild that have a dependency on clearidcache the algorithm is quadratic. Availability can b...

6.3CVSS7.3AI score0.00128EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/17 6:31 p.m.1 views

EUVD-2025-209469

An access control vulnerability was discovered in the Threat Intelligence functionality due to a specific access restriction not being properly enforced for users with view-only privileges. An authenticated user with view-only privileges for the Threat Intelligence functionality can perform...

8.1CVSS5.8AI score0.00047EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/14 12:8 a.m.20 views

CVE-2026-34256 Missing Authorization check in SAP ERP and SAP S/4 HANA (Private Cloud and On-Premise)

Due to a missing authorization check in SAP ERP and SAP S/4HANA Private Cloud and On-Premise, an authenticated attacker could execute a particular ABAP report to overwrite any existing eight?character executable ABAP report without authorization. If the overwritten report is subsequently executed...

7.1CVSS0.00047EPSS
Exploits0References2
Rows per page
Query Builder