Lucene search
K

1491 matches found

OSV
OSV
added 2026/07/01 12:0 a.m.3 views

ALSA-2026:34355 Moderate: mod_http2 security, bug fix, and enhancement update

The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers. Security Fixes: httpd: modhttp2: Apache HTTP Server modhttp2: Use After Free vulnerability allows arbitrary code execution or denial of service. CVE-2026-48913 httpd: Apache HTTP Server:...

7.3CVSS6.4AI score0.00525EPSS
Exploits0References6
OSV
OSV
added 2026/07/01 12:0 a.m.2 views

ALSA-2026:34359 Important: opentelemetry-collector security update

Collector with the supported components for a AlmaLinux build of OpenTelemetry Security Fixes: github.com/prometheus/prometheus: Prometheus: Denial of Service via uncontrolled memory allocation in remote read endpoint CVE-2026-42154 github.com/prometheus/prometheus: Prometheus: Information...

9.6CVSS7.5AI score0.00904EPSS
Exploits0References14
Circl
Circl
added 2026/06/28 9:0 p.m.8 views

CVE-2026-8383

creationtimestamp| type| source ---|---|--- 2026-06-28 21:00:03+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2026/CVE-2026-8383.yaml 2026-06-29 00:00:03+00:00| confirmed|...

5.3CVSS5.8AI score0.00424EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.11 views

Oracle Linux 9 : openssl (ELSA-2026-25239)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-25239 advisory. - Fix CVE-2026-7383, CVE-2026-9076, CVE-2026-34180, CVE-2026-34181, CVE-2026-34183, CVE-2026-42764, CVE-2026-42766, CVE-2026-42767, CVE-2026-42768,...

9.1CVSS7.2AI score0.02719EPSS
Exploits0References16
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in Linux 5.10, Linux

Several Linux PV device frontends are vulnerable to attacks by backends that use grant table interfaces to remove access rights in a way that is subject to race conditions. This can lead to potential data leaks, data corruption by malicious backends, and denial of service attacks. The blkfront,...

7CVSS6.6AI score0.00351EPSS
Exploits0References2
OSV
OSV
added 2026/06/19 12:1 a.m.5 views

RLSA-2026:26709 Important: xorg-x11-server security, bug fix, and enhancement update

X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Security Fixes: xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: stack buffer overflow in font alias resolution du...

7.8CVSS5.7AI score0.00165EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2026/06/15 12:0 a.m.6 views

Oracle Linux 8 : webkit2gtk3 (ELSA-2026-25918)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-25918 advisory. 2.52.4-1 - Update to 2.52.4 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus h...

8.8CVSS6.8AI score0.00693EPSS
Exploits0References17
NVD
NVD
added 2026/06/12 4:16 p.m.11 views

CVE-2026-50083

The Aqara IAM/SSO Gateway gw-builder.aqara.com used a hardcoded OAuth client credential, which is an instance of "CWE-798: Use of Hard-coded Credentials." This issue has an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 9.1 Critical. When combined with CVE-2026-50082, CVE-50084, a...

9.1CVSS0.00246EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.25 views

PT-2026-48909

Name of the Vulnerable Software and Affected Versions Aqara Board service affected versions not specified Description The Aqara Board service at the endpoint "op-test.aqara.com" accepts arbitrary MQTT command payloads and forwards them to the platform's HiveMQ broker without authentication. This...

8.6CVSS5.4AI score0.00278EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.14 views

PT-2026-48907

The Aqara IAM/SSO Gateway gw-builder.aqara.com used a hardcoded OAuth client credential, which is an instance of "CWE-798: Use of Hard-coded Credentials." This issue has an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 9.1 Critical. When combined with CVE-2026-50082, CVE-50084, a...

9.1CVSS5.4AI score0.00246EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.18 views

Fedora 44 : openssl (2026-228373a496)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-228373a496 advisory. Rebase to OpenSSL 3.5.7 Fixes CVE-2026-45447 Fixes CVE-2026-34182 Fixes CVE-2026-34183 Fixes CVE-2026-42764 Fixes CVE-2026-45445 Fixes CVE-2026-7383...

9.1CVSS5.4AI score0.02719EPSS
Exploits0References16
OSV
OSV
added 2026/06/11 12:3 p.m.14 views

RLSA-2026:22714 Important: osbuild-composer security update

A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients. Security Fixes: golang:...

9.1CVSS6.8AI score0.01945EPSS
Exploits3References11
OPENSUSE Linux
OPENSUSE Linux
added 2026/06/11 12:0 a.m.10 views

Security update for java-17-openj9 (important)

openSUSE Security Update: Security update for java-17-openj9 Announcement ID: openSUSE-SU-2025:0067-1 Rating: important References: 1204468 1204471 1204472 1204473 1204475 1204480 1204703 1206549 1207246 1207248 1207922 1210628 1210631 1210632 1210634 1210635 1210636 1210637 1211615 1213470 12134...

7.5CVSS6.6AI score0.02474EPSS
Exploits1References50
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.10 views

Fedora 44 : chromium (2026-15e444c3bb)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-15e444c3bb advisory. Update to 149.0.7827.53 fix 429 CVEs CVE-2026-10881 through CVE-2026-11309 Tenable has extracted the preceding description block directly from the...

9.6CVSS5.9AI score0.0039EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.14 views

Fedora 44 : rust (2026-e251935c8f)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-e251935c8f advisory. Update to Rust 1.96.0: New Range types Assert matching patterns Changes to WebAssembly targets Stabilized APIs Cargo CVE-2026-5222 and CVE-2026-5223...

6.5CVSS5.6AI score0.00328EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.16 views

EulerOS Virtualization 2.10.1 : kernel (EulerOS-SA-2026-2022)

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : bpf, cpumap: Make sure kthread is running before map update returnsCVE-2023-53577 macvlan: fix error recovery in...

7.8CVSS6AI score0.00468EPSS
Exploits0References32
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.19 views

PT-2026-46955

Six live production platforms were compromised during responsible disclosure testing. LiteLLM CVE-2026-30623, Critical, patched, Windsurf CVE-2026-30615, Critical, reported, Bisheng CVE-2026-33224, Critical, patched, and DocsGPT CVE-2026-26015, Critical, patched…...

10CVSS5.7AI score0.01168EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/06/04 12:0 a.m.10 views

AlmaLinux 10 : ruby4.0 (ALSA-2026:20606)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:20606 advisory. ruby/json: Ruby JSON: Denial of Service or Information Disclosure via format string injection CVE-2026-33210 erb: ERB: Arbitrary code execution via...

9.1CVSS6.8AI score0.01131EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/01 12:0 a.m.19 views

Debian dsa-6316 : chromium - security update

The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6316 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6316-1 [email protected]...

9.6CVSS6.1AI score0.00412EPSS
Exploits0References305
vulnersOsv
vulnersOsv
added 2026/05/31 9:0 p.m.6 views

@redhat-cloud-services/access-requests-frontend (>=1.2.0 <=1.2.11), @redhat-cloud-services/frontend-components (>=0.0.1 <=7.7.1) +20 more potentially affected by unknown CVE via @redhat-cloud-services/types (=3.6.0)

@redhat-cloud-services/types NPM version =3.6.0 is affected by a known vulnerability. The following packages have a transitive dependency on @redhat-cloud-services/types and may be impacted: - @redhat-cloud-services/access-requests-frontend =1.2.0, =0.0.1, =1.0.0, =0.0.1, =0.0.1, =0.0.1, =0.0.1,...

5.5AI score
Exploits0
Rows per page
Query Builder