Lucene search
+L

379 matches found

OSV
OSV
added 2026/06/24 1:9 p.m.5 views

OESA-2026-2691 mongo-c-driver security update

mongo-c-driver is a project that includes two libraries: libmongoc, a client library written in C for MongoDB. libbson, a library providing useful routines related to building, parsing, and iterating BSON documents. Security Fixes: The MongoDB C Driver's Cyrus SASL integration performs unsafe...

8.6CVSS6.1AI score0.00126EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.19 views

PT-2026-53084

Name of the Vulnerable Software and Affected Versions 7-Zip for Windows versions prior to 26.02 Description 7-Zip fails to preserve the Mark-of-the-Web MotW when extracting a specially crafted RAR5 archive. The software uses a guard to suppress archive-supplied Zone.Identifier streams, but it onl...

4.8CVSS5.8AI score0.00119EPSS
Exploits0References11
OSV
OSV
added 2026/06/19 9:42 p.m.7 views

GHSA-MWR2-WMGP-CRJ6 OpenBao's System Backend allows Unauthorized Management of the containing Namespace

Summary A user that is granted namespace management /sys/namespaces capabilities within a non-root namespace "the victim namespace" can abuse special handling of the literal path "root" in namespace path canonicalization to manage the victim namespace itself. Details Several endpoints under...

2.3CVSS6AI score
Exploits0References4
NVD
NVD
added 2026/06/19 9:17 p.m.13 views

CVE-2026-48794

Authelia is an open-source authentication and authorization server providing two-factor authentication and single sign-on SSO for applications via a web portal. In versions 4.36.0 through 4.39.19, due to lack of canonicalization of domains in very specific edge cases, an access control rule may b...

2.3CVSS0.00283EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/19 8:23 p.m.13 views

CVE-2026-48794

Authelia is an open-source authentication and authorization server providing two-factor authentication and single sign-on SSO for applications via a web portal. In versions 4.36.0 through 4.39.19, due to lack of canonicalization of domains in very specific edge cases, an access control rule may b...

2.3CVSS5.8AI score0.00283EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/19 7:18 p.m.12 views

GHSA-R46F-3RPW-HXRV Hugo: security.http.urls deny rules bypassed by alternate IPv4 encodings (SSRF)

Impact The default security.http.urls policy denies requests to loopback, internal, and cloud-metadata IPv4 literals e.g. http://127.0.0.1/, http://169.254.169.254/. The deny rule only matched dotted-decimal notation, so alternate IPv4 encodings of the same addresses — integer, hex, or octal, whi...

7.7CVSS5.9AI score0.00208EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/18 8:52 p.m.8 views

CVE-2026-49454

Relyra is a strict-by-default SAML 2.0 Service Provider library for Elixir and Phoenix. Versions 1.0.0 and 1.1.0 accept forged SAML signatures because SignatureValue was not cryptographically verified before the library returned a successful authentication result. The XMLDSig trust boundary was...

9.1CVSS5.3AI score0.00135EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.26 views

PT-2026-50796

Name of the Vulnerable Software and Affected Versions Relyra versions 1.0.0 through 1.1.0 Description Relyra is a SAML 2.0 Service Provider library for Elixir and Phoenix that accepts forged SAML signatures. This occurs because the SignatureValue is not cryptographically verified before the libra...

9.1CVSS5.8AI score0.00135EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.11 views

EulerOS Virtualization 2.13.1 : util-linux (EulerOS-SA-2026-2391)

According to the versions of the util-linux packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU Time-of-Check- Time-of-Use vulnerabilit...

5.3CVSS5.4AI score0.00436EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/06/11 5:3 a.m.32 views

CVE-2026-40987 Remote-file synchronizer in Spring Integration writes server-supplied filename under localDirectory without canonicalization

A malicious or compromised FTP/SFTP/SMB server can write arbitrary files anywhere on the client filesystem outside the configured local-directory with attacker-controlled content. Affected versions: Spring Integration 7.0.0 through 7.0.4; 6.5.0 through 6.5.8; 6.4.0 through 6.4.11; 6.3.0 through...

7.1CVSS0.0021EPSS
Exploits0References1
CVE
CVE
added 2026/06/11 5:3 a.m.37 views

CVE-2026-40987

CVE-2026-40987 affects Spring Integration across multiple tracked branches (7.0.0–7.0.4, 6.5.0–6.5.8, 6.4.0–6.4.11, 6.3.0–6.3.14, 5.5.0–5.5.20). The connected documents describe a vulnerability where a malicious or compromised FTP/SFTP/SMB server can cause the client to write arbitrary files anyw...

7.1CVSS5.6AI score0.0021EPSS
Exploits0References1
Spring Security Advisories
Spring Security Advisories
added 2026/06/10 12:0 a.m.12 views

cve-2026-40987 - HIGH - Remote-file synchronizer in Spring Integration writes server-supplied filename under localDirectory without canonicalization

cve-2026-40987 - HIGH - Remote-file synchronizer in Spring Integration writes server-supplied filename under localDirectory without canonicalization...

7.1CVSS6.1AI score0.0021EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/10 12:0 a.m.12 views

EulerOS 2.0 SP13 : util-linux (EulerOS-SA-2026-2317)

According to the versions of the util-linux packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU Time-of-Check- Time-of-Use vulnerability has been...

5.3CVSS5.5AI score0.00436EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/06/09 12:0 a.m.11 views

EulerOS 2.0 SP11 : util-linux (EulerOS-SA-2026-2268)

According to the versions of the util-linux packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in util-linux. Improper hostname canonicalization in the login1 utility, when invoked with the -h option, can modify the...

5.3CVSS5.5AI score0.00436EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/09 12:0 a.m.10 views

EulerOS 2.0 SP11 : util-linux (EulerOS-SA-2026-2231)

According to the versions of the util-linux packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in util-linux. Improper hostname canonicalization in the login1 utility, when invoked with the -h option, can modify the...

5.3CVSS5.5AI score0.00436EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.15 views

EulerOS Virtualization 2.12.1 : util-linux (EulerOS-SA-2026-2090)

According to the versions of the util-linux packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A vulnerability exists in util-linux package that allows access control bypass due to improper hostname...

5.3CVSS5.5AI score0.00436EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.11 views

EulerOS Virtualization 2.10.0 : util-linux (EulerOS-SA-2026-2065)

According to the versions of the util-linux packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in util-linux. Improper hostname canonicalization in the login1 utility, when invoked with the -h option, can...

5.3CVSS5.5AI score0.00436EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.12 views

EulerOS Virtualization 2.12.0 : util-linux (EulerOS-SA-2026-2115)

According to the versions of the util-linux packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A vulnerability exists in util-linux package that allows access control bypass due to improper hostname...

5.3CVSS5.5AI score0.00436EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/02 12:0 a.m.22 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : PHP vulnerabilities (USN-8336-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8336-1 advisory. Aleksey Solovev and Nikita Sveshnikov discovered that PHP improperly handled NUL bytes when preparing SQL queries in the...

9.8CVSS6.2AI score0.0078EPSS
Exploits1References10
OSV
OSV
added 2026/06/01 1:18 p.m.5 views

OPENSUSE-SU-2026:20864-1 Security update for evolution-data-server

This update for evolution-data-server fixes the following issues: - CVE-2026-2604: Canonicalize path before local cache file removal. bsc1258307...

5.6CVSS5.8AI score0.00189EPSS
Exploits0References2
Rows per page
Query Builder