Lucene search
K

61341 matches found

OSV
OSV
added 2026/06/12 12:25 p.m.7 views

OESA-2026-2641 ImageMagick security update

Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats over 200 including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images,...

7.5CVSS5.3AI score0.00353EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/12 11:54 a.m.8 views

EUVD-2026-36416

Quest Bot is an opensource Discord Bot. Prior to version 1.1.8, any user who can access the ticket panel can repeatedly create new ticket channels. The latest release still creates a new database ticket and Discord channel for every completed ticket modal submission, without checking whether the...

5.3CVSS5.2AI score0.00235EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/12 11:7 a.m.8 views

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview org.apache.cxf:cxf-rt-rs-security-oauth2 is a services framework. Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition due to a race condition in the AbstractOAuthDataProvider method when handling refresh tokens if the recycleRefreshTokens...

9.1CVSS5.4AI score0.00294EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/12 8:56 a.m.5 views

CVE-2026-50628 Apache CXF: OAuth2: Inverted IP Binding Check Defeats Security Control

A logic error in OAuthRequestFilter rejects legitimate requests originating from the bound IP address, while blindly allowing requests from any other IP address. Enabling this security feature inadvertently creates an inverse security check. Users are recommended to upgrade to versions 4.2.2 or...

5.2AI score0.00629EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 8:56 a.m.34 views

CVE-2026-50628

CVE-2026-50628 concerns Apache CXF’s OAuthRequestFilter, where a logic error creates an inverted IP binding check: legitimate requests from the bound IP are rejected while requests from other IPs are allowed. Red Hat’s advisory attributes this to the OAuthRequestFilter component of CXF and notes ...

9.8CVSS5.3AI score0.00629EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/12 8:52 a.m.11 views

CVE-2026-50623 Apache CXF: Authentication Bypass in OAuth2 TokenIntrospectionService

An authentication bypass vulnerability exists in the OAuth2 TokenIntrospectionService in Apache CXF. Due to a missing 'throw' keyword in the security context check, the introspection endpoint /services/oauth2/introspect can be accessed by any unauthenticated network attacker. However note that th...

5.3AI score0.00371EPSS
Exploits0References1
OSV
OSV
added 2026/06/12 8:43 a.m.5 views

BIT-JENKINS-2026-53438

A missing permission check in Jenkins 2.567 and earlier, LTS 2.555.2 and earlier allows attackers with Item/Cancel permission, but lacking Item/Read permission, to cancel queue items they do not have permission to view...

4.3CVSS5.4AI score0.00213EPSS
Exploits0References2
OSV
OSV
added 2026/06/12 8:43 a.m.5 views

BIT-JENKINS-2026-53436

Jenkins 2.567 and earlier, LTS 2.555.2 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins when it contains relative path segments ./ or ../, allowing attackers to perform phishing attacks...

4.3CVSS5.3AI score0.00282EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/12 8:39 a.m.7 views

CVE-2026-46557

A flaw was found in ImageMagick. A local attacker could exploit a missing depth check in the fx operation by providing a specially crafted argument. This could lead to a stack overflow, resulting in a denial of service DoS for the application...

6.2CVSS5.1AI score0.0012EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/06/12 2:25 a.m.5 views

SUSE CVE-2026-46557

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-23, due to a missing depth check a stack overflow can occur in the fx operation by passing a crafted argument. This issue has been patched in version 7.1.2-23...

6.2CVSS5.3AI score0.0012EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/12 2:25 a.m.7 views

SUSE CVE-2026-48860

Reliance on IP Address for Authentication vulnerability in Erlang/OTP ssl inettlsdist module allows unauthenticated bypass of the distribution-over-TLS LAN allowlist. The inettlsdist:checkip/1 function, which enforces a LAN allowlist for Erlang distribution over TLS, calls inet:sockname/1 instead...

7.5CVSS5.4AI score0.00194EPSS
Exploits0References3
Packet Storm
Packet Storm
added 2026/06/12 12:0 a.m.50 views

📄 Check Point VPN IKE Logic Flaw

This is a Python script attempting to exploit a vulnerability in Check Point VPN by sending a malformed IKESAINIT packet to UDP port 500, detecting whether the target responds as an indicator of exploitability, then executing a MITM attack to intercept IKE packets between a victim and a VPN...

9.3CVSS5.7AI score0.71051EPSS
Exploits5
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.14 views

PT-2026-48999

Name of the Vulnerable Software and Affected Versions MISP affected versions not specified Description An issue in the non-REST event editing path allows an authenticated user with event edit permissions to manipulate submitted form data. By tampering with the event edit request, a user can set t...

6.1CVSS5.2AI score0.00226EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.13 views

PT-2026-48896

The SimpleRBACAuthorizationProvider authorization provider in versions 0.5.0 or later of the ChromaDB Python project evaluates whether a user holds a given permission but never checks which tenant, database, or collection that permission applies to allowing users to perform cross tenant actions...

8.8CVSS5AI score0.00237EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.16 views

PT-2026-49006

Name of the Vulnerable Software and Affected Versions ApostropheCMS versions prior to 4.30.1 Description A prototype pollution issue exists in the apos.util.set function, which traverses dot-notation paths without sanitizing the proto property. This allows an authenticated editor to write arbitra...

9.1CVSS5.4AI score0.00237EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.9 views

PT-2026-49068

Name of the Vulnerable Software and Affected Versions File Browser versions prior to 2.63.7 Description An authenticated user can create a public share for an arbitrary path that does not yet exist. The system stores the share record without verifying the file's existence. Consequently, if a file...

8.4CVSS6AI score0.00175EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.11 views

PT-2026-49065

Name of the Vulnerable Software and Affected Versions File Browser versions prior to 2.63.6 Description Lack of maximum length validation for passwords allows an arbitrarily large string to be passed into the login API. When a large password is submitted, the CheckPwd function in users/password.g...

6.5CVSS5.8AI score0.00484EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.8 views

EulerOS Virtualization 2.13.0 : util-linux (EulerOS-SA-2026-2420)

According to the versions of the util-linux packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU Time-of-Check- Time-of-Use vulnerabilit...

5.3CVSS5.5AI score0.00436EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.9 views

EulerOS Virtualization 2.13.0 : libcap (EulerOS-SA-2026-2402)

According to the versions of the libcap packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use TOCTOU race condition in the...

7CVSS5.5AI score0.00188EPSS
Exploits1References2
Snyk
Snyk
added 2026/06/11 9:13 p.m.5 views

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition via the exec process. An attacker can execute unauthorized commands by bypassing intended allowlist validation using combined shell options...

8.8CVSS6AI score0.00419EPSS
Exploits0References2
Rows per page
Query Builder