Lucene search
K

61341 matches found

AlpineLinux
AlpineLinux
added 2026/06/10 1:5 p.m.8 views

CVE-2026-53438

A missing permission check in Jenkins 2.567 and earlier, LTS 2.555.2 and earlier allows attackers with Item/Cancel permission, but lacking Item/Read permission, to cancel queue items they do not have permission to view...

4.3CVSS5.5AI score0.00213EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/10 12:31 p.m.9 views

samba: Remote Code Execution in SAMR

A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that use the "check password script" feature. If this script is configured with the %u substitution character, the client-controlled username is passed without proper...

9.8CVSS5.7AI score0.02501EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/06/10 2:25 a.m.8 views

SUSE CVE-2026-46327

In the Linux kernel, the following vulnerability has been resolved: dm: fix unlocked test for dmsuspendedmd The function dmblkreportzones tests if the device is suspended with the "dmsuspendedmd" call. However, this function is called without holding any locks, so the device may be suspended just...

7.8CVSS5.4AI score0.0012EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/10 12:31 a.m.12 views

EUVD-2026-35879

BuddyPress 14.4.0 contains an insecure direct object reference vulnerability in the friends REST API that allows any authenticated attacker to enumerate another user's complete friend list. Attackers can query the friends endpoint with an arbitrary userid because the getitemspermissionscheck meth...

5.3CVSS5.6AI score0.00193EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/10 12:31 a.m.11 views

EUVD-2026-35909

JsonPulsarHeaderMapper matched type headers against trusted packages using a prefix check, meaning that trusting any package implicitly trusted all of its subpackages. Additionally, an empty trusted-packages configuration fell back to trusting all packages rather than applying a safe default...

8.1CVSS5.5AI score0.00347EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

OpenVM 输入验证错误漏洞

OpenVM is an open-source, high-performance, and modularized zkVM framework designed for customization and scalability. Prior to OpenVM 1.6.0, there was a vulnerability related to input validation errors. This vulnerability stemmed from the tryhonestpairingcheck function in the openvm-pairing...

8.7CVSS5.3AI score0.00226EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.10 views

Roxy-WI 安全漏洞

Roxy-WI is an open-source web interface designed for managing Haproxy, Nginx, and Keepalived servers. Roxy-WI versions 8.2.6.4 and earlier contain security vulnerabilities. These vulnerabilities stem from the PUT /smon/check endpoint, which only verifies that the caller belongs to a certain group...

9.1CVSS5.3AI score0.00196EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.13 views

Jenkins 输入验证错误漏洞

Jenkins is an open-source application developed by Jenkins Project. The open-source automation server Jenkins offers hundreds of plugins to support building, deploying, and automating any project. Versions of Jenkins prior to 2.567, as well as LTS versions prior to 2.555.2, contain a vulnerabilit...

4.3CVSS5.4AI score0.00282EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.10 views

Erlang/OTP 安全漏洞

Erlang/OTP is an open-source JavaScript library for handling exceptions. This library can catch exceptions caused by the built-in APIs of node.js. Erlang/OTP has security vulnerabilities in versions prior to 11.7.2, as well as versions 11.6.0.2 and 11.2.12.9. The vulnerability stems from the...

7.5CVSS5.3AI score0.00194EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.13 views

PT-2026-48494

In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the 'admin' or 'power' Splunk roles could craft a malicious classic dashboard that...

5.7CVSS5.5AI score0.00247EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.14 views

PT-2026-48536

Name of the Vulnerable Software and Affected Versions OpenVM versions prior to 1.6.0 Description The try honest pairing check function in the openvm-pairing guest library fails to verify that the scaling factor s is within a proper subfield of Fp12. This omission can lead to incorrect results...

8.7CVSS5.2AI score0.00226EPSS
Exploits0References5
Packet Storm News
Packet Storm News
added 2026/06/10 12:0 a.m.6 views

Android Wireless ADB Wireless Port Checker Flipper Zero GUI Application

This program is a Flipper Zero application that checks whether the Android Debug Bridge ADB wireless debugging port 5555 is open on a specified IP address. It integrates with the Flipper GUI system to display results directly on the device screen...

5.5AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.12 views

PT-2026-48467

Name of the Vulnerable Software and Affected Versions Erlang/OTP versions 26.0 through 29.0.1 Erlang/OTP version 28.5.0.1 and earlier Erlang/OTP version 27.3.4.12 and earlier ssl versions 11.0 through 11.7.1 ssl version 11.6.0.1 and earlier ssl version 11.2.12.8 and earlier Description An issue i...

7.5CVSS6AI score0.00194EPSS
Exploits0References11
Spring Security Advisories
Spring Security Advisories
added 2026/06/10 12:0 a.m.7 views

CVE-2026-40992: Mail Auto-Configuration Does Not Enable SSL Hostname Verification

Spring Boot's Mail auto-configuration does not enable hostname verification. Applications that set the relevant JavaMail property, such as spring.mail.properties.mail.smtp.ssl.checkserveridentity=true , are not affected...

5CVSS5.8AI score0.00123EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.11 views

PT-2026-48571

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 6.9.13-50 ImageMagick versions prior to 7.1.2-25 Description A heap-use-after-free occurs when an allocation fails in the CheckPrimitiveExtent function, which can lead to a system crash. Heap-use-after-free is a...

7.5CVSS5.4AI score0.00353EPSS
Exploits0References51
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.11 views

PT-2026-48565

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 6.9.13-48 ImageMagick versions prior to 7.1.2-24 Description A missing check of a return value in the MAT decoder on 32-bit systems can lead to a heap buffer over-write. A heap buffer over-write occurs when a...

7.5CVSS5.7AI score0.00441EPSS
Exploits0References81
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.28 views

PT-2026-48532

Name of the Vulnerable Software and Affected Versions UpdraftPlus: WP Backup & Migration Plugin versions prior to 1.26.5 Description An authentication bypass exists in the UpdraftPlus Remote Communications V2::wp loaded function due to insufficient validation of the remote communications message...

8.1CVSS6.5AI score0.03578EPSS
Exploits3References18
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.10 views

PT-2026-48423

Name of the Vulnerable Software and Affected Versions Jenkins versions prior to 2.568 Jenkins LTS versions prior to 2.555.3 Description A missing permission check allows attackers who possess the Item/Cancel permission, but lack the Item/Read permission, to cancel queue items that they are not...

4.3CVSS5.2AI score0.00213EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.14 views

PT-2026-48476

Affected: @hulumi/policies 1.4.0 — Fixed in: 1.4.0 — Severity: High — CWE-284 Improper Access Control Summary HULUMI-H1 forbids raw aws:s3:Bucket outside of Hulumi's SecureBucket component, with one exemption: a raw bucket that's a child of a SecureBucket is allowed because the component is...

8.5CVSS5.4AI score0.00039EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/10 12:0 a.m.5 views

RHEL 9 : kernel (RHSA-2026:25028)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:25028 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: net: openvswitch: Avoid...

8.2CVSS5.6AI score0.00463EPSS
Exploits0References7
Rows per page
Query Builder