Lucene search
K

604 matches found

Fedora
Fedora
added 2026/04/25 1:59 a.m.13 views

[SECURITY] Fedora 44 Update: openssh-10.2p1-8.fc44

SSH Secure SHell is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forward...

8.1CVSS5.7AI score0.00419EPSS
Exploits0
Wallarm Lab
Wallarm Lab
added 2026/04/22 12:0 p.m.8 views

Attacking the MCP Trust Boundary

Every secure API draws a line between code and data. HTTP separates headers from bodies. SQL has prepared statements. Even email distinguishes the envelope from the message. The Model Context Protocol MCP, the fast-growing standard for connecting AI agents to external services, inherits that gap...

5.9AI score
Exploits0
NVD
NVD
added 2026/04/20 4:16 p.m.5 views

CVE-2026-6066

ConnectWise has released a security update for ConnectWise Automate™ that addresses a behavior in the ConnectWise Automate Solution Center where certain client-to-server communications could occur without transport-layer encryption. This could allow network‑based interception of Solution Center...

7.1CVSS0.00082EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/20 3:26 p.m.4 views

CVE-2026-6066 Unencrypted Client‑Server Communication in ConnectWise Automate™ Solution Center

ConnectWise has released a security update for ConnectWise Automate™ that addresses a behavior in the ConnectWise Automate Solution Center where certain client-to-server communications could occur without transport-layer encryption. This could allow network‑based interception of Solution Center...

7.1CVSS5.7AI score0.00082EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/17 9:31 p.m.4 views

EUVD-2026-23533

Anviz CrossChex Standard lacks source verification in the client/server channel, enabling TCP packet injection by an attacker on the same network to alter or disrupt application traffic...

8.1CVSS5.8AI score0.00231EPSS
Exploits0References4
NVD
NVD
added 2026/04/17 8:16 p.m.6 views

CVE-2026-40434

Anviz CrossChex Standard lacks source verification in the client/server channel, enabling TCP packet injection by an attacker on the same network to alter or disrupt application traffic...

8.1CVSS0.00231EPSS
Exploits0References3
CVE
CVE
added 2026/04/17 7:49 p.m.12 views

CVE-2026-40434

CVE-2026-40434 affects Anviz CrossChex Standard and is due to improper verification of the source of a communication channel, enabling an adjacent attacker on the same network to inject TCP packets and modify or disrupt client/server traffic. The documented impact is high (I/H, A/H) with no user ...

8.1CVSS5.8AI score0.00231EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/17 12:0 a.m.8 views

PT-2026-33503

Name of the Vulnerable Software and Affected Versions Anviz CrossChex Standard affected versions not specified Description The software lacks source verification in the client/server channel. This allows an attacker on the same network to perform TCP packet injection to alter or disrupt applicati...

8.1CVSS5.8AI score0.00231EPSS
Exploits0References7
Fedora
Fedora
added 2026/03/21 1:11 a.m.8 views

[SECURITY] Fedora 42 Update: openssh-9.9p1-13.fc42

SSH Secure SHell is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forward...

8.2CVSS6.9AI score0.0218EPSS
Exploits0
Fedora
Fedora
added 2026/03/20 1:3 a.m.3 views

[SECURITY] Fedora 43 Update: openssh-10.0p1-7.fc43

SSH Secure SHell is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forward...

8.2CVSS6.9AI score0.0218EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/02/27 12:24 a.m.6 views

SUSE CVE-2026-27951

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, the function StreamEnsureCapacity can create an endless blocking loop. This may affect all client and server implementations using FreeRDP. For practical exploitation this will only work on 32bit systems whe...

5.9CVSS5.8AI score0.00346EPSS
Exploits1References11
AlpineLinux
AlpineLinux
added 2026/02/25 9:7 p.m.4 views

CVE-2026-27951

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, the function StreamEnsureCapacity can create an endless blocking loop. This may affect all client and server implementations using FreeRDP. For practical exploitation this will only work on 32bit systems whe...

7.5CVSS5.9AI score0.00346EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/02/19 3:25 p.m.8 views

jsPDF Affected by Client-Side/Server-Side Denial of Service via Malicious GIF Dimensions

Impact User control of the first argument of the addImage method results in denial of service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful GIF file that results in out of memory errors and denial of service. Harmful GIF file...

8.7CVSS5.5AI score0.00717EPSS
Exploits1References6Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/01/31 12:0 a.m.4 views

EulerOS Virtualization 2.10.1 : rsync (EulerOS-SA-2026-1145)

According to the versions of the rsync package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in rsync. When using the --safe-links option, the rsync client fails to properly verify if a symbolic link destinati...

7.5CVSS5.9AI score0.04575EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/01/23 12:24 a.m.5 views

SUSE CVE-2026-23737

seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0 and below, improper input handling in the JSON deserialization component can lead to arbitrary JavaScript code execution. Exploitation is possible via overriding consta...

7.5CVSS6.1AI score0.00519EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/21 11:9 p.m.17 views

CVE-2026-23737 seroval Affected by Remote Code Execution via JSON Deserialization

seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0 and below, improper input handling in the JSON deserialization component can lead to arbitrary JavaScript code execution. Exploitation is possible via overriding consta...

7.5CVSS0.00519EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/01/21 3:41 p.m.11 views

seroval Affected by Remote Code Execution via JSON Deserialization

Improper input handling in the JSON deserialization component can lead to arbitrary JavaScript code execution. The vulnerability can be exploited via overriding constant value and error deserialization, which allows indirect access to unsafe JS evaluation. This requires at least the ability to...

7.5CVSS6AI score0.00519EPSS
Exploits0References4Affected Software1
Fedora
Fedora
added 2026/01/13 1:13 a.m.10 views

[SECURITY] Fedora 42 Update: openssh-9.9p1-12.fc42

SSH Secure SHell is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forward...

3.6CVSS7.3AI score0.00211EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2026/01/09 8:57 a.m.7 views

CVE-2023-4537

Comarch ERP XL client is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data interception and modification. This issue affects ERP XL: from 2020.2.2 through 2023.2...

7.4CVSS7.4AI score0.00611EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/09 12:0 a.m.6 views

Siemens OpenSSL 3.0 Buffer Overflow (CVE-2022-3786)

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate...

7.5CVSS8.2AI score0.91153EPSS
Exploits2References7
Rows per page
Query Builder