Lucene search
K

38620 matches found

RedHat Linux
RedHat Linux
added 2026/04/02 10:59 a.m.6 views

mysql: mariadb: High Privilege Denial of Service Vulnerability in MySQL Server (CPU Jan 2025)

A flaw was found in the MySQL Server component: InnoDB. This vulnerability allows a high-privileged attacker to cause a denial of service, which causes frequent crashes or hangs, via multiple network protocols...

4.9CVSS6.7AI score0.01236EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/04/02 10:53 a.m.3 views

CVE-2026-21631

Lack of output escaping leads to a XSS vector in the multilingual associations component...

8.4CVSS5.9AI score0.00216EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/04/02 10:53 a.m.4 views

CVE-2026-21629

The ajax component was excluded from the default logged-in-user check in the administrative area. This behavior was potentially unexpected by 3rd party developers...

7.3CVSS5.8AI score0.00249EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/04/02 8:42 a.m.4 views

SUSE CVE-2026-5286

Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.2AI score0.00313EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.5 views

PT-2026-29837

A vulnerability has been found in Free5GC 4.2.0. The affected element is an unknown function of the component aper. Such manipulation leads to type confusion. The attack may be launched remotely. This attack is characterized by high complexity. The exploitability is described as difficult. The...

6.3CVSS5.2AI score0.00427EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.6 views

free5GC 安全漏洞

Free5GC is an open-source project for the 5th generation 5G mobile core network. Version 4.2.0 of Free5GC contains a security vulnerability, which stems from a type confusion issue in the aper component...

6.3CVSS5.8AI score0.00427EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.4 views

PT-2026-29873

A vulnerability was identified in appsmithorg appsmith up to 1.97. Impacted is the function computeDisallowedHosts of the file app/server/appsmith-interfaces/src/main/java/com/appsmith/util/WebClientUtils.java of the component Dashboard. Such manipulation leads to server-side request forgery. The...

7.5CVSS6.6AI score0.00303EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.5 views

Apple macOS 安全漏洞

Apple macOS Sequoia is an operating system from the American company Apple Apple. Apple macOS Sequoia suffers from a code execution vulnerability that is caused due to an error in the model I/O component when opening a specially crafted file. An attacker can exploit the vulnerability to execute...

8.8CVSS7.8AI score0.00427EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/04/02 12:0 a.m.4 views

From Component Manipulation to System Compromise: Understanding and Detecting Malicious MCP Servers

The model context protocol MCP standardizes how LLMs connect to external tools and data sources, enabling faster integration but introducing new attack vectors. Despite the growing adoption of MCP, existing MCP security studies classify attacks by their observable effects, obscuring how attacks...

5.8AI score
Exploits0
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.7 views

Appsmith 代码问题漏洞

Appsmith is an open-source platform developed by Appsmith for building, deploying, and maintaining internal applications. Versions of Appsmith 1.97 and earlier contained code vulnerabilities. These vulnerabilities stemmed from incorrect operations in the computeDisallowedHosts function of the...

7.5CVSS7.2AI score0.00303EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.11 views

agno 安全漏洞

Agno is an open-source full-stack framework developed by Agno for building multi-agent systems with memory, knowledge, and reasoning capabilities. Versions of Agno prior to 2.3.24 contained a security vulnerability, which was caused by improper handling of the fieldtype parameter in the model...

9.8CVSS6.3AI score0.00852EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/04/01 11:1 p.m.5 views

CVE-2025-62184

Pega Platform versions 8.1.0 through 25.1.0 are affected by a Stored Cross-site Scripting vulnerability in a user interface component. Requires an administrative user and given extensive access rights, impact to Confidentiality is low and Integrity is none...

4.8CVSS5.9AI score0.00258EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/01 11:0 p.m.4 views

CVE-2026-5210

A vulnerability was detected in SourceCodester Leave Application System 1.0. This affects an unknown part. Performing a manipulation of the argument page results in file inclusion. Remote exploitation of the attack is possible. The exploit is now public and may be used...

7.5CVSS6.9AI score0.00292EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/01 10:13 p.m.1 views

Improper Verification of Cryptographic Signature

Overview @stablelib/cbor is a CBOR encoder and decoder Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via the verify function. An attacker can generate a second distinct valid signature for the same message without access to the private key by...

9.1CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2026/04/01 9:49 p.m.2 views

HTTP Response Splitting

Overview Affected versions of this package are vulnerable to HTTP Response Splitting in the llhttp component. An attacker can manipulate HTTP response headers by injecting null bytes or control characters, causing headers to be interpreted differently by various components, which may lead to...

9.1CVSS5.9AI score0.00461EPSS
Exploits0References2
NVD
NVD
added 2026/04/01 5:28 p.m.5 views

CVE-2026-30273

pandas-ai v3.0.0 was discovered to contain a SQL injection vulnerability via the pandasai.agent.base.executesqlquery component...

7.3CVSS0.00187EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/01 12:31 p.m.5 views

EUVD-2026-17853

The ajax component was excluded from the default logged-in-user check in the administrative area. This behavior was potentially unexpected by 3rd party developers...

6.3CVSS5.8AI score0.00249EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/01 11:28 a.m.28 views

CVE-2026-25601 Credential Exposure vulnerability in MEPIS RM

A vulnerability was identified in MEPIS RM, an industrial software product developed by Metronik. The application contained a hardcoded cryptographic key within the Mx.Web.ComponentModel.dll component. When the option to store domain passwords was enabled, this key was used to encrypt user...

6.4CVSS0.0016EPSS
Exploits0References1
NVD
NVD
added 2026/04/01 10:16 a.m.4 views

CVE-2026-21629

The ajax component was excluded from the default logged-in-user check in the administrative area. This behavior was potentially unexpected by 3rd party developers...

7.3CVSS0.00249EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/04/01 9:40 a.m.3 views

firefox: thunderbird: Incorrect boundary conditions in the Graphics: Text component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the Graphics: Text component...

7.5CVSS7.1AI score0.00433EPSS
Exploits0References6
Rows per page
Query Builder