Lucene search
K

38642 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/03/27 8:10 a.m.10 views

Security Bulletin: IBM Maximo Application Suite - Predict Component was using vulnerable library werkzeug-3.1.4 which is vulnerable to CVE-2026-21860

Summary IBM Maximo Application Suite - Predict Component was using vulnerable library werkzeug-3.1.4-py3-none-any.whl which is vulnerable to CVE-2026-21860. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-21860 DESCRIPTION: Werkzeug is a...

6.3CVSS5.8AI score0.00424EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/27 8:3 a.m.6 views

Security Bulletin: IBM Maximo Application Suite - Predict Component was using vulnerable library flask-3.1.2 which is vulnerable to CVE-2026-27205

Summary IBM Maximo Application Suite - Predict Component was using vulnerable library flask-3.1.2-py3-none-any.whl which is vulnerable to CVE-2026-27205. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-27205 DESCRIPTION: Flask is a web server...

4.3CVSS5.8AI score0.00374EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/27 4:59 a.m.7 views

CVE-2026-29934

A reflected cross-site scripting XSS vulnerability in the /admin/menus component of Lightcms v2.0 allows attackers to execute arbitrary Javascript in the context of the user's browser via modifying the referer value in the request header...

6.1CVSS5.8AI score0.00203EPSS
Exploits1References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/27 12:50 a.m.4 views

Security Bulletin: IBM Storage Protect Server is affected by vulnerabilities in the Golang crypto library used by the Object Agent and OSSM components that could lead to denial-of-service (CVE-2025-47913, CVE-2025-47914, CVE-2025-58181).

Summary IBM Storage Protect Server uses the Golang crypto library in the Object Agent and OSSM components. Vulnerabilities in this library may allow specially crafted inputs to trigger denial-of-service conditions in applications using the affected components. Vulnerability Details...

7.5CVSS5.8AI score0.00579EPSS
Exploits1Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.4 views

PT-2026-28673

Name of the Vulnerable Software and Affected Versions Shenzhen Ruiming Technology Streamax Crocus versions up to 1.3.44 Description A security issue exists in Shenzhen Ruiming Technology Streamax Crocus. The issue involves a SQL injection affecting an unknown function within the /RemoteFormat.do...

7.5CVSS5.6AI score0.00259EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.7 views

PT-2026-28688

A security flaw has been discovered in UltraVNC up to 1.6.4.0. Affected by this issue is some unknown functionality in the library version.dll of the component Service. The manipulation results in uncontrolled search path. The attack needs to be approached locally. This attack is characterized by...

7.3CVSS5.2AI score0.00229EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.8 views

PT-2026-28695

Name of the Vulnerable Software and Affected Versions code-projects Social Networking Site version 1.0 Description A security flaw exists in code-projects Social Networking Site 1.0. The issue affects an unknown function within the delete photos.php file of the Endpoint component. Manipulation of...

6.5CVSS5.7AI score0.00192EPSS
Exploits0References9
Amazon
Amazon
added 2026/03/27 12:0 a.m.7 views

Important: exiv2

Issue Overview: Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-bounds read was found. The vulnerability is in the CRW image parser. This issue has been patched in version 0.28.8...

8.1CVSS6.4AI score0.00367EPSS
Exploits1
EUVD
EUVD
added 2026/03/26 9:31 p.m.8 views

EUVD-2026-16301

An issue in the /parser/dwoo component of Daylight Studio FuelCMS v1.5.2 allows attackers to execute arbitrary code via crafted PHP code...

6.2AI score0.00735EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/03/26 8:34 p.m.20 views

CVE-2026-3622 Denial-of-Service Vulnerability in UPnP Component of TP Link's TL-WR841N

The vulnerability exists in the UPnP component of TL-WR841N v14, where improper input validation leads to an out-of-bounds read, potentially causing a crash of the UPnP service. Successful exploitation can cause the UPnP service to crash, resulting in a Denial-of-Service condition. This...

7.1CVSS0.00355EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/26 8:33 p.m.7 views

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the actioner process. An attacker can execute arbitrary system commands by sending specially crafted requests to the metadata service endpoint. Remediation There is no fixed version for...

8.8CVSS6.6AI score0.02502EPSS
Exploits2References3
RedHat Linux
RedHat Linux
added 2026/03/26 8:30 p.m.7 views

Django: Django: Denial of Service via crafted request with duplicate headers

A flaw was found in Django. A remote attacker can exploit this vulnerability by sending a crafted request containing multiple duplicate headers to the ASGIRequest component. This can lead to a potential Denial of Service DoS, making the affected system unavailable to legitimate users...

7.5CVSS7.1AI score0.00993EPSS
Exploits0References7
OSV
OSV
added 2026/03/26 6:27 p.m.3 views

GHSA-4VRQ-3VRQ-G6GG BuildKit Git URL subdir component can cause access to restricted files

Impact Insufficient validation of Git URL fragment subdir components :, docs may allow access to files outside the checked-out Git repository root. Possible access is limited to files on the same mounted filesystem. Patches The issue has been fixed in version v0.28.1 Workarounds The issue affects...

8.2CVSS5.8AI score0.00463EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/03/26 6:27 p.m.4 views

BuildKit Git URL subdir component can cause access to restricted files

Impact Insufficient validation of Git URL fragment subdir components :, docs may allow access to files outside the checked-out Git repository root. Possible access is limited to files on the same mounted filesystem. Patches The issue has been fixed in version v0.28.1 Workarounds The issue affects...

8.2CVSS5.7AI score0.00463EPSS
Exploits0References5Affected Software1
Snyk
Snyk
added 2026/03/26 6:27 p.m.6 views

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack when processing Git URL fragment subdir components. An attacker can access files outside the intended Git repository root by specifying a crafted subdir value in the URL fragment. Note: This is only exploitable if builds...

8.2CVSS5.9AI score0.00463EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/26 6:27 p.m.4 views

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack when processing Git URL fragment subdir components. An attacker can access files outside the intended Git repository root by specifying a crafted subdir value in the URL fragment. Note: This is only exploitable if builds...

8.2CVSS5.9AI score0.00463EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/26 3:30 p.m.3 views

EUVD-2026-16211

A reflected cross-site scripting XSS vulnerability in the /admin/menus component of Lightcms v2.0 allows attackers to execute arbitrary Javascript in the context of the user's browser via modifying the referer value in the request header...

6.1CVSS5.8AI score0.00203EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/03/26 3:19 p.m.4 views

CVE-2025-70082

An issue in Lantronix EDS3000PS v.3.1.0.0R2 allows an attacker to execute arbitrary code and obtain sensitive information via the ltrxevo component...

9.8CVSS6.1AI score0.00496EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:18 p.m.4 views

CVE-2026-3958

A vulnerability has been found in Woahai321 ListSync up to 0.6.6. This issue affects the function requests.post of the file list-sync-main/apiserver.py of the component JSON Handler. The manipulation leads to server-side request forgery. The attack is possible to be carried out remotely. The...

6.5CVSS5.9AI score0.00201EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:18 p.m.9 views

CVE-2026-3845

Heap buffer overflow in the Audio/Video: Playback component in Firefox for Android. This vulnerability was fixed in Firefox 148.0.2...

8.8CVSS6AI score0.00442EPSS
Exploits0References1
Rows per page
Query Builder