Lucene search
K

537 matches found

CVE
CVE
added 4 days ago12 views

CVE-2025-12799

CVE-2025-12799 affects Jastow and is described as a Cross-Site Scripting (XSS) vulnerability that arises when a configuration allows unescaped characters in URLs with embedded Undertow and Jastow, indicating improper input handling. The CVSS 3.1 base vector shows a Network attack vector, high aut...

6.5CVSS5.9AI score0.00246EPSS
Exploits0References6
OSV
OSV
added 2026/07/03 12:0 a.m.3 views

UBUNTU-CVE-2026-12413

An invalidly formatted IKEv2 fragment causes the Libreswan pluto daemon to crash and restart. Continued exploitation would cause a denial of service. The function reassemblev2incomingfragments would ignore unknown outer payloads but still store these in a fixed size array msgdigest.digestPAYLIMIT...

7.5CVSS6.6AI score0.00597EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/07/01 5:30 p.m.6 views

Important: Red Hat Security Advisory: Satellite 6.17.9 Async Update

A new release is now available for Red Hat Satellite 6.17 for RHEL 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

8.8CVSS7.1AI score0.00671EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/06/25 9:6 p.m.25 views

CVE-2026-6092 Encrypt-then-MAC could fall back to MAC-then-Encrypt when HAVE_ENCRYPT_THEN_MAC is configured

When HAVEENCRYPTTHENMAC is configured, the implementation could fall back to MAC-then-Encrypt rather than enforcing Encrypt-then-MAC...

2.1CVSS0.00209EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/24 6:8 a.m.4 views

Security Bulletin: IBM Sterling External Authentication Server is vulnerable to multiple issues

Summary Multiple vulnerabilities affect IBM Sterling External Authentication Server and are addressed in the latest release and ifix Vulnerability Details CVEID:CVE-2026-2332 DESCRIPTION: In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used,...

9.1CVSS5.9AI score0.01127EPSS
Exploits3Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.18 views

PT-2026-47325

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.4.0 through 2.4.67 Description A buffer underwrite issue exists when using crafted regular expressions within the configuration. Recommendations Upgrade to version 2.4.68...

9.8CVSS5.6AI score0.00805EPSS
Exploits0References153
Cvelist
Cvelist
added 2026/06/07 3:0 a.m.38 views

CVE-2026-11451 GL.iNet GL-MT3000 FTP Protocol glc snprintf command injection

A flaw has been found in GL.iNet GL-MT3000 4.4.5. This impacts the function snprintf of the file /cgi-bin/glc of the component FTP Protocol Handler. Executing a manipulation of the argument mediadir can lead to command injection. It is possible to launch the attack remotely. Upgrading to version...

7.5CVSS0.02027EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/05/20 11:25 a.m.9 views

CVE-2025-31973 HCL BigFix Service Management (SM) is susceptible to a Configuration – 'Insecure Use of Base Image Version'

HCL BigFix Service Management SM is susceptible to a Configuration – 'Insecure Use of Base Image Version'. Using outdated or insecure base images may introduce known vulnerabilities, potentially increasing the risk of exploitation in the application environment...

4CVSS5.8AI score0.00178EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.9 views

PT-2026-31754

Junos OS and Junos OS Evolved: When an unsigned Python op script configuration is present, a local low privileged user can compromise the system CVE: CVE-2026-33793 PT ID: PT-2026-31754 Vendor: Juniper networks Product: Junos OS CVSS: 7.8 Credits: n/a Description: An Execution with Unnecessary...

8.5CVSS5.9AI score0.00159EPSS
Exploits0References4
NVD
NVD
added 2026/03/17 7:16 p.m.8 views

CVE-2026-3207

Configuration issue in Java Management Extensions JMX in TIBCO BPM Enterprise version 4.x allows unauthorised access...

9.8CVSS0.00281EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/17 6:20 p.m.4 views

CVE-2026-3207

Configuration issue in Java Management Extensions JMX in TIBCO BPM Enterprise version 4.x allows unauthorised access...

8.7CVSS5.8AI score0.00281EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/03/17 12:0 a.m.7 views

TIBCO BPM Enterprise 安全漏洞

TIBCO BPM Enterprise is a business process management platform developed by TIBCO Corporation in the United States. This platform enables companies to drive digital transformation by making better decisions and taking faster, more informed actions. Version 4.x of TIBCO BPM Enterprise contains a...

9.8CVSS5.8AI score0.00281EPSS
Exploits0References1
CVE
CVE
added 2026/01/22 1:6 a.m.13 views

CVE-2025-27378

The CVE-2025-27378 entry concerns AES (Altium Enterprise Server) with a SQL injection vulnerability caused by an inactive configuration that bypasses the latest SQL-parsing logic. When the sql.parsing configuration is not active, crafted input may be mishandled, enabling attackers to inject and e...

9.8CVSS6.1AI score0.00353EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 12:29 p.m.5 views

CVE-2023-40434

A configuration issue was addressed with additional restrictions. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to access a user's Photos Library...

3.3CVSS6.1AI score0.00267EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:56 a.m.7 views

CVE-2018-4433

A configuration issue was addressed with additional restrictions. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, watchOS 5, iOS 12, tvOS 12, macOS Mojave 10.14. A malicious application may be able to modify protected parts of th...

5.5CVSS5.5AI score0.00738EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:55 a.m.8 views

CVE-2018-4353

A configuration issue was addressed with additional restrictions. This issue affected versions prior to macOS Mojave 10.14...

9.8CVSS6.2AI score0.01299EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:55 a.m.7 views

CVE-2018-4355

A configuration issue was addressed with additional restrictions. This issue affected versions prior to iOS 12, macOS Mojave 10.14...

5.5CVSS6AI score0.0081EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:51 a.m.9 views

CVE-2009-4998

The Workplace aka WP component in IBM FileNet P8 Application Engine P8AE 3.5.1 before 3.5.1-019 and 4.0.2.x before 4.0.2.7-P8AE-FP007, in certain FileTracker configurations, does not apply a security policy to the first document added during a session, which might allow remote attackers to bypass...

2.6CVSS7AI score0.01099EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:49 a.m.7 views

CVE-2022-37011

A vulnerability has been identified in Mendix SAML Mendix 7 compatible All versions V1.17.0, Mendix SAML Mendix 8 compatible All versions V2.3.0, Mendix SAML Mendix 9 compatible, New Track All versions V3.3.1, Mendix SAML Mendix 9 compatible, Upgrade Track All versions V3.3.0. Affected versions o...

9.8CVSS7AI score0.01046EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:10 a.m.15 views

CVE-2017-18819

NETGEAR ReadyNAS OS 6 devices, running ReadyNAS OS versions prior to 6.8.0 are affected by incorrect configuration of security settings...

4CVSS6.9AI score0.00311EPSS
Exploits0References1
Rows per page
Query Builder