Lucene search
K

2555 matches found

CNNVD
CNNVD
added 2026/06/02 12:0 a.m.7 views

Apache Kafka 安全漏洞

Apache Kafka is an open-source distributed streaming platform developed by the Apache Foundation in the United States. This platform enables the acquisition of real-time data, allowing for the creation of applications that can respond instantly to changes in data streams. There is a security...

4.3CVSS5.4AI score0.00288EPSS
Exploits0References2
OSV
OSV
added 2026/05/29 7:5 p.m.7 views

GHSA-6M57-8R3P-PQX6 unbounded-spsc: Sender::send pointer-as-value transmute causes OOB read and fake-Arc drop under TX/RX race

Summary Sender::send in src/lib.rs contains an unsafe block in the DISCONNECTED arm that transmutes a raw pointer mut Producer into the bytes of a value-level Consumer. The author's intent, visible in the surrounding comment at lines 386-390, was a value transmute. The shipped code is one level o...

5.8CVSS5.8AI score0.0013EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.11 views

PT-2026-45016

Content removed...

5.8CVSS5.2AI score0.0013EPSS
Exploits1References5
CVE
CVE
added 2026/05/22 10:3 p.m.67 views

CVE-2026-33843

CVE-2026-33843 affects Microsoft Azure Active Directory B2C. A authentication bypass via an alternate path or channel could allow an unauthorized attacker to elevate privileges over a network. The CVSSv3.1 base score is 9.1 (CRITICAL) with high impact on confidentiality and integrity, and no user...

9.8CVSS5.8AI score0.00473EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/05/21 12:28 p.m.12 views

MAL-2026-4564 Malicious code in finup-mongo-library (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1d9d0b210938322b805e1c8d94db07f45ca029fc4e69fb3a57f424eb885c1a39 dist/common/instrument.js calls Sentry.init at module top level with a hardcoded DSN pointing at the author's Sentry project...

5.8AI score
Exploits0References12
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/21 1:32 a.m.15 views

Malicious code in fastgrc-openclaw (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 158457237168ef50e3a6c4cd33f51e23f6aec642593745a3d11b9b4870ef36ce The package is an AI agent policy-check plugin. When a consumer does not configure their own API key, resolveApiKey returns a hardcoded BUNDLEDAPIKEY...

5.8AI score
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/05/20 3:35 p.m.6 views

org.apache.camel.k:camel-k-itests-knative (>=1.14.0 <=3.2.3), org.apache.camel.k:camel-k-itests-knative-consumer (>=1.14.0 <=3.2.3) +32 more potentially affected by CVE-2026-47323 via org.apache.camel:camel-knative (>=3.18.0 <=4.14.5)

org.apache.camel:camel-knative MAVEN version =3.18.0, =1.14.0, =1.14.0, =1.14.0, =1.14.0, =1.14.0, =1.14.0, =1.14.0, =1.14.0, =1.14.0, =1.14.0, =1.14.0, =1.14.0, =1.14.0, =1.14.0, =1.14.0, =1.15.2 and more Source cves: CVE-2026-47323 Source advisory:...

9.8CVSS5.5AI score0.01425EPSS
Exploits0
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Platform/x86: x86-android-tablets: Devices are unregistered in reverse order. Not all subsystems support the removal of a device when there are still consumers referencing that device. One example is the regulator subsystem. If a...

5.5CVSS5.9AI score0.00288EPSS
Exploits0References2
NVD
NVD
added 2026/05/07 4:16 a.m.17 views

CVE-2026-41670

Admidio is an open-source user management solution. Prior to version 5.0.9, the SAML IdP implementation in Admidio's SSO module uses the AssertionConsumerServiceURL value directly from incoming SAML AuthnRequest messages as the destination for the SAML response, without validating it against the...

8.2CVSS0.0028EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/07 3:0 a.m.10 views

CVE-2026-41670

Admidio is an open-source user management solution. Prior to version 5.0.9, the SAML IdP implementation in Admidio's SSO module uses the AssertionConsumerServiceURL value directly from incoming SAML AuthnRequest messages as the destination for the SAML response, without validating it against the...

8.2CVSS5.9AI score0.0028EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/05/07 3:0 a.m.17 views

CVE-2026-41670

Admidio before 5.0.9 permits an attacker who knows a registered SP’s Entity ID to craft a SAML AuthnRequest with an attacker-controlled AssertionConsumerServiceURL, causing the IdP to send a signed SAML response containing user attributes to the attacker’s URL. The root cause is that ACS URL is t...

8.2CVSS5.9AI score0.0028EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/07 3:0 a.m.39 views

CVE-2026-41670 Admidio: SAML Response Sent to Unvalidated Assertion Consumer Service URL from AuthnRequest

Admidio is an open-source user management solution. Prior to version 5.0.9, the SAML IdP implementation in Admidio's SSO module uses the AssertionConsumerServiceURL value directly from incoming SAML AuthnRequest messages as the destination for the SAML response, without validating it against the...

8.2CVSS0.0028EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.12 views

Admidio 输入验证错误漏洞

Admidio is a set of open-source member management systems developed by the Admidio team. This system supports features such as member lists, event management, message boards, photo albums, and downloads. Prior to Admidio 5.0.9, there was a vulnerability related to input validation errors. This...

8.2CVSS5.8AI score0.0028EPSS
Exploits0References1
NVD
NVD
added 2026/05/06 7:16 p.m.8 views

CVE-2025-31960

HCL BigFix Service Management SM is vulnerable to information exposure due to improper error handling within its reporting module. It was observed that supplying an invalid or out-of-range value to the consumercompany parameter during a report-viewing request causes the application to trigger an...

5.3CVSS0.0024EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/06 6:2 p.m.6 views

CVE-2025-31960 HCL BigFix Service Management (SM) is vulnerable to information exposure due to improper error handling within its reporting module

HCL BigFix Service Management SM is vulnerable to information exposure due to improper error handling within its reporting module. It was observed that supplying an invalid or out-of-range value to the consumercompany parameter during a report-viewing request causes the application to trigger an...

5.3CVSS5.8AI score0.0024EPSS
Exploits0References1
CVE
CVE
added 2026/05/06 6:2 p.m.16 views

CVE-2025-31960

CVE-2025-31960 affects HCL BigFix Service Management (SM). In the reporting module, improper error handling when a consumer_company parameter is supplied in a report-viewing request can trigger an unhandled exception, leading to information exposure. CVSS:3.1 base score 5.3 (MEDIUM), network acce...

5.3CVSS5.8AI score0.0024EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/05/06 6:2 p.m.36 views

CVE-2025-31960 HCL BigFix Service Management (SM) is vulnerable to information exposure due to improper error handling within its reporting module

HCL BigFix Service Management SM is vulnerable to information exposure due to improper error handling within its reporting module. It was observed that supplying an invalid or out-of-range value to the consumercompany parameter during a report-viewing request causes the application to trigger an...

5.3CVSS0.0024EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/06 6:2 p.m.7 views

CVE-2025-31960

HCL BigFix Service Management SM is vulnerable to information exposure due to improper error handling within its reporting module. It was observed that supplying an invalid or out-of-range value to the consumercompany parameter during a report-viewing request causes the application to trigger an...

5.8AI score0.0024EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.15 views

PT-2026-38085

Name of the Vulnerable Software and Affected Versions HCL BigFix Service Management SM affected versions not specified Description Improper error handling within the reporting module leads to information exposure. Supplying an invalid or out-of-range value to the consumer company parameter during...

5.3CVSS5.8AI score0.0024EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.8 views

HCL BigFix Service Management 安全漏洞

HCL BigFix Service Management is an IT service management and asset management platform developed by the Indian company HCL. HCL BigFix Service Management SM has a security vulnerability. This vulnerability stems from improper error handling in the reporting module. When invalid or out-of-range...

5.3CVSS5.8AI score0.0024EPSS
Exploits0References1
Rows per page
Query Builder