Lucene search
K

219834 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/05/04 4:7 p.m.11 views

Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in jetty-http (CVE-2026-2332)

Summary IBM Sterling Control Center is affected by a vulnerability CVE-2026-2332 reported for jetty-http-12.0.25.jar. Vulnerability Details CVEID:CVE-2026-2332 DESCRIPTION: In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, similar to the "fun...

9.1CVSS5.8AI score0.01127EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/04 4:6 p.m.11 views

Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in jetty-server (CVE-2026-1605)

Summary IBM Sterling Control Center is affected by a vulnerability CVE-2026-1605 reported for jetty-server-12.0.25.jar. Vulnerability Details CVEID:CVE-2026-1605 DESCRIPTION: In Eclipse Jetty, versions 12.0.0-12.0.31 and 12.1.0-12.0.5, class GzipHandler exposes a vulnerability when a compressed...

7.5CVSS5.8AI score0.00625EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/04 4:6 p.m.6 views

Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in activemq-all (CVE-2026-34197)

Summary IBM Sterling Control Center is affected by a vulnerability CVE-2026-34197 reported for activemq-all-5.19.0.jar. Vulnerability Details CVEID:CVE-2026-34197 DESCRIPTION: Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broke...

8.8CVSS7.9AI score0.9619EPSS
Exploits12Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/04 4:4 p.m.7 views

Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in activemq-all (CVE-2026-39304)

Summary IBM Sterling Control Center is affected by a vulnerability CVE-2026-39304 reported for activemq-all-5.19.0.jar. Vulnerability Details CVEID:CVE-2026-39304 DESCRIPTION: Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ...

7.5CVSS5.8AI score0.00896EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/05/04 1:12 p.m.6 views

JLSEC-2026-397

When curl is used to retrieve and parse cookies from a HTTPS server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings...

3.7CVSS6.8AI score0.01788EPSS
Exploits1References16
NVD
NVD
added 2026/05/04 12:16 p.m.12 views

CVE-2026-3120

Improper Control of Generation of Code 'Code Injection' vulnerability in Profelis Information and Consulting Trade and Industry Limited Company SambaBox allows OS Command Injection. This issue affects SambaBox: from 5.1 before 5.3...

7.2CVSS0.01182EPSS
Exploits0References2
Veracode
Veracode
added 2026/05/04 11:11 a.m.9 views

Improper Access Control

Apache Storm is vulnerable to Improper Access Control. The vulnerability is due to fail-open handling of TLS client authentication in TlsTransportPlugin, where SSLPeerUnverifiedException is suppressed and a fallback principal CN=ANONYMOUS is assigned, allowing unauthenticated clients to obtain a...

6.5CVSS5.8AI score0.00286EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/04 10:47 a.m.4 views

CVE-2026-7246

A flaw was found in Pallets Click. This command injection vulnerability, located in the click.edit function, allows an attacker with an unprivileged account to execute arbitrary operating system OS commands. This could lead to unauthorized control over the affected system...

7.2CVSS6AI score0.0081EPSS
Exploits1References5
HackRead
HackRead
added 2026/05/04 9:48 a.m.11 views

7 Key Features That Make Secure Browsers Safer

Secure Browsers boost safety with tracking blocks, fingerprint protection, session control, and real-time threat defense against modern web attacks...

5.8AI score
Exploits0
OSV
OSV
added 2026/05/04 6:32 a.m.7 views

GHSA-QHH7-263P-54R3 Funadmin has an Improper Access Control Issue

A flaw has been found in funadmin up to 7.1.0-rc6. This affects the function UploadService::chunkUpload of the file app/common/service/UploadService.php of the component Frontend Chunked Upload Endpoint. This manipulation of the argument File causes unrestricted upload. The attack is possible to ...

7.3CVSS6.6AI score0.00294EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/05/04 6:32 a.m.13 views

Funadmin has an Improper Access Control Issue

A flaw has been found in funadmin up to 7.1.0-rc6. This affects the function UploadService::chunkUpload of the file app/common/service/UploadService.php of the component Frontend Chunked Upload Endpoint. This manipulation of the argument File causes unrestricted upload. The attack is possible to ...

7.5CVSS6.7AI score0.00294EPSS
Exploits0References8Affected Software1
NVD
NVD
added 2026/05/04 5:16 a.m.37 views

CVE-2026-7730

A weakness has been identified in privsim mcp-test-runner 0.2.0. Impacted is the function childprocess.spawn of the file src/index.ts of the component MCP Interface. Executing a manipulation of the argument command can lead to os command injection. The attack may be launched remotely. The exploit...

6.5CVSS0.01089EPSS
Exploits0References6
EUVD
EUVD
added 2026/05/04 4:0 a.m.50 views

EUVD-2026-26884

A weakness has been identified in privsim mcp-test-runner 0.2.0. Impacted is the function childprocess.spawn of the file src/index.ts of the component MCP Interface. Executing a manipulation of the argument command can lead to os command injection. The attack may be launched remotely. The exploit...

6.5CVSS5.6AI score0.01089EPSS
Exploits0References6
OSV
OSV
added 2026/05/04 3:2 a.m.9 views

MAL-2026-3321 Malicious code in @montanatonytest/app.web (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ae7604e0d0f1f42d621917113451c0b0583f2c74d4bbe59d92db2cf68101c674 The package @montanatonytest/app.web was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/04 3:2 a.m.14 views

MAL-2026-3319 Malicious code in @google-pay-trust/init-google-pay-result (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7dba78dc87b515a0cda716fc10162fbc4c31c264a1e2dbf6f1651257cfa87e62 The package @google-pay-trust/init-google-pay-result was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/04 3:2 a.m.5 views

MAL-2026-3316 Malicious code in @apple-pay-trust/check-apple-pay (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e70605dbfa408340f5181bb26e47fb08e3ff8925c50aee6cb62132e724ba7a09 The package @apple-pay-trust/check-apple-pay was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/04 1:43 a.m.4 views

MAL-2026-3284 Malicious code in tinfoil-shops (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 12060d7ba8ada1f0215277ed3936de1f8e9f03d47430fe816b634778291d7024 The package tinfoil-shops was found to contain malicious code. Source: ghsa-malware 5fafb06ed458abc37062e49cbd57b0e5c348dba7d88d1524ca5df198216d7326...

5.8AI score
Exploits0References1
NVD
NVD
added 2026/05/04 1:16 a.m.34 views

CVE-2026-7161

An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast packets can lead to credentials leak. An attacker can listen to broadcast messages to trigger this vulnerability. When interacting with variou...

9.3CVSS0.00214EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/04 12:39 a.m.7 views

CVE-2026-7161

An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast packets can lead to credentials leak. An attacker can listen to broadcast messages to trigger this vulnerability. When interacting with variou...

9.3CVSS5.8AI score0.00214EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/05/04 12:30 a.m.10 views

Access Control Bypass

Overview MindsDB is a MindsDB server, provides server capabilities to mindsdb native python library Affected versions of this package are vulnerable to Access Control Bypass via the exec function in the mindsdb/integrations/handlers/byomhandler/procwrapper.py component. An attacker can gain...

7.5CVSS7.1AI score0.00284EPSS
Exploits0References2
Rows per page
Query Builder