Lucene search
K

1180 matches found

RedHat Linux
RedHat Linux
added 5 days ago5 views

org.apache.logging.log4j/log4j-core: Apache Log4j Core: Log injection via CRLF sequences due to configuration attribute renames

A flaw was found in Apache Log4j Core. This vulnerability allows for log injection through the use of Carriage Return Line Feed CRLF sequences. This occurs because security-related configuration attributes were silently renamed, impacting users who directly configure Rfc5424Layout with stream-bas...

7.5CVSS6.4AI score0.00831EPSS
Exploits0References9
Cvelist
Cvelist
added 6 days ago33 views

CVE-2026-54773 CoreWCF: WS-Security signature substitution via document-wide Signature lookup

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF WS-Security signature verification performs a document-wide ds:Signature lookup, allowing an unauthenticated remote attacker to place a SOAP header before wsse:Security an...

5.9CVSS0.00238EPSS
Exploits0References6
IBM Security Bulletins
IBM Security Bulletins
added 6 days ago9 views

Security Bulletin: Denial of Service Vulnerability in jackson-core affect IBM Cloud Pak System[WS-2022-0468]

Summary Denial of Service Vulnerability in jackson-core was addressed in IBM Cloud Pak System version 2.3.6.0 and IBM Cloud Pak System version 2.3.5.1 BYOH on power. Vulnerability Details ID:WS-2022-0468 DESCRIPTION: The jackson-core package is vulnerable to a Denial of Service DoS attack. The...

6AI score
Exploits0Affected Software3
Tenable Nessus
Tenable Nessus
added 2026/07/01 12:0 a.m.5 views

Oracle Identity Manager (June 2026 CSPU)

The 12.2.1.4.0 or 14.1.2.1.0 version of Identity Manager installed on the remote host is affected by multiple vulnerabilities as referenced in the June 2026 CSPU advisory: - Vulnerability in the Identity Manager product of Oracle Fusion Middleware component: OIM Legacy UI. Easily exploitable...

9.9CVSS6.9AI score0.00518EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/24 5:41 a.m.6 views

EUVD-2026-38691

ACE vulnerability in conditional configuration file processing by QOS.CH logback-core up to and including version 1.5.34 in Java applications, allows an attacker to execute arbitrary code circumventing existing protections against CVE-2025-11226 by compromising an existing logback configuration...

7CVSS6.2AI score0.00181EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/11 8:48 p.m.8 views

CVE-2026-12007

Use after free in Core in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

6AI score0.00287EPSS
Exploits0References2
AlmaLinux
AlmaLinux
added 2026/06/11 12:0 a.m.11 views

Important: .NET 10.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 10.0.109 and .NET Runtime...

7.5CVSS5.3AI score0.0243EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.25 views

Google Chrome < 149.0.7827.114 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 149.0.7827.114. It is, therefore, affected by multiple vulnerabilities as referenced in the 202606stable-channel-update-for-desktop01962725236 advisory. - Use after free in Views in Google Chrome on Windows prior to...

9.6CVSS6.1AI score0.00287EPSS
Exploits0References55
Vulnrichment
Vulnrichment
added 2026/06/09 5:5 p.m.8 views

CVE-2026-45591 ASP.NET Core Denial of Service Vulnerability

...

7.5CVSS5.4AI score0.0243EPSS
Exploits0References1
Friends Of PHP
Friends Of PHP
added 2026/06/08 8:0 p.m.8 views

TYPO3-CORE-SA-2026-006: TYPO3 HTML Sanitizer allows Cross-Site Scripting

More info at https://typo3.org/security/advisory/typo3-core-sa-2026-006...

5.1CVSS5.4AI score0.00366EPSS
Exploits0Affected Software1
Snyk
Snyk
added 2026/06/08 12:0 a.m.9 views

Allocation of Resources Without Limits or Throttling

Overview org.springframework:spring-core is a core package within the spring-framework that contains multiple classes and utilities. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via caching of parsed Spring Expression Language SpEL...

8.2CVSS5.5AI score0.0036EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/08 12:0 a.m.12 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via HTTP server metrics instrumentation in Micrometer. An attacker can cause denial of service by sending specially crafted HTTP requests that trigger excessive resource consumption...

8.2CVSS5.5AI score0.00623EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:15 p.m.12 views

CVE-2026-46775

Vulnerability in Oracle REST Data Services component: Core. Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle REST Data Services. While the vulnerability is in Oracle REST Data...

9.9CVSS5.4AI score0.00431EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:13 p.m.10 views

CVE-2026-39863

Kamailio is an open source implementation of a SIP Signaling Server. Prior to 6.1.1, 6.0.6, and 5.8.8, an out-of-bounds access in the core of Kamailio formerly OpenSER and SER allows remote attackers to cause a denial of service process crash via a specially crafted data packet sent over TCP. The...

7.5CVSS5.5AI score0.00463EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/06/05 6:11 p.m.7 views

ait-dsn (=2.0.0), ait-gui (>=2.4.0 <=2.4.1) potentially affected by CVE-2026-47731 via ait-core (>=2.3.5 <=2.5.2)

ait-core PYPI version =2.3.5, =2.4.0, =2.4.1 Source cves: CVE-2026-47731 Source advisory: OSV:GHSA-P462-PRXW-MJX4...

5.5AI score0.00163EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/06/05 10:17 a.m.6 views

agsekit (>=0.0.1 <=1.7.1), airflow-ansible-provider (=0.6.0) +371 more potentially affected by CVE-2026-11332 via ansible-core (>=2.11.0 <=2.21.0)

ansible-core PYPI version =2.11.0, =0.0.1, =1.0.0, =0.20250623.1, =0.1.0.dev2, =6.0.0, =0.2.2, =1.0.10, =0.1.0, =0.0.1, =0.0.0, =3.0.0, =0.0.3, =1.0.7 and more Source cves: CVE-2026-11332 Source advisory: SNYK:PYTHON-ANSIBLECORE-17177022...

7.8CVSS5.7AI score0.00156EPSS
Exploits0
OSV
OSV
added 2026/06/04 11:16 p.m.5 views

DEBIAN-CVE-2026-10915

Use after free in Core in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.5AI score0.00275EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/04 11:3 p.m.37 views

CVE-2026-10953

Use after free in Core in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

0.00286EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.17 views

PT-2026-46444

Name of the Vulnerable Software and Affected Versions Google Chrome on iOS versions prior to 149.0.7827.53 Description A use after free issue in Core allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape by using a crafted HTML page. Use after...

9.6CVSS5.8AI score0.00985EPSS
Exploits0References433
Microsoft CVE
Microsoft CVE
added 2026/05/29 11:21 p.m.14 views

Chromium: CVE-2026-9994 Use after free in Core

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

8.3CVSS5.8AI score0.00182EPSS
Exploits0
Rows per page
Query Builder