Lucene search
K

270 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.11 views

RHEL 8 : webkit2gtk3 (RHSA-2026:28114)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:28114 advisory. WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkitgtk: Processing maliciously...

8.8CVSS6.7AI score0.00693EPSS
Exploits0References34
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.6 views

RHEL 9 : webkit2gtk3 (RHSA-2026:28148)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:28148 advisory. WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkitgtk: Processing maliciously...

8.8CVSS5.9AI score0.00693EPSS
Exploits0References34
NVD
NVD
added 2026/06/17 10:54 a.m.7 views

CVE-2026-46949

Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

9.1CVSS0.00405EPSS
Exploits0References1
AlmaLinux
AlmaLinux
added 2026/06/15 12:0 a.m.19 views

Important: webkit2gtk3 security update

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash CVE-2026-28946 webkitgtk: Processing maliciously crafted web content may lead to an unexpected proces...

8.8CVSS5.4AI score0.00693EPSS
Exploits0References34
RedhatCVE
RedhatCVE
added 2026/06/05 7:9 p.m.11 views

CVE-2026-35277

Vulnerability in Oracle REST Data Services component: Core. Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle REST Data Services. Successful attacks of this vulnerability can...

8.1CVSS5.4AI score0.00267EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2026/05/27 1:28 p.m.23 views

5 Steps to Managing Shadow AI Tools Without Slowing Down Employees

When an employee installs an AI writing assistant, connects a coding copilot to their IDE, or starts summarizing meetings with a new browser tool, they are doing exactly what a productive employee should do: finding faster ways to work. Across most organizations today, employees are running three...

5.9AI score
Exploits0
Redos
Redos
added 2026/05/24 12:0 a.m.19 views

ROS-20260524-73-0024

A vulnerability in the Security component of the Oracle Java SE software platform, Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines is related to insufficient protection of proprietary data. Exploitation of the vulnerability could allow an attacker to gain access to...

2.9CVSS7.2AI score0.00122EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/05/13 8:50 p.m.6 views

CVE-2026-44381

MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, a SQL injection vulnerability existed in the handling of user-controlled ordering parameters in the event and shadow attribute listing endpoints. The affected code accepted order or sort values from request paramete...

9.3CVSS5.9AI score0.0054EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/05/08 5:46 a.m.4 views

BIT-JRE-2024-21140

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0....

4.8CVSS5.8AI score0.00879EPSS
Exploits0References4
OSV
OSV
added 2026/05/05 4:2 p.m.7 views

OPENSUSE-SU-2026:20681-1 Security update for java-21-openjdk

This update for java-21-openjdk fixes the following issues: Update to upstream tag jdk-21.0.11+10 April 2026 CPU. Security issues fixed: - CVE-2026-22007: Security: unauthenticated attacker with logon to the infrastructure where java executes can gain unauthorized read access to a subset of...

7.5CVSS5.9AI score0.00702EPSS
Exploits0References16
Debian
Debian
added 2026/04/18 1:11 p.m.11 views

[SECURITY] [DLA 4538-1] perl security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4538-1 [email protected] https://www.debian.org/lts/security/ Sylvain Beucler April 18, 2026 https://wiki.debian.org/LTS -...

5.9CVSS5.7AI score0.00368EPSS
Exploits0
The Hacker News
The Hacker News
added 2026/04/10 11:0 a.m.12 views

Browser Extensions Are the New AI Consumption Channel That No One Is Talking About

While much of the discussion on AI security centers around protecting ‘shadow’ AI and GenAI consumption, there's a wide-open window nobody's guarding: AI browser extensions. A new report from LayerX exposes just how deep this blind spot goes, and why AI extensions may be the most dangerous AI...

6.1AI score
Exploits0
NVD
NVD
added 2026/04/08 7:25 p.m.6 views

CVE-2026-33350

LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. Prior to 27.0.3 and 28.0.1, a SQL injection has been identified in some code sections for the MRI feedback popup window of the imaging...

7.5CVSS0.00246EPSS
Exploits0References1
Microsoft Secure
Microsoft Secure
added 2026/03/30 4:0 p.m.5 views

Addressing the OWASP Top 10 Risks in Agentic AI with Microsoft Copilot Studio

Agentic AI is moving fast from pilots to production. That shift changes the security conversation. These systems do not just generate content. They can retrieve sensitive data, invoke tools, and take action using real identities and permissions. When something goes wrong, the failure is not limit...

6.3AI score
Exploits0
Github Security Blog
Github Security Blog
added 2026/03/27 7:8 p.m.14 views

Azure Data Explorer MCP Server: KQL Injection in multiple tools allows MCP client to execute arbitrary Kusto queries

Summary adx-mcp-server ListDictstr, Any: client = getkustoclient query = f"tablename | getschema" ListDictstr, Any: client = getkustoclient query = f"tablename | sample samplesize" ListDictstr, Any: client = getkustoclient query = f".show table tablename details" -- KQL injection resultset =...

8.3CVSS6.1AI score0.00396EPSS
Exploits3References4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/26 6:20 a.m.5 views

Security Bulletin: IBM SPSS Modeler is affected by multiple vulnerabilities disclosed in IBM Semeru Runtime.

Summary IBM SPSS Modeler is affected by multiple vulnerabilities disclosed in IBM Semeru Runtime CVE-2026-21945, CVE-2026-21933, CVE-2026-21932, CVE-2026-21925, CVE-2026-1188. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2026-21945 DESCRIPTION: Java SE is...

9.8CVSS6.8AI score0.00864EPSS
Exploits1Affected Software1
Cvelist
Cvelist
added 2026/03/25 12:32 a.m.25 views

CVE-2026-28876

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, visionOS 26.4. An app may be able to access sensitive user da...

0.00468EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.9 views

IBM InfoSphere Information Server 代码问题漏洞

IBM InfoSphere Information Server is a data integration platform developed by the American multinational company International Business Machines IBM. This platform can be used to integrate data from various sources. Versions of IBM InfoSphere Information Server 11.7.1.6 and earlier contained code...

6.5CVSS5.9AI score0.00242EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.8 views

SuiteCRM 安全漏洞

SuiteCRM is a customer relationship management system developed by the SuiteCRM team. Versions of SuiteCRM prior to 7.15.1 and 8.9.3 had security vulnerabilities. These vulnerabilities stemmed from the lack of access control list checks for multiple endpoints, which could allow authenticated user...

8.1CVSS5.8AI score0.00321EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/19 12:0 a.m.6 views

BMC FootPrints 访问控制错误漏洞

BMC FootPrints is an IT service management and ticket tracking system provided by the American company BMC. Versions of BMC FootPrints prior to 20.24.01.001 contained a security vulnerability related to access control. This vulnerability stemmed from improper execution of security filters for...

9.1CVSS6.2AI score0.044EPSS
Exploits1References3
Rows per page
Query Builder