Lucene search
+L

7977 matches found

ATTACKERKB
ATTACKERKB
added 4 days ago5 views

CVE-2026-44761

SAP Commerce Cloud could retain a sample OAuth2 client with publicly documented sample credentials originating from sample configuration provided in SAP Help Portal documentation. If left unchanged, an unauthenticated attacker could use these well-known credentials to obtain a valid access token...

9.1CVSS6.1AI score0.00352EPSS
Exploits0References3
CVE
CVE
added 4 days ago53 views

CVE-2026-44761

SAP Commerce Cloud is affected by CVE-2026-44761, where a sample OAuth2 client may retain publicly documented sample credentials from SAP Help Portal configuration. If left unchanged, an unauthenticated attacker could obtain a valid access token and invoke certain APIs to read and modify data, re...

9.1CVSS6.1AI score0.00352EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2026/07/08 12:0 a.m.2 views

The vulnerability of the team_port_add() function in the drivers/net/team/team_core.c file of the Linux kernel’s network device driver module allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the teamportadd function in the drivers/net/team/teamcore.c file of the Linux kernel’s network device driver module is related to state management errors. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of...

7CVSS5.6AI score0.00118EPSS
Exploits0References6Affected Software2
BDU FSTEC
BDU FSTEC
added 2026/07/08 12:0 a.m.7 views

The vulnerability of the gs_usb_xmit_callback() function in the drivers/net/can/usb/gs_usb.c file of the Linux kernel’s CAN network device driver allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the gsusbxmitcallback function in the drivers/net/can/usb/gsusb.c file of the Linux network device driver module is related to the failure to release resources after their useful life has ended. Exploiting this vulnerability could allow an attacker to compromise the...

7CVSS6AI score0.00167EPSS
Exploits0References10Affected Software3
BDU FSTEC
BDU FSTEC
added 2026/07/08 12:0 a.m.6 views

The vulnerability of ImageMagick’s PSD format file processor allows attackers to compromise the confidentiality of protected information.

The vulnerability of ImageMagick’s PSD format file processor relates to reading data beyond the permitted range of memory. Exploiting this vulnerability can allow an attacker to compromise the confidentiality of the protected information...

7.8CVSS7.2AI score0.00348EPSS
Exploits0References6Affected Software5
BDU FSTEC
BDU FSTEC
added 2026/07/08 12:0 a.m.4 views

The vulnerability of the console-based graphic editor ImageMagick arises from the possibility of an operation exceeding the buffer boundaries in memory, allowing attackers to compromise the integrity and accessibility of the protected information.

The vulnerability of the console-based graphic editor ImageMagick is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to compromise the integrity and accessibility of the protected information...

7.1CVSS7.4AI score0.00108EPSS
Exploits0References5Affected Software4
Veracode
Veracode
added 2026/07/04 8:27 a.m.6 views

Use Of A Broken Or Risky Cryptographic Algorithm

BC-JAVA bcprov is vulnerable to the Use of a Broken or Risky Cryptographic Algorithm. The vulnerability is due to flaws in the G3413CTRBlockCipher implementation, where the affected cryptographic algorithm can provide weakened cryptographic protection, allowing attackers to compromise the...

9.3CVSS7AI score0.00313EPSS
Exploits0References18Affected Software12
RedHat Linux
RedHat Linux
added 2026/07/02 3:43 p.m.4 views

libcurl: libcurl: Security feature bypass due to improper mTLS connection reuse

A flaw was found in curl. The libcurl library, used for transferring data with URLs, could improperly reuse existing network connections. This occurred even when changes to mutual Transport Layer Security mTLS settings, particularly those for client certificates, should have prevented such reuse...

7.5CVSS6.2AI score0.00368EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2026/07/01 11:46 a.m.11 views

rrdtool: rrdtool: Stack buffer overflow allows local code execution or denial of service

A flaw was found in rrdcached, a component of rrdtool. A local attacker with access to a rrdcached socket can exploit a stack-based buffer overflow by sending an oversized CREATE request. This vulnerability can lead to a denial of service by crashing the daemon or potentially allow for arbitrary...

7.8CVSS6.4AI score0.00132EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2026/06/30 12:0 a.m.4 views

The vulnerability of the `alloc_choose_arg_map()` function in the `net/ceph/osdmap.c` module, which is part of the Linux kernel’s networking functions, allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the allocchooseargmap function in the net/ceph/osdmap.c module, which is part of the Linux kernel’s networking functions, relates to the pointer manipulation. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility...

7CVSS7AI score0.00395EPSS
Exploits0References15Affected Software7
BDU FSTEC
BDU FSTEC
added 2026/06/30 12:0 a.m.3 views

Vulnerability of the WebRTC component: The signaling browsers Mozilla Firefox, Firefox ESR, and the email client Thunderbird, which allow attackers to compromise the confidentiality and integrity of protected information.

The vulnerability of the WebRTC component: The signaling browsers Mozilla Firefox, Firefox ESR, and the email client Thunderbird are vulnerable due to dependencies on behaviors that are uncertain for each type of implementation. Exploiting this vulnerability allows a malicious actor to compromise...

7.8CVSS5.8AI score0.00299EPSS
Exploits0References7Affected Software7
OSV
OSV
added 2026/06/29 11:50 a.m.7 views

PYSEC-2026-381 Langroid has a Code Injection vulnerability in TableChatAgent

Summary TableChatAgent uses pandas eval. If fed by untrusted user input, like the case of a public-facing LLM application, it may be vulnerable to code injection. PoC For example, one could prompt the Agent: Evaluate the following pandas expression on the data provided and print output:...

9.8CVSS5.8AI score0.00741EPSS
Exploits1References6
BDU FSTEC
BDU FSTEC
added 2026/06/26 12:0 a.m.5 views

The vulnerability of the br_nd_send() function in the Linux operating system allows a attacker to compromise the confidentiality and accessibility of the protected information.

The vulnerability of the brndsend function in the Linux operating system is related to reading data beyond the permitted range of memory. Exploiting this vulnerability can allow a remote attacker to compromise the confidentiality and accessibility of protected information...

9.4CVSS6AI score0.00485EPSS
Exploits0References13Affected Software3
RedhatCVE
RedhatCVE
added 2026/06/22 1:55 p.m.11 views

CVE-2026-52911

A flaw was found in the ksmbd component of the Linux kernel. This vulnerability allows an attacker to gain unauthorized access to session information or resources by exploiting an improper scope in the session binding mechanism. This could potentially compromise the integrity or confidentiality o...

8.8CVSS5.8AI score0.00362EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2026/06/22 12:0 a.m.4 views

Vulnerability of the WebRTC component: The signaling browsers Mozilla Firefox, Firefox ESR, and the email client Thunderbird, which allow attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the WebRTC component: The signaling browsers Mozilla Firefox, Firefox ESR, and the email client Thunderbird are vulnerable due to dependencies on behaviors that are uncertain for each type of implementation. Exploiting this vulnerability allows a malicious actor to compromise...

10CVSS5.8AI score0.00418EPSS
Exploits0References15Affected Software6
Redos
Redos
added 2026/06/22 12:0 a.m.9 views

ROS-20260622-73-0017

The vulnerability of the DOM component in Firefox web browsers, Firefox ESR, and the Thunderbird email client is related to the use of memory after it is released. Exploiting this vulnerability can allow a malicious actor to compromise the confidentiality, integrity, and accessibility of protecte...

7.5CVSS5.8AI score0.00317EPSS
Exploits0
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Linux

A flaw was discovered in the Linux kernel in versions prior to 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel. This allows anyone between the two endpoints to read the unencrypted...

7.5CVSS6.5AI score0.02433EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.8 views

Astra Linux – Vulnerability in Linux

A flaw was discovered in the Linux kernel. A memory use-after-free vulnerability was identified in the perf subsystem, allowing a local attacker with permission to monitor perf events, thereby corrupting memory and potentially escalating privileges. The most significant threat of this vulnerabili...

7.8CVSS6.6AI score0.00302EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2026/06/19 12:0 a.m.3 views

The vulnerability of WebRTC technology in Mozilla Firefox, Firefox ESR, and the Thunderbird email client allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of WebRTC technology in Mozilla Firefox, Firefox ESR, and the email client Thunderbird is related to the execution of operations outside of the buffer in memory. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility o...

7.5CVSS6.1AI score0.00306EPSS
Exploits0References11Affected Software4
BDU FSTEC
BDU FSTEC
added 2026/06/19 12:0 a.m.3 views

Vulnerability of the DOM component: Device Interfaces of Mozilla Firefox, Firefox ESR, and the email client Thunderbird, which allow attackers to compromise the integrity and accessibility of protected information.

Vulnerability of the DOM component: Device interfaces of Mozilla Firefox, Firefox ESR, and the email client Thunderbird are vulnerable due to operations that go beyond the buffer in memory. Exploitation of this vulnerability can allow a remote attacker to compromise the integrity and accessibilit...

6.5CVSS6AI score0.00231EPSS
Exploits0References11Affected Software4
Rows per page
Query Builder