Lucene search
K

9000 matches found

BDU FSTEC
BDU FSTEC
added 10 hours ago14 views

The vulnerability of the Directum RX ECM system, related to deficiencies in access control, allows a perpetrator to compromise data integrity.

The vulnerability of the Directum RX ECM system is related to deficiencies in access control. Exploiting this vulnerability could allow a remote attacker to compromise data integrity...

5CVSS5.8AI score
Exploits0Affected Software1
CVE
CVE
added 22 hours ago23 views

CVE-2026-44761

SAP Commerce Cloud is affected by CVE-2026-44761, where a sample OAuth2 client may retain publicly documented sample credentials from SAP Help Portal configuration. If left unchanged, an unauthenticated attacker could obtain a valid access token and invoke certain APIs to read and modify data, re...

9.1CVSS6.1AI score
Exploits0References2
RedhatCVE
RedhatCVE
added yesterday4 views

CVE-2026-14686

A flaw was found in HdrHistogram. This vulnerability affects the DoubleHistogram.recordValue function, which is part of the Range Check component. A local attacker can exploit this flaw by performing a specific manipulation, leading to an incorrect comparison of values. This issue primarily impac...

4.8CVSS6AI score0.0024EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 4 days ago3 views

form-data: form-data: Form field override via CRLF injection

A flaw was found in form-data, a library for creating readable multipart/form-data streams. A remote attacker can exploit this vulnerability by injecting carriage return CR, line feed LF, or double-quote " characters into the field argument of FormDataappend or the filename option. This allows th...

8.7CVSS6.1AI score0.00409EPSS
Exploits0References11
RedHat Linux
RedHat Linux
added 5 days ago4 views

netty: io.netty/netty-codec-http: Netty: Incorrect HTTP response parsing leads to data confusion

A flaw was found in Netty, an asynchronous, event-driven network application framework. A remote attacker could exploit this vulnerability by sending a specific sequence of HTTP responses 103, followed by a 200 with a GET body, then another 200 for a HEAD request when the client pipelines GET the...

9.1CVSS6.8AI score0.0075EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 5 days ago4 views

netty-codec-redis: Netty: Command injection via CRLF characters in Redis codec encoder

A flaw was found in Netty, an asynchronous, event-driven network application framework. The Netty Redis codec encoder RedisEncoder does not properly validate or sanitize user-controlled string content for CRLF Carriage Return Line Feed characters. A remote attacker, by controlling the content of ...

7.1CVSS6.7AI score0.00198EPSS
Exploits1References5
Snyk
Snyk
added 6 days ago5 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation due to improper enforcement of the Certificate Revocation List on the gRPC listener when separate listeners are configured for HTTP and gRPC client endpoints. An attacker can gain unauthorized access and...

8.5CVSS6.1AI score0.00364EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago10 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation due to improper enforcement of the Certificate Revocation List on the gRPC listener when separate listeners are configured for HTTP and gRPC client endpoints. An attacker can gain unauthorized access and...

8.5CVSS6.1AI score0.00364EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago5 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation due to improper enforcement of the Certificate Revocation List on the gRPC listener when separate listeners are configured for HTTP and gRPC client endpoints. An attacker can gain unauthorized access and...

8.5CVSS6.1AI score0.00364EPSS
Exploits0References2
EUVD
EUVD
added 6 days ago5 views

EUVD-2026-42239

An authorization bypass in MISP’s EventsController::importModule allowed authenticated users or read-only API keys with event view access to persist data to events they were not allowed to modify. When an import module returned results in the mispstandard format, the write path did not verify eve...

5.3CVSS6AI score0.0022EPSS
Exploits0References1
CVE
CVE
added 6 days ago7 views

CVE-2026-60124

The CVE-2026-60124 in MISP concerns an authorization bypass in EventsController::importModule(). When an import module returns results in the misp_standard format, the write path failed to verify event modification rights, allowing authenticated users or read-only API keys with event view access ...

5.3CVSS6AI score0.0022EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 6 days ago4 views

CVE-2026-59998

A flaw was found in OpenSSH. The sshd component has an undocumented security-relevant behavior where GSSAPIStrictAcceptorCheck has no value when the server is in a Windows Active Directory environment. This could lead to unintended information disclosure and impact data integrity...

6.5CVSS5.9AI score0.00179EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/06 9:54 p.m.7 views

EUVD-2026-25038

cut: -s ignored in -z -d '' newline-delimiter mode...

3.3CVSS5.9AI score0.00182EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/07/06 3:7 p.m.6 views

nodejs: Node.js: Certification validation bypass in TLS host verification

A flaw was found in Node.js. An attacker can exploit a vulnerability in the Transport Layer Security TLS host verification process to bypass certification validation. This bypass could allow an attacker to intercept or alter communications, potentially leading to information disclosure or integri...

4.3CVSS6.2AI score0.00258EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/07/06 5:32 a.m.7 views

undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery.

A flaw was found in undici. An attacker-controlled upstream server can exploit a vulnerability in Undici's HTTP/1.1 client, specifically related to response queue poisoning on reused keep-alive sockets. This allows the attacker to inject an unsolicited HTTP/1.1 response onto an idle socket...

3.7CVSS6AI score0.00228EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/07/06 4:52 a.m.5 views

undici: undici: Information disclosure and data integrity issues due to incorrect Socks5ProxyAgent connection routing

A flaw was found in undici. When using Socks5ProxyAgent, undici incorrectly reuses a single connection pool across different origins. This can lead to cross-origin request routing, where sensitive credentials and data intended for one destination are sent to another. Consequently, responses from...

8.8CVSS6.6AI score0.00358EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/07/03 6:48 a.m.8 views

CVE-2026-54891

A flaw was found in Erlang's SSL Secure Sockets Layer component. A network-positioned attacker can exploit this vulnerability by injecting unauthenticated plaintext data into a client's TLS Transport Layer Security handshake. The client application may then process this injected data as if it wer...

6.3CVSS5.9AI score0.00135EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/07/01 11:46 a.m.8 views

rrdtool: rrdtool: Stack buffer overflow allows local code execution or denial of service

A flaw was found in rrdcached, a component of rrdtool. A local attacker with access to a rrdcached socket can exploit a stack-based buffer overflow by sending an oversized CREATE request. This vulnerability can lead to a denial of service by crashing the daemon or potentially allow for arbitrary...

7.8CVSS6.4AI score0.00132EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/30 8:50 p.m.21 views

CVE-2026-54515

A flaw was found in jackson-databind. This vulnerability occurs in the data-binding functionality where properties intended to be ignored are incorrectly restored and become writable again. An attacker could potentially exploit this by providing input that modifies data through these supposedly...

5.3CVSS5.6AI score0.00345EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/29 6:44 p.m.8 views

CVE-2026-49839

A flaw was found in jq, a command-line JSON processor. This vulnerability allows an attacker to trigger a heap out-of-bounds write by providing a specially crafted, oversized file to the jq --rawfile option. This can lead to a denial of service DoS, making the affected system or application...

7.1CVSS5.7AI score0.00165EPSS
Exploits1References4
Rows per page
Query Builder