Lucene search
K

1423 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:40 p.m.10 views

CVE-2025-48516

Insecure default configuration state of DDR5 memory module by AGESA Bootloader Firmware could allow an attacker with local user privilege to abuse the unprotected PMIC interface to create a permanent denial of service condition or affect the integrity of the memory module...

6.9CVSS5.5AI score0.00091EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:40 p.m.8 views

CVE-2026-43828

A flaw was found in Apache Shiro. Default configurations of Apache Shiro send sensitive cookies, such as JSESSIONID and rememberMe, in HTTPS sessions without the 'Secure' attribute. This oversight could allow a remote attacker to intercept these cookies, potentially leading to information...

6.5CVSS5.8AI score0.00272EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:40 p.m.10 views

CVE-2026-43827

A flaw was found in Apache Shiro. This vulnerability, known as session fixation, allows an attacker to hijack a user's session. This occurs because the system fails to invalidate an existing session or generate a new session identifier after a user successfully logs in. Consequently, a remote...

7.1CVSS5.8AI score0.00412EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:26 p.m.13 views

CVE-2026-48210

An improper default configuration in OTRS 2026.3.1 causes ticket article forwarding actions to enforce the “Is visible for customer” flag by default and prevent users from disabling it via the UI. This leads to unintended exposure of internal ticket information to the External Frontend This issue...

5.7CVSS5.5AI score0.00248EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:21 p.m.13 views

CVE-2026-41679

Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Prior to version 2026.416.0, an unauthenticated attacker can achieve full remote code execution on any network-accessible Paperclip instance running in authenticated mode with default configuration...

10CVSS6.3AI score0.01972EPSS
Exploits5References1
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.15 views

PT-2026-46143

A flaw was found in NetworkManager. This local privilege escalation vulnerability exists in NetworkManager's dhclient backend when processing malformed Manufacturer Usage Description MUD URLs. A local user can exploit this flaw to escalate privileges by triggering a script via a crafted MUD URL,...

6.7CVSS5.7AI score0.00118EPSS
Exploits0References3
NVD
NVD
added 2026/06/03 6:16 p.m.10 views

CVE-2019-25720

Dräger SC Monitoring devices SC 6002XL, SC 6802XL, SC 7000, SC 8000, SC 9000 XL contain a denial-of-service vulnerability in all software versions that allows unauthenticated attackers to reboot the monitor by sending a malformed network packet. Attackers can repeatedly send such malformed packet...

7.1CVSS0.00199EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/03 4:56 p.m.9 views

EUVD-2019-20161

Dräger SC Monitoring devices SC 6002XL, SC 6802XL, SC 7000, SC 8000, SC 9000 XL contain a denial-of-service vulnerability in all software versions that allows unauthenticated attackers to reboot the monitor by sending a malformed network packet. Attackers can repeatedly send such malformed packet...

7.1CVSS5.8AI score0.00199EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/03 4:2 p.m.11 views

CVE-2026-7312

CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from 14.0.7700 to 14.4.8152, and 15.0.8200 to 15.0.8234, and 15.1.8300 to 15.1.8335, 15.2.8400 to 15.2.8441, 15.3.8500 to 15.3.8531, and 15.4.8600 to 15.4.8630 allows a remote unauthenticated attacker to...

10CVSS5.8AI score0.00441EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/03 4:2 p.m.9 views

CVE-2026-7195

CWE-20: Improper Input Validation in web services in Progress Sitefinity 14.1.x through 14.3.x, 14.4.x before 14.4.8152, 15.0.x before 15.0.8234, 15.1.x before 15.1.8335, 15.2.x before 15.2.8441, 15.3.x before 15.3.8531, and 15.4.x before 15.4.8630 allows a remote unauthenticated attacker to...

8.8CVSS5.8AI score0.00471EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.11 views

PT-2026-45983

Dräger SC Monitoring devices SC 6002XL, SC 6802XL, SC 7000, SC 8000, SC 9000 XL contain a denial-of-service vulnerability in all software versions that allows unauthenticated attackers to reboot the monitor by sending a malformed network packet. Attackers can repeatedly send such malformed packet...

7.1CVSS5.8AI score0.00199EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/03 12:0 a.m.39 views

CVE-2026-36612

Mercusys AC12G EU V1 with firmware AC12GEUV1200909 enables WPS 2.0 by default with a weak lockout policy 60-second lockout after 10 attempts...

0.00139EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/02 1:9 p.m.11 views

CVE-2026-7312 CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity

CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from 14.0.7700 to 14.4.8152, and 15.0.8200 to 15.0.8234, and 15.1.8300 to 15.1.8335, 15.2.8400 to 15.2.8441, 15.3.8500 to 15.3.8531, and 15.4.8600 to 15.4.8630 allows a remote unauthenticated attacker to...

10CVSS5.8AI score0.00441EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/02 1:9 p.m.19 views

CVE-2026-7312

CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from 14.0.7700 to 14.4.8152, and 15.0.8200 to 15.0.8234, and 15.1.8300 to 15.1.8335, 15.2.8400 to 15.2.8441, 15.3.8500 to 15.3.8531, and 15.4.8600 to 15.4.8630 allows a remote unauthenticated attacker to...

10CVSS5.8AI score0.00441EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/02 1:4 p.m.16 views

EUVD-2026-33918

CWE-20: Improper Input Validation in web services in Progress Sitefinity 14.1.x through 14.3.x, 14.4.x before 14.4.8152, 15.0.x before 15.0.8234, 15.1.x before 15.1.8335, 15.2.x before 15.2.8441, 15.3.x before 15.3.8531, and 15.4.x before 15.4.8630 allows a remote unauthenticated attacker to...

10CVSS5.8AI score0.00471EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.13 views

PT-2026-45762

Name of the Vulnerable Software and Affected Versions Progress Sitefinity versions 14.0.7700 through 14.4.8152 Progress Sitefinity versions 15.0.8200 through 15.0.8234 Progress Sitefinity versions 15.1.8300 through 15.1.8335 Progress Sitefinity versions 15.2.8400 through 15.2.8441 Progress...

10CVSS5.8AI score0.00441EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.16 views

PT-2026-45763

Name of the Vulnerable Software and Affected Versions Progress Sitefinity versions 8.0.5700 through 13.3.7652 Description Insufficiently protected credentials in web services allow a remote authenticated attacker to obtain plain-text credentials used to connect to the Sitefinity Insight service...

8.7CVSS5.8AI score0.00319EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.15 views

PT-2026-45759

Name of the Vulnerable Software and Affected Versions Progress Sitefinity versions 14.1.x through 14.3.x Progress Sitefinity versions prior to 14.4.8152 Progress Sitefinity versions prior to 15.0.8234 Progress Sitefinity versions prior to 15.1.8335 Progress Sitefinity versions prior to 15.2.8441...

8.8CVSS5.4AI score0.00471EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2026/06/01 9:15 p.m.10 views

CVE-2019-25716 Dräger Infinity Delta/Kappa Patient Monitor DoS via Malformed Network Packet

Dräger Infinity Delta, Delta XL, and Kappa patient monitors contain a denial-of-service vulnerability that allows remote attackers to cause the monitor to reboot by sending a malformed network packet. Attackers can repeatedly send malformed network packets to disrupt patient monitoring until the...

7.1CVSS5.8AI score0.00413EPSS
Exploits0References2
CVE
CVE
added 2026/06/01 5:42 p.m.51 views

CVE-2026-22872

CVE-2026-22872 affects Capsule, a Kubernetes multi-tenant framework. The Capsule Controller runs with cluster-admin privileges. The vulnerability lies in TenantResource RawItems processing: the code sets the namespace on deserialized objects, but this is ignored for cluster-scoped resources, allo...

9.1CVSS5.8AI score0.0043EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder