Lucene search
K

3013 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/09 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-46315

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - iouring/waitid: clear waitid info before copying it to userspace IORINGOPWAITID stores its result fields in struct iowaitid::info and later copies them to...

5.5CVSS6AI score0.00114EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/08 3:5 p.m.12 views

EUVD-2020-31250

OfflineIMAP before 8.0.3 trusts the server with their STARTTLS capability prior to authentication, which allows STRIPTLS/man-in-the-middle attacks, taking over the connection and extracting account credentials in cleartext...

6.5CVSS5.5AI score0.00186EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/08 12:58 p.m.6 views

CVE-2026-49232

Routinator exits on any error when accepting incoming HTTP or RTR connections, including ones it can recover from such as running out of file descriptors. This condition can be triggered maliciously by an attacker by opening a large number of connections to the HTTP or RTR server. This only affec...

8.7CVSS5.5AI score0.00333EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2026/06/08 12:0 a.m.11 views

Revive Adserver 6.0.6 Security Auditor

This script is a defensive security auditing utility designed to identify exposed services, review configuration weaknesses, and collect security posture information from a Revive Adserver deployment without performing direct exploitation...

5.5AI score
Exploits0
Cvelist
Cvelist
added 2026/06/05 9:8 p.m.39 views

CVE-2026-11431 Path Traversal in Altium Projects Service Allows Arbitrary File Read

A path traversal vulnerability exists in the Projects Service download endpoint shared by Altium Enterprise Server and Altium 365. An authenticated user can supply a crafted path parameter that bypasses validation, allowing arbitrary files including entire directories returned as archives to be...

8.3CVSS0.00517EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/05 8:12 p.m.7 views

CVE-2026-11423

A path traversal vulnerability exists in the Altium Enterprise Server Collaboration Service due to improper handling of user-supplied filenames in the MCAD and Simulation file download flows. A regular authenticated user can submit a collaboration message containing a crafted filename, which is...

9.4CVSS5.6AI score0.00321EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.10 views

CVE-2025-59853

HCL DFXAnalytics is affected by an Improper Error Handling vulnerability where the application exposes detailed stack traces in responses, which could allow an attacker to gain insights into the application's internal structure, code logic, and environment configurations...

5.3CVSS5.5AI score0.00166EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.10 views

CVE-2026-10622

Improper Authentication in REST API in Collibra Agent, allows a remote unauthenticated attacker to access privileged functionality via exposed '/rest/ endpoints...

8.2CVSS5.5AI score0.00442EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:47 p.m.8 views

CVE-2026-27949

Plane is an an open-source project management tool. Prior to 1.3.0, a vulnerability was identified in Plane's authentication flow where a user's email address is included as a query parameter in the URL during error handling e.g., when an invalid magic code is submitted. Transmitting personally...

4.3CVSS5.5AI score0.00168EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.9 views

CVE-2026-44719

Mathesar is a web application that makes working with PostgreSQL databases both simple and powerful. From 0.2.0 to before 0.10.0, collaborators.list, tables.metadata.list, explorations.list, and forms.list accept a databaseid without verifying that the requesting user was a collaborator on that...

5.3CVSS5.5AI score0.00278EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.11 views

CVE-2026-44003

A flaw was found in vm2 before 3.11.0. A code transformer fast-path skips AST analysis when catch, import, and async are absent, allowing direct access to VM2INTERNALSTATEDONOTUSEORPROGRAMWILLFAIL and internal security functions handleException, wrapWith, import. Fixed in 3.11.0...

5.8CVSS5.8AI score0.00248EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.9 views

CVE-2026-44226

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, pyload-ng WebUI returns full Python traceback details to clients on unhandled exceptions. Because /web/ is reachable without authentication and renders attacker-controlled template names, an...

5.3CVSS5.5AI score0.00336EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:14 p.m.9 views

CVE-2026-4483

An exposed IOCTL with an insufficient access control vulnerability has been identified in the utility, MxGeneralIo, for Moxa’s industrial x86 computers. The affected utility, MxGeneralIo, exposes IOCTL methods that permit direct read and write access to MSR and system memory. A local attacker wit...

7CVSS5.4AI score0.00299EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/05 11:29 a.m.13 views

EUVD-2026-34824

An Improper Authentication vulnerability in the /api/Cdn/GetFile endpoint of linqi allows unauthenticated, remote attackers to bypass file access controls. The ValidateAnonFileAccess function incorrectly grants access if an 'AnonFile' query parameter containing exactly 256 characters is provided...

6.9CVSS5.5AI score0.00414EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 1:22 p.m.10 views

EUVD-2019-20162

All in One Video Downloader 1.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send requests to the admin interface with UNION-based SQL injection payloads in the id...

8.8CVSS6.1AI score0.0027EPSS
Exploits0References5
CVE
CVE
added 2026/06/04 7:28 a.m.22 views

CVE-2026-50211

Technical details about CVE-2026-50211 are not publicly provided in the supplied documents. Monitor for updates as additional data may reveal affected products, root cause, and mitigations.

9.8CVSS5.8AI score0.0029EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/06/04 6:30 a.m.22 views

CVE-2026-49202

Technical details are not publicly available in the provided documents; monitor for updates.

8.8CVSS5.7AI score0.00257EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/04 12:0 a.m.9 views

CVE-2026-41283

OpenStack Mistral through 22.0.0 allows Arbitrary Remote Code Execution when the API is exposed. There are endpoints that allow code execution, which can lead to exfiltration of service credentials...

9.9CVSS5.9AI score0.00733EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/04 12:0 a.m.11 views

CVE-2026-41283

OpenStack Mistral through 22.0.0 allows Arbitrary Remote Code Execution when the API is exposed. There are endpoints that allow code execution, which can lead to exfiltration of service credentials...

9.9CVSS5.9AI score0.00733EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/06/04 12:0 a.m.32 views

CVE-2026-41283

OpenStack Mistral

9.9CVSS5.9AI score0.00733EPSS
Exploits0References7
Rows per page
Query Builder