Lucene search
K

2980 matches found

Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.14 views

PT-2026-53660

Name of the Vulnerable Software and Affected Versions Parseable versions prior to 2.9.2 Description An information disclosure issue exists in the notification-target API endpoints where webhook tokens and basic-auth credentials are returned in cleartext. This occurs because the secret-masking...

7.1CVSS5.9AI score0.00264EPSS
Exploits0References9
EUVD
EUVD
added 2026/06/26 9:56 p.m.15 views

EUVD-2026-31692

Hackney: Cross-origin Redirect Leaks Authorization, Cookie, and Request Body...

6.1CVSS5.8AI score0.00348EPSS
Exploits1References5
OSV
OSV
added 2026/06/26 9:8 p.m.2 views

GHSA-RP72-5V5Q-2446 @cardano402/mcp-server missing spending limits, LAN-exposed HTTP transport, and SSRF via catalog.server.url

Summary @cardano402/mcp-server versions = 0.1.1 ship three security gaps that can lead to unauthorized fund movement when the package is used as designed an MCP server exposing Cardano payment tools to an Impact 1. No spending limits on signed payments An LLM or prompt-injected LLM calling tools...

5.8AI score
Exploits0References2
NVD
NVD
added 2026/06/26 8:16 a.m.7 views

CVE-2026-49486

The Apache Airflow FTP provider's FTPSHook.getconn created an ftplib.FTPTLS connection but never called protp, so although the control channel was TLS-protected the data channel was transmitted in cleartext. Any deployment using FTPSHook or FTPSFileTransmitOperator to move files over FTPS exposed...

7.5CVSS0.00264EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2026/06/26 1:14 a.m.6 views

CVE-2026-48615

A flaw in Node.js proxy tunnel error handling could expose proxy credentials in ERRPROXYTUNNEL error messages. When proxy credentials are embedded in the proxy URL, they may be exposed through error handling paths and captured by logs, diagnostics, or other error consumers. This vulnerability...

7.5CVSS6.6AI score0.00437EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/26 12:0 a.m.21 views

CVE-2026-38571

Cleartext storage and exposure of WPA2 credentials, and missing authentication on the rr/wr memory read/write commands, in the unauthenticated UART debug console of the Tenda N300 F3 V603 allow a physically proximate attacker to obtain stored WPA2 credentials in cleartext and to read or write...

0.00113EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 12:0 a.m.9 views

CVE-2026-38571

The CVE-2026-38571 case concerns the Tenda N300 F3 device (version V603), where the unauthenticated UART debug console stores WPA2 credentials in cleartext and does not require authentication for rr/wr memory read/write commands. This enables a physically proximate attacker to extract stored WPA2...

4.6CVSS6AI score0.00113EPSS
Exploits0References1
Wolfi
Wolfi
added 2026/06/25 8:46 p.m.10 views

CVE-2026-56409 vulnerabilities

Vulnerabilities for packages: expat...

6.5CVSS5.8AI score0.00098EPSS
Exploits0
NVD
NVD
added 2026/06/25 4:16 p.m.7 views

CVE-2026-9716

CWE-476 NULL Pointer Dereference vulnerability exists that could cause a denial-of-service condition, rendering the device’s HMI and configuration functionality unavailable when malformed requests are received over exposed network interfaces...

8.7CVSS0.00263EPSS
Exploits0References1
NVD
NVD
added 2026/06/25 4:16 p.m.8 views

CVE-2026-9717

CWE-78 Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability exists that could allow unauthorized execution of commands with elevated privileges, impacting system integrity, confidentiality, and availability when a privileged authenticated user interacts wi...

8.6CVSS0.01191EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 3:7 p.m.23 views

CVE-2026-9718

Technical details about CVE-2026-9718 are not publicly available in the provided documents; monitor for updates from official advisories.

6.9CVSS5.9AI score0.00243EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/25 3:5 p.m.31 views

CVE-2026-9717

CWE-78 Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability exists that could allow unauthorized execution of commands with elevated privileges, impacting system integrity, confidentiality, and availability when a privileged authenticated user interacts wi...

8.6CVSS0.01191EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 3:5 p.m.5 views

EUVD-2026-39434

CWE-78 Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability exists that could allow unauthorized execution of commands with elevated privileges, impacting system integrity, confidentiality, and availability when a privileged authenticated user interacts wi...

8.6CVSS6AI score0.01191EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 3:2 p.m.21 views

CVE-2026-9716

CVE-2026-9716 describes a CWE-476 NULL Pointer Dereference that could cause a denial-of-service, rendering a device’s HMI and configuration functionality unavailable when malformed requests hit exposed network interfaces. The root cause is a NULL pointer dereference; impact is high availability l...

8.7CVSS5.8AI score0.00263EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/25 3:2 p.m.5 views

CVE-2026-9716

CWE-476 NULL Pointer Dereference vulnerability exists that could cause a denial-of-service condition, rendering the device’s HMI and configuration functionality unavailable when malformed requests are received over exposed network interfaces...

8.7CVSS5.8AI score0.00263EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/25 3:2 p.m.30 views

CVE-2026-9716

CWE-476 NULL Pointer Dereference vulnerability exists that could cause a denial-of-service condition, rendering the device’s HMI and configuration functionality unavailable when malformed requests are received over exposed network interfaces...

8.7CVSS0.00263EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 2:44 p.m.4 views

EUVD-2026-39430

CWE-522 Insufficiently Protected Credentials vulnerability that could cause unauthorized access and exposure of sensitive information when unauthenticated attacker accesses credentials stored within firmware or system files. With this credential an attacker could subsequently compromise the devic...

8.7CVSS5.9AI score0.00247EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.10 views

PT-2026-52198

Name of the Vulnerable Software and Affected Versions GitLab EE versions 19.1 through 19.1.0 Description Insufficient output filtering in Duo Workflows could allow a user to access sensitive information that had already been committed to a project. Recommendations Update GitLab EE to version 19.1...

8.6CVSS5.8AI score0.00328EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/06/24 9:35 p.m.18 views

CVE-2026-50189 Appsmith: RCE via Supervisord XML-RPC Admin Interface Exposed via /supervisor Caddy Route

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 2.1, Appsmith's bundled supervisord exposes an XML-RPC interface on port 9001, reachable from outside the container via a Caddy reverse-proxy route at /supervisor/ on the public ingress. Combined with the...

8.9CVSS0.00271EPSS
Exploits1References1
CVE
CVE
added 2026/06/24 8:45 p.m.10 views

CVE-2026-32315

motionEye prior to 0.44.0 creates /etc/motioneye/motion.conf with 644 permissions (-rw-r--r--) and per-camera camera-.conf with identical permissions, making the admin password hash and camera credentials readable by any local user. The SHA1 admin password hash can be cracked offline to plaintext...

5.5CVSS5.8AI score0.02902EPSS
Exploits0References2
Rows per page
Query Builder