Lucene search
K

501 matches found

Positive Technologies
Positive Technologies
added 4 days ago8 views

PT-2026-56948

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in jwsthemes Aqua aqua allows PHP Local File Inclusion.This issue affects Aqua: from n/a through = 5.1.2...

7.5CVSS6.1AI score
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/01 3:46 p.m.6 views

CVE-2026-13211

The genucenter web interface before version 8.0p11 unnecessarily exposes sensitive SNMP authentication and encryption keys in its HTTP responses to users with the “Service” or “Admin” role...

4.3CVSS5.8AI score0.00139EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/30 7:32 p.m.15 views

CVE-2026-13449

IBM Business Automation Manager Open Editions (versions 9.0.0–9.4.2) are vulnerable to an XML External Entity (XXE) attack when processing XML data, potentially exposing sensitive information or exhausting memory. Root cause: XXE in XML processing. Impact: confidentiality and availability risks a...

9.1CVSS5.8AI score0.00406EPSS
Exploits0References1Affected Software1
AlpineLinux
AlpineLinux
added 2026/06/25 12:24 p.m.6 views

CVE-2026-42004

An attacker can send a crafted EDNS OPT record that will be ignored by DNSdist’s filtering rules, but will be rewritten as a valid OPT record when EDNS Client Subnet is inserted, causing the backend to see the EDNS options that DNSdist did not filter...

3.7CVSS5.9AI score0.00162EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/06/25 5:24 a.m.7 views

CVE-2026-12244

If NSD is configured as secondary for a zone, the primary of that zone can crash NSD with an AXFR containing a DNS message with a special crafted SVCB RR with an rdata size of 65512, that let's an uint16t variable that is used to allocate space needed for the RR wrap because total size 65535,...

8.8CVSS5.9AI score0.00303EPSS
Exploits0
Veracode
Veracode
added 2026/06/23 8:8 a.m.10 views

Improper Access Control

LangGraph Python SDK is vulnerable to Improper Access Control. The vulnerability is due to unsafe URL path construction using unsanitized user-supplied identifiers, where special characters in identifier values can alter the intended request path and target unintended resources, allowing attacker...

9.1CVSS5.8AI score0.00216EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/18 8:31 p.m.10 views

GHSA-72FW-CQH5-F324 OpenClaw: memory-wiki shared search could miss session visibility checks

Summary memory-wiki shared search could miss session visibility checks. In affected versions, a caller able to search shared memory could skip the session visibility guard on the affected search path. This advisory is scoped to the named feature and configuration. It does not change OpenClaw's...

6.5CVSS5.6AI score0.0021EPSS
Exploits0References4
CVE
CVE
added 2026/06/12 3:49 p.m.16 views

CVE-2026-7184

Mattermost CVE-2026-7184 affects Mattermost versions 11.6.x up to 11.6.1, 11.5.x up to 11.5.4, and 10.11.x up to 10.11.15. The issue is a failure to sanitize the Remote Cluster API response on PATCH operations, allowing authenticated users with the {{manage_secure_connections}} permission to obta...

6.5CVSS5.4AI score0.00255EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.17 views

PT-2026-48807

Name of the Vulnerable Software and Affected Versions Arc versions prior to 26.06.1 Description Arc registers Go net/http/pprof handlers at the /debug/pprof/ endpoint. Due to a configuration where /debug/pprof is added to PublicPrefixes and the authentication middleware short-circuits before toke...

8.8CVSS6AI score0.0009EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/09 11:49 p.m.39 views

CVE-2026-41730 Spring Data REST exposes persistence-layer internals in error responses

Spring Data REST serializes the full exception cause chain into HTTP error response bodies, potentially exposing persistence-layer internals to HTTP clients. Affected versions: Spring Data REST 3.7.0 through 3.7.19; 4.3.0 through 4.3.16; 4.4.0 through 4.4.14; 4.5.0 through 4.5.11; 5.0.0 through...

5.3CVSS0.00197EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/09 12:0 a.m.13 views

EulerOS 2.0 SP11 : tigervnc (EulerOS-SA-2026-2230)

According to the versions of the tigervnc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In TigerVNC before 1.16.2, Image.cxx in x0vncserver allows other users to observe or manipulate the screen contents, or cause an application...

9.8CVSS5.6AI score0.00247EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:40 p.m.8 views

CVE-2025-62310

HCL AION is affected by a vulnerability where encryption is not enforced for certain data transmissions or operations. This may expose sensitive information to potential interception or unauthorized access under specific conditions...

5.4CVSS5.4AI score0.00049EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.9 views

CVE-2026-41184

In Calico, the install-cni init container logs the rendered CNI configuration to standard output. When the configuration template uses the SERVICEACCOUNTTOKEN placeholder Canal/Flannel-Calico deployments, the installer substitutes the live Kubernetes ServiceAccount bearer token before logging,...

6.5CVSS5.5AI score0.00504EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:27 p.m.12 views

CVE-2026-40979

In Spring AI, having access to a shared environment can expose the ONNX model used by the application. Affected versions: Spring AI: 1.0.0 - 1.0.5 fixed in 1.0.6, 1.1.0 - 1.1.4 fixed in 1.1.5...

6.1CVSS5.4AI score0.00105EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:27 p.m.12 views

CVE-2026-40137

SAP TAFAPPLAUNCHER within Business Server Pages allows an unauthenticated attacker to craft malicious links that, when clicked by a victim, redirects them to attacker?controlled sites, potentially exposing or altering sensitive information in the victim�s browser. This results in a low impact on...

6.1CVSS5.5AI score0.00211EPSS
Exploits0References1
NVD
NVD
added 2026/06/04 3:16 p.m.14 views

CVE-2026-36178

The factory reset functionality in GNCC GP5 v7.1.76 fails to clear sensitive cryptographic material in the JFFS2 configuration partition, possibly allowing attackers to recover and obtain sensitive user data...

4.6CVSS0.00145EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/04 9:26 a.m.42 views

CVE-2026-50224 Unauthenticated IPv6 WAN Management Exposure

The web administration panel binds broadly to the public IPv6 address space on port :::8080 without default firewall limits, making internal API endpoints reachable over the WAN...

6.9CVSS0.00234EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/03 6:9 p.m.11 views

EUVD-2026-34163

Version 3.0.7 of the Securly Chrome Extension exposes multiple publicly accessible endpoints that allow unauthenticated access to sensitive data. The exposed information consists of SHA-1 hashes that are inadequately obfuscated using a simple Caesar cipher, which can be easily reversed to recover...

5.8AI score0.00211EPSS
Exploits0References1
Rockylinux
Rockylinux
added 2026/05/29 4:3 p.m.14 views

xorg-x11-server-Xwayland security update

An update is available for xorg-x11-server-Xwayland. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Xwayland is an X server for running X clients under Wayland...

7.8CVSS5.8AI score0.0038EPSS
Exploits0
Hacker One
Hacker One
added 2026/05/29 9:18 a.m.24 views

curl: Low priority HSTS bypass in curl_easy_duphandle()

Summary: curleasyduphandle creates a fresh HSTS store for the cloned handle and populates it from the configured files and callbacks, but never copies entries acquired from Strict-Transport-Security response headers during the parent's lifetime. This means the client using a cloned handle may...

5.8AI score
Exploits0
Rows per page
Query Builder