Lucene search
K

6946 matches found

Tenable Nessus
Tenable Nessus
added 4 days ago11 views

Linux Distros Unpatched Vulnerability : CVE-2026-53289

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ice: fix NULL pointer dereference in iceresetallvfs iceresetallvfs ignores the return value of icevfrebuildvsi. When the VSI rebuild fails e.g. during NVM...

5.8AI score0.00172EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 6 days ago8 views

PT-2026-52928

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference exists in the ice reset all vfs function. The issue occurs because ice reset all vfs ignores the return value of ice vf rebuild vsi. If the VSI rebuild...

5.8AI score0.00172EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 6 days ago8 views

SUSE SLES16: postgresql14 / postgresql14-contrib / postgresql14-devel / etc (SUSE-SU-2026:22177-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:22177-1 advisory. This update for postgresql14 fixes the following issues Security issues: - CVE-2026-6472: ensure the user has CREATE privilege on...

8.8CVSS6.1AI score0.00668EPSS
Exploits0References26
NVD
NVD
added 2026/06/24 9:16 p.m.9 views

CVE-2026-1840

The Aclara Metrum Cellular Web Interface is vulnerable to unauthorized access due to the absence of authentication controls on critical system functions. This weakness exposes essential configuration settings, allowing attackers to alter operational parameters and trigger system restarts without...

8.7CVSS0.00726EPSS
Exploits0References3
Chainguard
Chainguard
added 2026/06/24 8:18 p.m.10 views

GHSA-HV8M-JJ95-WG3X vulnerabilities

Vulnerabilities for packages: azure-functions-extension-bundles...

5.8AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/06/24 7:47 p.m.5 views

CVE-2026-1840

The Aclara Metrum Cellular Web Interface is vulnerable to unauthorized access due to the absence of authentication controls on critical system functions. This weakness exposes essential configuration settings, allowing attackers to alter operational parameters and trigger system restarts without...

8.7CVSS5.9AI score0.00726EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/24 7:47 p.m.21 views

CVE-2026-1840 Missing authentication for critical function in Hubbell Aclara Metrum Cellular Web Interface

The Aclara Metrum Cellular Web Interface is vulnerable to unauthorized access due to the absence of authentication controls on critical system functions. This weakness exposes essential configuration settings, allowing attackers to alter operational parameters and trigger system restarts without...

8.7CVSS0.00726EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/24 7:47 p.m.5 views

EUVD-2026-39058

The Aclara Metrum Cellular Web Interface is vulnerable to unauthorized access due to the absence of authentication controls on critical system functions. This weakness exposes essential configuration settings, allowing attackers to alter operational parameters and trigger system restarts without...

8.7CVSS5.9AI score0.00726EPSS
Exploits0References3
CVE
CVE
added 2026/06/24 7:47 p.m.9 views

CVE-2026-1840

The CVE concerns Hubbell Aclara Metrum Cellular Web Interface, where unauthorized access arises from missing authentication on critical system functions. This allows attackers to alter essential configuration settings, trigger system restarts, and potentially disrupt device communications. CISA a...

8.7CVSS5.9AI score0.00726EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/23 2:25 p.m.35 views

CVE-2026-27604 FOSSBilling: Improper API Role Validation (system) Enables Unauthenticated Access to Privileged Admin Functions

FOSSBilling is a free, open-source billing and client management system. Starting in version 0.5.4 and prior to version 0.8.0, an authorization bypass in the API role handling allows unauthenticated access to privileged /api/system/ endpoints. Because system resolves to the cron admin identity,...

10CVSS0.00408EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.12 views

PT-2026-51510

Name of the Vulnerable Software and Affected Versions picklescan versions prior to 1.0.4 Description The software fails to block at least seven Python standard library modules, including uuid, osx support, aix support, pyrepl.pager, and imaplib. This oversight exposes eight functions that allow...

9.8CVSS6.2AI score0.00757EPSS
Exploits0References10
NVD
NVD
added 2026/06/22 10:16 p.m.7 views

CVE-2026-56321

Capgo backend Supabase edge functions before 12.128.2 does not apply the global authentication middleware to the GET /private/rolebindings/:orgid endpoint, unlike the POST and DELETE rolebindings routes, so unauthenticated requests reach the handler instead of being rejected at the middleware...

6.9CVSS0.00322EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/22 1:20 p.m.3 views

Security Bulletin: Vulnerability in Lodash affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in Lodash has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerabilit...

8.2CVSS6.5AI score0.01535EPSS
Exploits0Affected Software2
RedHat Linux
RedHat Linux
added 2026/06/22 6:10 a.m.4 views

postgresql: PostgreSQL libpq: Buffer overflow allows server superuser to overwrite client stack memory

A flaw was found in PostgreSQL libpq. A server superuser can exploit a buffer overflow vulnerability in the PQfn function, which is used by client functions such as loexport, loread, lolseek64, and lotell64. This allows the superuser to send an arbitrarily large response, overwriting the client's...

8.8CVSS6.7AI score0.00464EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/21 10:0 p.m.7 views

CVE-2026-12811

A weakness has been identified in kortix-ai suna up to 0.8.38. Affected by this issue is the function router.replace/router.push of the file apps/frontend/src/app/auth/page.tsx of the component Auth Endpoint. Executing a manipulation of the argument returnURL can lead to cross site scripting. The...

5.3CVSS4AI score0.00288EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2026/06/20 3:24 p.m.27 views

CVE-2026-56235 Capgo - Unauthenticated Cross-Tenant Metrics Disclosure via RPC Functions

Cap-go capgo before 12.128.2 contains an authorization bypass in several Supabase PostgREST RPC functions getappmetrics, getglobalmetrics, gettotalmetrics that are granted to the anon role without enforcing org membership or permission checks. An unauthenticated attacker using only the public...

6.9CVSS0.00274EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/20 3:24 p.m.7 views

EUVD-2025-210289

Flowise before 3.0.8 contains a cross-site scripting XSS vulnerability caused by insufficient input filtering in chat messages and custom agent functions. An attacker can inject malicious JavaScript by sending an iframe payload e.g., in a chat box, or by having a custom agent function return an X...

6.1CVSS5.7AI score0.00222EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/20 3:24 p.m.29 views

CVE-2025-71331 Flowise - Cross-Site Scripting in Chat Messages and Agent Workflows

Flowise before 3.0.8 contains a cross-site scripting XSS vulnerability caused by insufficient input filtering in chat messages and custom agent functions. An attacker can inject malicious JavaScript by sending an iframe payload e.g., in a chat box, or by having a custom agent function return an X...

6.1CVSS0.00222EPSS
Exploits1References2
NVD
NVD
added 2026/06/20 1:16 a.m.11 views

CVE-2026-56216

Capgo before 12.128.2 contains a scope escalation vulnerability in the POST /functions/v1/apikey endpoint that allows app-limited API keys to mint unrestricted keys by setting empty limits. Attackers with a compromised app-limited key can create an unrestricted key with org-wide access to resourc...

8.8CVSS0.00251EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.17 views

PT-2026-51145

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.0.8 Description Insufficient input filtering in chat messages and custom agent functions allows for cross-site scripting XSS, a flaw where malicious scripts are injected into trusted websites. An attacker can execut...

6.1CVSS5.8AI score0.00222EPSS
Exploits1References9
Rows per page
Query Builder