Lucene search
+L

950 matches found

EUVD
EUVD
added yesterday6 views

EUVD-2026-45196

TheHive through 4.1.24 contains an unauthenticated information disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration data by sending a GET request to the /api/status endpoint, which lacks authentication enforcement in the StatusCtrl.scala handler...

6.9CVSS5.4AI score
Exploits0References2
Cvelist
Cvelist
added yesterday29 views

CVE-2026-63098 TheHive 4.1.24 Unauthenticated Information Disclosure via /api/status Endpoint

TheHive through 4.1.24 contains an unauthenticated information disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration data by sending a GET request to the /api/status endpoint, which lacks authentication enforcement in the StatusCtrl.scala handler...

6.9CVSS
Exploits0References2
NVD
NVD
added yesterday8 views

CVE-2026-59252

Improper Validation of Specified Quantity in Input in ZenHive mpp allows an unauthenticated remote client to drain the fee-payer wallet, resulting in denial of service for legitimate clients. When the mpp Elixir library is configured as fee payer feepayer: true, the MPP.Methods.Tempo payment meth...

8.2CVSS
Exploits0References4
OSV
OSV
added yesterday7 views

EEF-CVE-2026-59252 Missing gas_limit validation in mpp Tempo fee-payer enables wallet drain

Summary Improper Validation of Specified Quantity in Input in ZenHive mpp allows an unauthenticated remote client to drain the fee-payer wallet, resulting in denial of service for legitimate clients. When the mpp Elixir library is configured as fee payer fee\payer: true, the MPP.Methods.Tempo...

8.2CVSS6.1AI score
Exploits0References4
ATTACKERKB
ATTACKERKB
added yesterday7 views

CVE-2026-59695

Improper Validation of Specified Quantity in Input in ZenHive mpp allows an unauthenticated remote client to drain the fee-payer wallet in a single request by naming an arbitrarily high gas price. When the mpp Elixir library is configured as fee payer feepayer: true,...

8.3CVSS5.5AI score
Exploits0References5Affected Software1
The Hacker News
The Hacker News
added 3 days ago16 views

Researcher Drops New Windows Zero-Day PoC Hours After Microsoft Patch Tuesday

Security researcher Chaotic Eclipse aka Nightmare-Eclipse has released a new proof-of-concept PoC exploit called LegacyHive. It has been described as a Windows User Profile Service arbitrary hive load elevation of privileges vulnerability. The Windows User Profile Service, also referred to as...

9.8CVSS7.2AI score0.05601EPSS
Exploits0
NVD
NVD
added 5 days ago3 views

CVE-2026-57381

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Property Hive PropertyHive propertyhive allows Reflected XSS.This issue affects PropertyHive: from n/a through = 2.2.3...

7.1CVSS0.0018EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago28 views

CVE-2026-57381 WordPress PropertyHive plugin <= 2.2.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Property Hive PropertyHive propertyhive allows Reflected XSS.This issue affects PropertyHive: from n/a through = 2.2.3...

7.1CVSS0.0018EPSS
Exploits0References1
OSV
OSV
added 2026/07/07 11:45 a.m.4 views

PYSEC-2026-1139 Apache Airflow Apache Hive Provider Improper Input Validation vulnerability

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Apache Hive Provider. Patching on top of CVE-2023-35797 Before 6.1.2 the proxyuser option can also inject semicolon. This issue affects Apache Airflow Apache Hive Provider: before 6.1.2. It is recommended updatin...

8.8CVSS7.1AI score0.01586EPSS
Exploits0References6
OSV
OSV
added 2026/07/07 10:17 a.m.4 views

PYSEC-2026-772 OS Command Injection in Apache Airflow

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Apache Airflow Hive Provider, Apache Airflow allows an attacker to execute arbtrary commands in the task execution context, without write access to DAG files. This issue affects Hive Provider...

7.8CVSS6.2AI score0.01753EPSS
Exploits0References6
OSV
OSV
added 2026/06/29 11:50 a.m.11 views

PYSEC-2026-273 Apache Airflow Hive Provider Beeline remote code execution with Principal

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Hive Provider. This issue affects Apache Airflow Apache Hive Provider: before 6.1.1. Before version 6.1.1 it was possible to bypass the security check to RCE via principal parameter. For this to be exploited it...

9.8CVSS7.2AI score0.02791EPSS
Exploits0References8
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-271 Apache Airflow Hive Provider vulnerable to code injection

Apache Software Foundation's Apache Airflow Hive Provider before 6.0.0 is vulnerable to improper control of generation of code...

9.8CVSS7.3AI score0.02765EPSS
Exploits0References7
OSV
OSV
added 2026/06/29 11:50 a.m.8 views

PYSEC-2026-272 Apache Airflow Hive Provider Improper Input Validation vulnerability

Improper Input Validation vulnerability in the Apache Airflow Hive Provider. This issue affects Apache Airflow Hive Provider versions before 5.1.3...

9.8CVSS7.3AI score0.01982EPSS
Exploits0References6
OSV
OSV
added 2026/06/29 11:50 a.m.7 views

PYSEC-2026-351 H2O Deserialization of Untrusted Data Vulnerability

A vulnerability in the h2oai/h2o-3 REST API versions 3.46.0.4 allows unauthenticated remote attackers to execute arbitrary code via deserialization of untrusted data. The vulnerability exists in the endpoints POST /99/ImportSQLTable and POST /3/SaveToHiveTable, where user-controlled JDBC URLs are...

9.8CVSS7.8AI score0.01441EPSS
Exploits1References6
OSV
OSV
added 2026/06/29 11:50 a.m.9 views

PYSEC-2026-274 Apache Airflow Hive Provider vulnerable to Command Injection

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Apache Software Foundation Apache Airflow Hive Provider.This issue affects Apache Airflow Hive Provider before 5.0.0...

9.8CVSS7.3AI score0.0322EPSS
Exploits0References6
vulnersOsv
vulnersOsv
added 2026/06/08 11:2 p.m.6 views

ai.chronon:service_2.11 (>=0.0.86 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91), ai.chronon:service_2.12 (>=0.0.86 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91) +2498 more potentially affected by CVE-2026-46340 via io.netty:netty-transport-sctp (>=4.0.0.Beta1 <=4.1.134.Final)

io.netty:netty-transport-sctp MAVEN version =4.0.0.Beta1, =0.0.86, =0.0.86, =0.0.86, =3.30.1.1, =3.10.0.5, =0.2.3.5, =0.0.1, =2.0.24, =1.1.9, =0.0.1, =0.0.9 and more Source cves: CVE-2026-46340 Source advisory: OSV:GHSA-5XRH-QMMQ-W6CH...

7.5CVSS5.7AI score0.0038EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/06/08 11:1 p.m.9 views

ai.h2o:h2o-algos (=0.1.9), ai.h2o:h2o-app (=0.1.9) +2053 more potentially affected by CVE-2026-45536 via io.netty:netty-transport-native-kqueue (>=4.1.11.Final <=4.1.134.Final)

io.netty:netty-transport-native-kqueue MAVEN version =4.1.11.Final, =3.30.1.1, =3.10.0.5, =0.2.3.5, =0.1.0, =0.0.1, =2.4.0, =1.5.0, =3.0.0, =3.0.0, =3.0.1 and more Source cves: CVE-2026-45536 Source advisory: OSV:GHSA-W573-9FFJ-6FF9...

4CVSS5.7AI score0.00136EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:41 p.m.9 views

CVE-2025-59874

HCL Hive Telco Observability is affected by a Required directives missing from the CSP issue is detected in keycloak component of the web application. Missing essential directives can leave a site vulnerable...

8.1CVSS5.3AI score0.00268EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:40 p.m.13 views

CVE-2026-7824

An issue was discovered in the PaperCut Hive Ricoh embedded application. When the "Deep Logging" diagnostic mode is enabled, the application inadvertently records administrative credentials in plain text within the log files. An attacker with administrative access to the PaperCut Hive management...

5.9CVSS5.5AI score0.00242EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:16 p.m.8 views

CVE-2026-42729

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Property Hive PropertyHive propertyhive allows DOM-Based XSS.This issue affects PropertyHive: from n/a through = 2.2.2...

7.1CVSS5.4AI score0.00175EPSS
Exploits0References1
Rows per page
Query Builder