Lucene search
K

493 matches found

IBM Security Bulletins
IBM Security Bulletins
added 5 days ago5 views

Security Bulletin: Multiple vulnerabilities affect IBM® Db2® Big SQL on IBM Software Hub.

Summary Multiple vulnerabilities have been addressed in IBM® Db2® Big SQL on IBM Software Hub. Vulnerability Details CVEID:CVE-2026-2950 DESCRIPTION: Impact: Lodash versions 4.17.23 and earlier are vulnerable to prototype pollution in the .unset and .omit functions. The fix for CVE-2025-13465:...

9.8CVSS7.5AI score0.01735EPSS
Exploits5Affected Software1
Cvelist
Cvelist
added 6 days ago22 views

CVE-2026-40941 Cacti: Package Import Signature Validation Bypass Allows Self-Signed Packages

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have a package import signature validation bypass allows which allows self-signed packages. This issue has been fixed in version 1.2.31...

7.1CVSS0.00159EPSS
Exploits0References3
CVE
CVE
added 6 days ago17 views

CVE-2026-40941

CVE-2026-40941 affects Cacti up to version 1.2.30 and is caused by a package import signature validation bypass that allows the use of self-signed packages. The issue has been fixed in version 1.2.31. Affected software is Cacti (open source performance and fault management framework). Remediation...

7.1CVSS5.7AI score0.00159EPSS
Exploits0References3Affected Software1
NVD
NVD
added 6 days ago9 views

CVE-2026-12992

A flaw was found in Apicurio Registry. The WSDLReaderAccessor creates a wsdl4j WSDLReader without disabling the javax.wsdl.importDocuments feature. When the VALIDITY rule is set to FULL, an attacker with Developer-role access can upload a WSDL document containing attacker-controlled import...

7.4CVSS0.00195EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 6 days ago7 views

CVE-2026-12992 Apicurio/apicurio-registry: apicurio-registry: ssrf via wsdl4j import dereference in wsdl full validation

A flaw was found in Apicurio Registry. The WSDLReaderAccessor creates a wsdl4j WSDLReader without disabling the javax.wsdl.importDocuments feature. When the VALIDITY rule is set to FULL, an attacker with Developer-role access can upload a WSDL document containing attacker-controlled import...

7.4CVSS6AI score0.00195EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 6 days ago8 views

PT-2026-52594

Name of the Vulnerable Software and Affected Versions Apicurio Registry affected versions not specified Description A flaw exists where the WSDLReaderAccessor creates a wsdl4j WSDLReader without disabling the javax.wsdl.importDocuments feature. When the VALIDITY rule is set to FULL, a user with...

7.4CVSS5.9AI score0.00195EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: iouring/rsrc: Rejects zero-length fixed buffer imports The validatefixedrange function allows for the use of bufaddr at the exact end of the registered region when len is zero. This occurs because the check uses a strict...

7.1CVSS5.9AI score0.00124EPSS
Exploits0References1
OSV
OSV
added 2026/06/11 12:5 p.m.11 views

RLSA-2026:24331 Important: cockpit-image-builder security update

The image-builder-frontend generates custom images suitable for deploying systems or uploading to the cloud. It integrates into Cockpit as a frontend for osbuild. Security Fixes: lodash: prototype pollution in .unset and .omit functions CVE-2025-13465 lodash: lodash: Arbitrary code execution via...

8.2CVSS6.9AI score0.01735EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.6 views

RockyLinux 10 : cockpit-image-builder (RLSA-2026:24331)

The remote RockyLinux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the RLSA-2026:24331 advisory. lodash: prototype pollution in .unset and .omit functions CVE-2025-13465 lodash: lodash: Arbitrary code execution via untrusted input in template impor...

9.8CVSS6AI score0.01735EPSS
Exploits0References5
OSV
OSV
added 2026/06/10 5:11 p.m.8 views

GHSA-3WW4-5JV9-J5GM vLLM's Artifact Pin Decay allows pinned deployments to load unpinned code, weights, and processors

Summary vLLM's revision pinning controls do not consistently apply to all artifacts loaded for a model. A deployment that supplies --revision or --code-revision can still load dynamic code, GGUF files, image processors, retrieval side weights, or same-repository subfolder weights/config from an...

6.5CVSS5.6AI score0.00146EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.13 views

PT-2026-48537

Name of the Vulnerable Software and Affected Versions vLLM versions prior to 0.22.0 Description vLLM is an inference and serving engine for large language models. The software contains a supply-chain integrity issue where revision pinning controls are not consistently applied to all artifacts...

6.5CVSS5.8AI score0.00146EPSS
Exploits0References13
RedHat Linux
RedHat Linux
added 2026/06/09 11:18 a.m.7 views

lodash: lodash: Arbitrary code execution via untrusted input in template imports

A flaw was found in lodash. The fix for CVE-2021-23337 added validation for the variable option in .template but did not apply the same validation to options.imports key names. Both paths flow into the same Function constructor sink. Additionally, .template uses assignInWith to merge imports, whi...

9.8CVSS6.4AI score0.01735EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/06/08 1:52 a.m.43 views

lodash: lodash: Arbitrary code execution via untrusted input in template imports

A flaw was found in lodash. The fix for CVE-2021-23337 added validation for the variable option in .template but did not apply the same validation to options.imports key names. Both paths flow into the same Function constructor sink. Additionally, .template uses assignInWith to merge imports, whi...

9.8CVSS6.4AI score0.01735EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/07 12:43 a.m.14 views

CVE-2026-8976

The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.1.7. This is due to the plugin not properly verifying that a user is authorized to perform an action...

4.3CVSS5.6AI score0.0029EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/06 12:31 a.m.10 views

EUVD-2026-34932

The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.1.7. This is due to the plugin not properly verifying that a user is authorized to perform an action...

4.3CVSS5.6AI score0.0029EPSS
Exploits0References23
NVD
NVD
added 2026/06/06 12:16 a.m.11 views

CVE-2026-8976

The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.1.7. This is due to the plugin not properly verifying that a user is authorized to perform an action...

4.3CVSS0.0029EPSS
Exploits0References22
RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.9 views

CVE-2026-26067

October is a Content Management System CMS and web platform. Prior to 3.7.14 and 4.1.10, a server-side information disclosure vulnerability was identified in the handling of CSS preprocessor files. Backend users with Editor permissions could craft .less, .sass, or .scss files that leverage the...

4.9CVSS5.6AI score0.00246EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/06/05 3:26 p.m.17 views

Omni: Reader-level users can retrieve imported cluster CA keys via ResourceService

Summary Omni supports importing standalone Talos clusters. During this process, an ImportedClusterSecrets resource is created, which contains the full CA secrets bundle for the cluster being imported. If these secrets are not rotated by the importing actor, an authenticated Omni user with Reader...

5.6AI score0.00017EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/02 10:3 p.m.15 views

CVE-2026-45360

Apache Airflow's scheduler-side deadline-reference decoder SerializedCustomReference.deserializereference imported and dispatched arbitrary class paths drawn from DAG-author-controlled serialized state without an allowlist or plugin-registry gate. A DAG author whose code reaches the scheduler — t...

7.3CVSS6AI score0.00651EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/02 5:41 p.m.9 views

lodash: lodash: Arbitrary code execution via untrusted input in template imports

A flaw was found in lodash. The fix for CVE-2021-23337 added validation for the variable option in .template but did not apply the same validation to options.imports key names. Both paths flow into the same Function constructor sink. Additionally, .template uses assignInWith to merge imports, whi...

9.8CVSS6.4AI score0.01735EPSS
Exploits0References7
Rows per page
Query Builder