Lucene search
K

123708 matches found

NVD
NVD
added 1 hour ago3 views

CVE-2026-56783

Parseable before 2.9.2 contains an information disclosure vulnerability in the notification-target API endpoints that returns webhook tokens and basic-auth credentials in cleartext due to commented-out secret-masking functionality. Any authenticated user with the GetAlert action, including...

7.1CVSS
Exploits0References5
CVE
CVE
added 6 hours ago8 views

CVE-2026-56457

The CVE concerns HCL DevOps Deploy / HCL Launch with a vulnerability that allows exposure of sensitive information via output logs. The description notes that an attacker with access to the logs could potentially obtain sensitive values associated with a step. The Connected CVE lists confirm the ...

4.3CVSS5.8AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 7 hours ago7 views

Important: Red Hat Security Advisory: python3.12-urllib3 security update

An update for python3.12-urllib3 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

8.9CVSS5.8AI score0.00527EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 7 hours ago4 views

urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers

A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via ProxyManager.connectionfromurl.urlopen with assertsamehost=False, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to gain unauthorized access to sensitiv...

8.2CVSS5.8AI score0.00527EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 9 hours ago4 views

CVE-2026-53322

A flaw was found in the Linux kernel's vfio/pci subsystem. During device shutdown, an improper order of operations in cleaning up Direct Memory Access Buffers DMABUFs before disabling the function creates a brief window. In this window, a device's Base Address Registers BARs could still be access...

8.8CVSS5.7AI score0.00112EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 9 hours ago6 views

gnutls: gnutls: Information disclosure via timing side-channel in PKCS#7 padding removal

A flaw was found in gnutls. The PKCS7 padding check, performed during decryption, was not constant-time. This timing side-channel could allow a remote attacker to potentially leak sensitive information about the padding bytes through observable timing differences. This vulnerability is a form of...

3.7CVSS5.8AI score0.00369EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 9 hours ago10 views

gnutls: GnuTLS: Denial of Service via DTLS zero-length fragment

A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service...

9.1CVSS5.7AI score0.00776EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 9 hours ago5 views

gnutls: gnutls: Information disclosure via heap overread in RSA key exchange

A flaw was found in libgnutls. A remote attacker, by sending an extremely short premaster secret during an RSA key exchange to a server using an RSA key backed by a PKCS11 token, could trigger a short heap overread. This memory corruption vulnerability could lead to information disclosure...

8.2CVSS5.8AI score0.00668EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 11 hours ago3 views

CVE-2026-13595

A flaw was found in the libblkid library of util-linux. During nested partition probing, the BSD, Minix, Solaris x86, and UnixWare partition probers cache a raw pointer to a parent partition entry in a dynamically allocated array. When subsequent partition additions cause the array to be...

6.8CVSS5.7AI score
Exploits0References4
EUVD
EUVD
added 11 hours ago5 views

EUVD-2026-40053

A flaw was found in the libblkid library of util-linux. During nested partition probing, the BSD, Minix, Solaris x86, and UnixWare partition probers cache a raw pointer to a parent partition entry in a dynamically allocated array. When subsequent partition additions cause the array to be...

6.8CVSS5.7AI score
Exploits0References3
CVE
CVE
added 11 hours ago9 views

CVE-2026-13595

CVE-2026-13595 affects libblkid in util-linux. During nested partition probing, BSD/Minix/Solaris x86/UnixWare probers cache a parent partition pointer in a dynamically allocated array; on reallocation, the pointer becomes stale, causing a heap use-after-free read. An attacker with access to a cr...

6.8CVSS5.7AI score
Exploits0References3
RedhatCVE
RedhatCVE
added 12 hours ago3 views

CVE-2026-41696

A flaw was found in Spring Data MongoDB. Repository query methods that use regular expression regex parameter binding perform insufficient validation of the bound parameter. A remote attacker can exploit this by supplying a crafted string, which could lead to breaking out of the intended regular...

5.9CVSS5.8AI score0.00262EPSS
Exploits0References4
Nuclei
Nuclei
added 14 hours ago12 views

Blinko <= 1.8.3 - User Information Leak

Blinko = 1.8.4 contains an information disclosure caused by a publicly accessible endpoint exposing user information including usernames, roles, and account creation dates, letting remote attackers access sensitive user data, exploit requires no special privileges. id: CVE-2026-23486 info: name:...

6.9CVSS5.8AI score0.00711EPSS
Exploits0References3
Nuclei
Nuclei
added 14 hours ago15 views

Mail Mint < 1.19.5 - Unauthenticated Email Disclosure

Mail Mint WordPress plugin 1.19.5 contains an information disclosure vulnerability caused by lack of authorization in a REST API endpoint, letting unauthenticated users retrieve email addresses of blog users, exploit requires no authentication. id: CVE-2026-2025 info: name: Mail Mint 1.19.5 -...

7.5CVSS5.8AI score0.01379EPSS
Exploits0References3
Nuclei
Nuclei
added 14 hours ago11 views

Dgraph <= 25.3.2 - Admin Token Disclosure

Dgraph = 25.3.2 contains an information disclosure caused by unauthenticated access to the /debug/vars endpoint , which publishes the cmdline variable including the --security token= flag, letting unauthenticated remote attackers retrieve the admin token and access admin-only endpoints, exploit...

9.8CVSS5.8AI score0.02187EPSS
Exploits1References2
Nuclei
Nuclei
added 14 hours ago18 views

Apache OFBiz - XML External Entity Injection

The /webtools/control/xmlrpc endpoint in OFBiz XML-RPC event handler is exposed to External Entity Injection by passing DOCTYPE declarations with executable payloads that discloses the contents of files in the filesystem. In addition, it can also be used to probe for open network ports, and figur...

7.5CVSS7.1AI score0.1591EPSS
Exploits0References2
Nuclei
Nuclei
added 14 hours ago10 views

Astro - Information Disclosure

Astro versions v5.0.3 through v5.0.7 and Astro v4.16.17 or older with sourcemaps enabled contain a source code disclosure caused by sourcemap files being publicly accessible in the build output folder, letting unauthenticated users read server source code, exploit requires sourcemaps to be enable...

7.8CVSS5.8AI score0.01465EPSS
Exploits1References2
Nuclei
Nuclei
added 14 hours ago21 views

Vtiger CRM v7.2.0 - Directory Listing

Vtiger CRM v7.2.0 contains a directory traversal vulnerability caused by improper access controls in /libraries and /layout directories, letting attackers display hidden files and list directories, exploit requires no authentication. id: CVE-2020-19363 info: name: Vtiger CRM v7.2.0 - Directory...

6.5CVSS6.6AI score0.03643EPSS
Exploits1References2
Nuclei
Nuclei
added 14 hours ago21 views

WordPress Events Calendar 6.8.2.1 - Information Disclosure

The Events Calendar WordPress plugin 6.8.2.1 contains missing access checks in the REST API, letting unauthenticated users access information about password protected events, exploit requires no authentication. id: CVE-2024-5333 info: name: WordPress Events Calendar 6.8.2.1 - Information Disclosu...

5.3CVSS7.3AI score0.01071EPSS
Exploits1References2
Nuclei
Nuclei
added 14 hours ago15 views

Open WebUI < 0.9.5 - Information Disclosure

Open WebUI 0.9.5 contains an information disclosure vulnerability caused by unauthenticated access to GET /api/v1/retrieval/ endpoint, letting remote attackers retrieve live RAG pipeline configuration without authorization, exploit requires no authentication. id: CVE-2026-45397 info: name: Open...

5.3CVSS5.8AI score0.0072EPSS
Exploits1References3
Rows per page
Query Builder