Lucene search
K

9238 matches found

Nuclei
Nuclei
added 18 hours ago18 views

Datart v1.0.0-rc.3 - Remote Code Execution

Datart v1.0.0-rc.3 contains a vulnerability that allows remote attackers to execute arbitrary code via INIT connection parameters. id: CVE-2025-56819 info: name: Datart v1.0.0-rc.3 - Remote Code Execution author: Redmomn severity: critical description: | Datart v1.0.0-rc.3 contains a vulnerabilit...

9.8CVSS6.4AI score0.03008EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 3 days ago6 views

Linux Distros Unpatched Vulnerability : CVE-2026-55206

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - py7zr is a Python-based library and utility to support 7zip archive compression, decompression, encryption and decryption. Prior to 1.1.3, PackInfo.read in...

8.7CVSS6.1AI score0.00321EPSS
Exploits0References3
NVD
NVD
added 4 days ago7 views

CVE-2026-55605

DeepSeek MCP Server is an MCP server for DeepSeek V4. Starting in version 1.4.2 and prior to version 1.8.0, the self-hosted HTTP transport of @arikusi/deepseek-mcp-server exposes POST /mcp without any authentication: createMcpExpressApp is called without an authProvider and no middleware guards t...

5.3CVSS0.00429EPSS
Exploits0References3
Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-55605 @arikusi/deepseek-mcp-server Missing Authentication on Self-Hosted HTTP MCP Endpoint

DeepSeek MCP Server is an MCP server for DeepSeek V4. Starting in version 1.4.2 and prior to version 1.8.0, the self-hosted HTTP transport of @arikusi/deepseek-mcp-server exposes POST /mcp without any authentication: createMcpExpressApp is called without an authProvider and no middleware guards t...

5.3CVSS0.00429EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 4 days ago6 views

CVE-2026-55605

DeepSeek MCP Server is an MCP server for DeepSeek V4. Starting in version 1.4.2 and prior to version 1.8.0, the self-hosted HTTP transport of @arikusi/deepseek-mcp-server exposes POST /mcp without any authentication: createMcpExpressApp is called without an authProvider and no middleware guards t...

5.3CVSS5.9AI score0.00429EPSS
Exploits0References4Affected Software1
NVD
NVD
added 5 days ago9 views

CVE-2026-55761

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. In versions 2.39.0 through 2.39.3 and 2.40.0 until 2.43.0, unauthenticated restore and administrator initialization...

7.1CVSS0.00272EPSS
Exploits1References6
Cvelist
Cvelist
added 5 days ago35 views

CVE-2026-55761 Portainer: Unauthenticated Restore Endpoint Allows Admin Takeover on Uninitialised Portainer Instances

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. In versions 2.39.0 through 2.39.3 and 2.40.0 until 2.43.0, unauthenticated restore and administrator initialization...

7.1CVSS0.00272EPSS
Exploits1References6
EUVD
EUVD
added 5 days ago5 views

EUVD-2026-42297

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. In versions 2.39.0 through 2.39.3 and 2.40.0 until 2.43.0, unauthenticated restore and administrator initialization...

7.1CVSS5.9AI score0.00272EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 6 days ago7 views

kernel: drm/gem: Fix inconsistent plane dimension calculation in drm_gem_fb_init_with_funcs()

A flaw was found in the Linux kernel's Direct Rendering Manager DRM Graphics Execution Manager GEM component. This vulnerability arises from an inconsistent calculation of plane dimensions, which can lead to incorrect memory allocation checks. A local attacker could exploit this by creating a...

7.8CVSS6.1AI score0.00139EPSS
Exploits0References5
Cvelist
Cvelist
added 6 days ago46 views

CVE-2026-14969 389-ds-base: 389-ds-base: static initialization vector in aes-cbc/3des-cbc attribute encryption

A flaw was found in 389-ds-base where the LDBM backend attribute encryption uses a hardcoded static initialization vector for AES-CBC and 3DES-CBC operations, allowing an attacker with privileged filesystem access to detect plaintext equality across encrypted entries by comparing ciphertext block...

4.4CVSS0.00077EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 6 days ago8 views

CVE-2026-14969

A flaw was found in 389-ds-base where the LDBM backend attribute encryption uses a hardcoded static initialization vector for AES-CBC and 3DES-CBC operations, allowing an attacker with privileged filesystem access to detect plaintext equality across encrypted entries by comparing ciphertext block...

4.4CVSS5.9AI score0.00077EPSS
Exploits0References3
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-42052

A flaw was found in 389-ds-base where the LDBM backend attribute encryption uses a hardcoded static initialization vector for AES-CBC and 3DES-CBC operations, allowing an attacker with privileged filesystem access to detect plaintext equality across encrypted entries by comparing ciphertext block...

4.4CVSS5.9AI score0.00077EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 6 days ago4 views

CVE-2026-14969

A flaw was found in 389-ds-base where the LDBM backend attribute encryption uses a hardcoded static initialization vector for AES-CBC and 3DES-CBC operations, allowing an attacker with privileged filesystem access to detect plaintext equality across encrypted entries by comparing ciphertext block...

4.4CVSS5.9AI score0.00077EPSS
Exploits0References3
NVD
NVD
added 6 days ago11 views

CVE-2026-10659

The Dhara flash translation layer disk driver drivers/disk/ftldhara.c implemented the dharanand callbacks so that, on a flash error, the error code was written unconditionally through the caller-supplied dharaerrort err pointer e.g. err = DHARAEECC in dharanandread, and similar in...

4.7CVSS0.00098EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 6 days ago3 views

kernel: nvmet-tcp: fix race between ICReq handling and queue teardown

A flaw was found in the Linux kernel's NVMe over TCP nvmet-tcp implementation. A race condition exists between the handling of an Initialization Connection Request ICReq and the teardown of a queue. A remote attacker, by sending an ICReq and immediately closing the connection, could trigger a...

9.8CVSS6AI score0.00353EPSS
Exploits0References5
NVD
NVD
added 6 days ago12 views

CVE-2026-42200

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, PostgreSQL initialization script generateinitscripts method in app/Actions/Database/StartPostgresql.php filename handling did not sufficiently restrict paths, allowing an...

8.8CVSS0.00542EPSS
Exploits0References4
NVD
NVD
added 6 days ago8 views

CVE-2024-56141

Minosoft is an open-source, multi-version Minecraft Java Edition client written in Kotlin. Starting in commit f1ae30e2b046a490026a8413b075685deb795122, the CryptManager encryption routine CryptManager.kt initializes its AES cipher using an initialization vector IV that is set equal to the secret...

5CVSS0.00111EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 6 days ago11 views

PT-2026-56200

Name of the Vulnerable Software and Affected Versions 389-ds-base affected versions not specified Description A flaw exists in the LDBM backend attribute encryption where a hardcoded static initialization vector is used for AES-CBC and 3DES-CBC operations. This allows an attacker with privileged...

4.4CVSS6.1AI score0.00077EPSS
Exploits0References7
CVE
CVE
added 2026/07/06 11:17 p.m.15 views

CVE-2024-56141

Minosoft’s open-source Minecraft Java Edition client (Kotlin) uses AES with an IV equal to the secret key in CryptManager.kt since commit f1ae30e2. The non-random IV makes encryption vulnerable to chosen-ciphertext/plaintext attacks, enabling an attacker who can request specific encryptions to re...

5CVSS6AI score0.00111EPSS
Exploits0References2
NVD
NVD
added 2026/07/06 9:16 p.m.6 views

CVE-2026-21383

Cryptographic Issue when using a static initialization vector for AES-GCM key wrapping, which requires a unique value for each call to ensure security...

7.1CVSS0.00069EPSS
Exploits0References1
Rows per page
Query Builder