Lucene search
K

2059 matches found

Snyk
Snyk
added last week5 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation due to improper enforcement of the Certificate Revocation List on the gRPC listener when separate listeners are configured for HTTP and gRPC client endpoints. An attacker can gain unauthorized access and...

8.5CVSS6.1AI score0.00319EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/06 9:54 p.m.7 views

EUVD-2026-25038

cut: -s ignored in -z -d '' newline-delimiter mode...

3.3CVSS5.9AI score0.00182EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/07/03 6:48 a.m.8 views

CVE-2026-54891

A flaw was found in Erlang's SSL Secure Sockets Layer component. A network-positioned attacker can exploit this vulnerability by injecting unauthenticated plaintext data into a client's TLS Transport Layer Security handshake. The client application may then process this injected data as if it wer...

6.3CVSS5.9AI score0.00135EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/07/02 3:45 p.m.8 views

CVE-2026-55700

A flaw was found in pnpm, a package manager. A remote attacker could exploit a vulnerability in the pnpm stage download command by providing a specially crafted package manifest. This could allow the attacker to write files to arbitrary locations on the system, leading to unauthorized modificatio...

7.1CVSS6AI score0.00267EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/06/30 4:32 p.m.8 views

ruby/net-imap: ruby: Net::IMAP: IMAP Command Injection via Symbol Arguments

A flaw was found in Net::IMAP, a Ruby library that provides Internet Message Access Protocol IMAP client functionality. This vulnerability allows a remote attacker to inject arbitrary IMAP commands. This is achieved by passing specially crafted symbol arguments to IMAP commands. Successful...

7.1CVSS6AI score0.00813EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/06/29 4:39 a.m.10 views

CVE-2026-47155

A flaw was found in vLLM, an inference and serving engine for large language models LLMs. The revision pinning controls in vLLM do not consistently apply to all artifacts loaded for a model. This allows a deployment configured with specific revisions to still load dynamic code or other...

6.5CVSS5.8AI score0.00146EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/26 10:39 p.m.8 views

CVE-2026-48934

A flaw was found in Node.js. An attacker can exploit a vulnerability in the Transport Layer Security TLS host verification process to bypass certification validation. This bypass could allow an attacker to intercept or alter communications, potentially leading to information disclosure or integri...

4.3CVSS5.6AI score0.00258EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/26 3:53 p.m.7 views

CVE-2023-20572

An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing the input of an arbitrary message, potentially leading to a loss of data integrity...

5.6CVSS5.9AI score0.00114EPSS
Exploits0References2
NVD
NVD
added 2026/06/25 5:17 p.m.9 views

CVE-2026-9705

A flaw was found in Keycloak's client registration service. A remote attacker, possessing a previously issued Registration Access Token RAT, could exploit this vulnerability to re-enable a client that an administrator had explicitly disabled. This bypasses security controls, allowing the attacker...

6.5CVSS0.00267EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/25 4:17 p.m.5 views

EUVD-2026-39474

A flaw was found in Keycloak's client registration service. A remote attacker, possessing a previously issued Registration Access Token RAT, could exploit this vulnerability to re-enable a client that an administrator had explicitly disabled. This bypasses security controls, allowing the attacker...

6.5CVSS5.9AI score0.00267EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.6 views

Astra Linux – Vulnerability in grub2

A vulnerability in the GRUB2 bootloader has been identified in the normal module. This flaw, a memory use-after-free issue, occurs because the normalexit command is not properly unregistered when its related module is unloaded. An attacker can exploit this condition by invoking the command after...

4.9CVSS5.3AI score0.00124EPSS
Exploits0References3
NVD
NVD
added 2026/06/23 8:16 a.m.7 views

CVE-2026-10521

An high privileged remote attacker can access a hidden configuration method, that should not be accessible by any user, to modify critical program parameters. This can result in a total loss of confidentiality, integrity and availability...

8.6CVSS0.00306EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.16 views

PT-2026-51093

Name of the Vulnerable Software and Affected Versions UltraJSON versions prior to 5.13.0 Description The functions ujson.dumps, ujson.dump, and ujson.encode contain an issue when the reject bytes variable is set to False. In this configuration, the software may accept malformed or truncated UTF-8...

6.5CVSS5.8AI score0.00272EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/17 6:35 p.m.11 views

EUVD-2026-37645

A flaw was found in vLLM, an open-source library for large language model inference. This vulnerability arises from improper handling of image metadata, specifically EXIF orientation and PNG transparency tRNS data, during image processing. When images are converted to RGB, transparency informatio...

4.8CVSS5.2AI score0.00239EPSS
Exploits0References3
CVE
CVE
added 2026/06/17 11:10 a.m.16 views

CVE-2026-10836

The CVE-2026-10836 entry concerns a vulnerability in Password Manager where improper neutralization of HTTP headers allows an attacker to manipulate the Host header via crafted requests. This can lead to generation of manipulated links or responses and potentially cause limited information disclo...

5.1CVSS5.3AI score0.00308EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/11 1:9 p.m.12 views

openssl: AES-OCB IV Ignored on EVP_Cipher() Path

A flaw was found in OpenSSL. Applications that use the AES-OCB encryption method with a specific one-shot interface EVPCipher will have their provided Initialization Vector IV silently discarded. This leads to the same internal cryptographic value being used repeatedly, which compromises the...

7.5CVSS5.5AI score0.0032EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/11 11:53 a.m.8 views

dotnet: .NET: Local file tampering via link following vulnerability

A flaw was found in .NET's System.Formats.Tar library. When extracting a specially crafted TAR archive containing symbolic links, the TarFile.ExtractToDirectory method may incorrectly follow those links and write files outside the intended extraction directory. An attacker could exploit this issu...

6.2CVSS5.8AI score0.00388EPSS
Exploits0References5
NVD
NVD
added 2026/06/10 11:16 p.m.9 views

CVE-2024-21944

Improper input validation for DIMM serial presence detect SPD metadata could allow an attacker with physical access, ring0 access on a system with a non-compliant DIMM, or control over the Root of Trust for BIOS update, to potentially overwrite guest memory resulting in loss of guest data integri...

5.3CVSS0.00222EPSS
Exploits0References1
NVD
NVD
added 2026/06/10 3:16 p.m.13 views

CVE-2026-53469

A flaw was found in migration-planner. An authenticated user can exploit this vulnerability by sending a DELETE request to the /api/v1/sources route, which lacks proper authorization and filtering. This allows for the destruction of all customer data, including sources, agents, and assessments,...

9.1CVSS0.00288EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/10 1:55 p.m.10 views

EUVD-2026-36028

A flaw was found in migration-planner. An authenticated user can exploit this vulnerability by sending a DELETE request to the /api/v1/sources route, which lacks proper authorization and filtering. This allows for the destruction of all customer data, including sources, agents, and assessments,...

9.1CVSS5.5AI score0.00288EPSS
Exploits0References3
Rows per page
Query Builder