Lucene search
K

25357 matches found

OSV
OSV
added 2026/05/23 1:8 p.m.8 views

MAL-2026-4598 Malicious code in lhisp-logger (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a9ba8f52d22e4435a81a1ffe643e4bb25b0e64fff60c585cac35c164e4ccb24f The package is published as a generic logging library but configures a pino-loki transport whose destination defaults to...

5.8AI score
Exploits0References1
CNNVD
CNNVD
added 2026/05/23 12:0 a.m.9 views

UserSpice 跨站脚本漏洞

UserSpice is an open-source PHP framework for user management and identity authentication developed by UserSpice. Version 4.3.24 of userSpice contains a cross-site scripting vulnerability. This vulnerability stems from the injection of malicious scripts through the X-Forwarded-For HTTP header,...

6.1CVSS5.8AI score0.00155EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/22 4:0 p.m.6 views

CVE-2026-28444

Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the getResultLogs API endpoint authorizes the caller against the provided typebotId but fetches logs solely by resultId without verifying that the result belongs to the authorized typebot, leading to IDOR. An authenticated attacker...

6.5CVSS5.9AI score0.00316EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/05/22 1:15 p.m.10 views

EUVD-2026-31438

Insertion of sensitive information into log file vulnerability in syslink software AG Avantra on Linux, Windows allows Resource Leak Exposure. This issue affects Avantra: before 25.3.0...

7.5CVSS5.8AI score0.00216EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/22 1:15 p.m.28 views

CVE-2026-8671 Log Files contain encrypted secrets

Insertion of sensitive information into log file vulnerability in syslink software AG Avantra on Linux, Windows allows Resource Leak Exposure. This issue affects Avantra: before 25.3.0...

7.5CVSS0.00216EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/22 1:15 p.m.5 views

CVE-2026-8671

Insertion of sensitive information into log file vulnerability in syslink software AG Avantra on Linux, Windows allows Resource Leak Exposure. This issue affects Avantra: before 25.3.0...

7.5CVSS5.8AI score0.00216EPSS
Exploits0References2
CVE
CVE
added 2026/05/22 1:15 p.m.18 views

CVE-2026-8671

CVE-2026-8671 : The connected records describe an issue in Syslink Software AG Avantra for Linux and Windows where sensitive information can be inserted into log files, resulting in a resource leak exposure. Affected scope is Avantra older than 25.3.0. The CVSS 3.1 metrics indicate an adjacent at...

7.5CVSS5.8AI score0.00216EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/22 1:15 p.m.9 views

CVE-2026-8671 Log Files contain encrypted secrets

Insertion of sensitive information into log file vulnerability in syslink software AG Avantra on Linux, Windows allows Resource Leak Exposure. This issue affects Avantra: before 25.3.0...

7.5CVSS5.8AI score0.00216EPSS
Exploits0References1
NVD
NVD
added 2026/05/22 8:16 a.m.14 views

CVE-2026-5072

A bitwise shift vulnerability in Zephyr's PTP subsystem allows a remote attacker to cause undefined behavior and potential system crashes. An attacker sends a crafted PTPMSGMANAGEMENT message to set an unvalidated negative logannounceinterval value in the port's data set. When a subsequent...

6.5CVSS0.00187EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/22 7:57 a.m.14 views

CVE-2026-48172

LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation possibly to root, as exploited in the wild in May 2026. Detection is best done via a command line of grep -rE "cpaneljsonapifunc=redisAble" /var/cpanel/logs /usr/local/cpanel/logs/ 2/dev/null in Bash. If you get no output,...

10CVSS5.8AI score0.18914EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/22 7:0 a.m.35 views

CVE-2026-5072 ptp: Potential Denial of Service via PTP Interval Shift

A bitwise shift vulnerability in Zephyr's PTP subsystem allows a remote attacker to cause undefined behavior and potential system crashes. An attacker sends a crafted PTPMSGMANAGEMENT message to set an unvalidated negative logannounceinterval value in the port's data set. When a subsequent...

0.00187EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/22 7:0 a.m.8 views

CVE-2026-5072 ptp: Potential Denial of Service via PTP Interval Shift

A bitwise shift vulnerability in Zephyr's PTP subsystem allows a remote attacker to cause undefined behavior and potential system crashes. An attacker sends a crafted PTPMSGMANAGEMENT message to set an unvalidated negative logannounceinterval value in the port's data set. When a subsequent...

5.9AI score0.00187EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/22 7:0 a.m.16 views

EUVD-2026-31413

A bitwise shift vulnerability in Zephyr's PTP subsystem allows a remote attacker to cause undefined behavior and potential system crashes. An attacker sends a crafted PTPMSGMANAGEMENT message to set an unvalidated negative logannounceinterval value in the port's data set. When a subsequent...

6.5CVSS5.9AI score0.00187EPSS
Exploits0References1
CVE
CVE
added 2026/05/22 7:0 a.m.20 views

CVE-2026-5072

CVE-2026-5072 affects Zephyr’s PTP subsystem. A remote attacker can send a crafted PTP_MSG_MANAGEMENT to set an unvalidated negative log_announce_interval in a port’s data set. When a subsequent PTP_MSG_ANNOUNCE is processed, port_timer_set_timeout_random computes timeout as NSEC_PER_SEC >>...

6.5CVSS5.9AI score0.00187EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/05/22 12:0 a.m.22 views

Attested Tool-Server Admission: A Security Extension to the Model Context Protocol

The Model Context Protocol MCP standardizes how a large-language-model LLM agent and an external tool server exchange messages, but not trust: a host reads a server's self-declared tool list and dispatches calls, with no notion of which servers it may use, at what sensitivity, or which of a...

5.8AI score
Exploits0
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.8 views

Avantra 安全漏洞

Avantra is a SAP software developed by the Avantra company. Versions of Avantra prior to 25.3.0 contained security vulnerabilities. These vulnerabilities stemmed from the insertion of sensitive information into log files, which could lead to resource leaks...

7.5CVSS5.8AI score0.00216EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.11 views

Zephyr 安全漏洞

Zephyr is an open-source, scalable real-time operating system RTOS developed by Zephyr. There is a security vulnerability in Zephyr, caused by a bit offset issue. A remote attacker can set an unvalidated negative value of logannounceinterval by sending a specially crafted PTPMSGMANAGEMENT message...

6.5CVSS5.8AI score0.00187EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.10 views

PT-2026-42762

Name of the Vulnerable Software and Affected Versions Avantra versions prior to 25.3.0 Description An issue in syslink software AG Avantra on Linux and Windows allows the insertion of sensitive information into log files, leading to Resource Leak Exposure, which occurs when a system fails to...

7.5CVSS5.8AI score0.00216EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.12 views

PT-2026-42731

A bitwise shift vulnerability in Zephyr's PTP subsystem allows a remote attacker to cause undefined behavior and potential system crashes. An attacker sends a crafted PTP MSG MANAGEMENT message to set an unvalidated negative log announce interval value in the port's data set. When a subsequent PT...

5.9AI score0.00187EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.11 views

Unity Linux 20.1070e Security Update: wildfly-build-tools (UTSA-2026-016705)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016705 advisory. Apache Log4j2 versions 2.0-alpha1 through 2.16.0 excluding 2.12.3 and 2.3.1 did not protect from uncontrolled recursion from self-referential lookups. This allows an...

5.9CVSS7AI score0.99999EPSS
Exploits20References4
Rows per page
Query Builder