Lucene search
K

70 matches found

RedhatCVE
RedhatCVE
added 4 days ago5 views

CVE-2026-9165

A flaw was found in Red Hat Advanced Cluster Security for Kubernetes RHACS. Central does not limit the depth of GraphQL queries served on the authenticated GraphQL API. An authenticated user with a valid API token can send deeply nested queries that cause excessive resource consumption in Central...

7.7CVSS5.9AI score0.00319EPSS
Exploits0References3
CVE
CVE
added 2026/06/30 4:21 p.m.16 views

CVE-2026-8864

The CVE-2026-8864 entry concerns the HP Fan Control App, where local escalation of privileges is possible. The vulnerability is supported by multiple sources noting that an updated HP Fan Control App version has been released to mitigate the issue. Documented metrics indicate a local attack vecto...

7.3CVSS5.7AI score0.00108EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/30 4:21 p.m.6 views

CVE-2026-8864

The HP Fan Control App might allow local escalation of privileges. An updated version of HP Fan Control App has been released to mitigate this potential vulnerability...

7.3CVSS5.7AI score0.00108EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/25 5:17 p.m.5 views

CVE-2026-54906

A flaw was found in concurrent-ruby, a Ruby library for managing concurrent operations. The Concurrent::ReadWriteLock component contains a synchronization issue where write locks can be released by unauthorized threads. This could allow multiple threads to write concurrently, potentially leading ...

9.8CVSS5.7AI score0.0016EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/17 3:11 p.m.10 views

CVE-2026-48776

A flaw was found in the LangGraph Python SDK. This vulnerability allows a remote attacker with low privileges to manipulate URL paths by providing unsanitized input. This could result in unintended access, modification, or deletion of resources, potentially compromising data confidentiality and...

9.1CVSS5.3AI score0.00216EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:14 p.m.10 views

CVE-2026-22563

A series of Improper Input Validation vulnerabilities could allow a Command Injection by a malicious actor with access to the UniFi Play network. Affected Products: UniFi Play PowerAmp Version 1.0.35 and earlier UniFi Play Audio Port Version 1.0.24 and earlier Mitigation: Update UniFi Play PowerA...

9.8CVSS5.5AI score0.01051EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/15 6:49 p.m.11 views

CVE-2026-23479

A flaw was found in Redis. The unblock client flow does not handle an error return from the processCommandAndResetClient when re-executing a blocked command. If a blocked client is evicted during this flow, an authenticated attacker can cause a use-after-free issue. This potentially leads to...

8.8CVSS5.9AI score0.01286EPSS
Exploits4References5
Ubuntu
Ubuntu
added 2026/04/30 3:55 p.m.14 views

USN-8226-1: kmod update

It was discovered that the Linux kernel algifaead module contained a logic flaw allowing a local attacker to escalate privileges to root. This update to the kmod package disables loading the algifaead module as a measure to mitigate the issue until kernel updates are made available. See the...

7.8CVSS6.1AI score0.96267EPSS
Exploits229References1
RedhatCVE
RedhatCVE
added 2026/04/15 4:20 p.m.4 views

CVE-2026-2332

A flaw was found in Eclipse Jetty. The HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used. An attacker can inject crafted requests to manipulate and trick the parser. This issue can lead to security controls bypass, cache poisoning or unauthorized endpoint access...

9.1CVSS5.7AI score0.01127EPSS
Exploits1References5
NVD
NVD
added 2026/04/15 3:16 p.m.3 views

CVE-2026-4667

HP System Optimizer might potentially be vulnerable to escalation of privilege. HP is releasing an update to mitigate this potential vulnerability...

7.3CVSS0.00105EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/13 9:28 p.m.6 views

CVE-2026-22563

A series of Improper Input Validation vulnerabilities could allow a Command Injection by a malicious actor with access to the UniFi Play network. Affected Products: UniFi Play PowerAmp Version 1.0.35 and earlier UniFi Play Audio Port Version 1.0.24 and earlier Mitigation: Update UniFi Play...

9.8CVSS5.8AI score0.01051EPSS
Exploits0References2
CVE
CVE
added 2026/04/13 9:28 p.m.17 views

CVE-2026-22564

CVE-2026-22564 describes an 00 improper access control vulnerability in UniFi Play components. The affected products are UniFi Play PowerAmp (<= 1.0.35) and UniFi Play Audio Port (

9.8CVSS5.8AI score0.0042EPSS
Exploits0References1
CVE
CVE
added 2026/03/24 7:5 p.m.55 views

CVE-2026-22559

CVE-2026-22559 concerns an improper input validation in UniFi Network Server (affected: 10.1.85 and earlier) that may allow unauthorized account access if the account owner is socially engineered into clicking a malicious link. Impact is high (C, I, A: High) with network access, user interaction ...

8.8CVSS5.8AI score0.00358EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/24 7:5 p.m.27 views

CVE-2026-22559

An Improper Input Validation vulnerability in UniFi Network Server may allow unauthorized access to an account if the account owner is socially engineered into clicking a malicious link. Affected Products: UniFi Network Server Version 10.1.85 and earlier Mitigation: Update UniFi Network Server to...

8.8CVSS0.00358EPSS
Exploits0References1
Hewlett-Packard
Hewlett-Packard
added 2026/03/13 12:0 a.m.16 views

HP Hotkey UWP Service – Escalation of Privilege

A potential security vulnerability has been identified in the HP Hotkey UWP Service, which might allow escalation of privilege. HP is releasing mitigation for the potential vulnerability. Customers using HP Programmable Key are recommended to update HP Hotkey Support. HP has identified affected...

5.7AI score
Exploits0Affected Software195
RedhatCVE
RedhatCVE
added 2026/03/09 4:53 p.m.4 views

CVE-2026-29786

A flaw was found in node-tar. A hardlink that points outside the extraction directory can be created by using a drive-relative link target such as C:../target.txt, allowing a file overwrite outside the current working directory during normal tar.x extraction. Mitigation Red Hat has investigated...

8.6CVSS5.7AI score0.00408EPSS
Exploits2References5
NVD
NVD
added 2026/02/24 8:27 p.m.2 views

CVE-2026-3105

SummaryThis advisory addresses a SQL injection vulnerability in the API endpoint used for retrieving contact activities. A vulnerability exists in the query construction for the Contact Activity timeline where the parameter responsible for determining the sort direction was not strictly validated...

8.8CVSS0.00289EPSS
Exploits0References1
Intel
Intel
added 2026/02/10 12:0 a.m.8 views

AI Playground Software Advisory

Summary: A potential security vulnerability for some AI Playground software may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2025-32452 Description: Uncontrolled search path for some AI Playground...

6.7CVSS5.3AI score0.0009EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/12/26 6:5 p.m.5 views

CVE-2025-68939

A flaw was found in Gitea. An attacker can exploit this issue by editing an attachment name via the attachment API, allowing attachments with forbidden file extensions to be added, bypassing security controls and potentially resulting in unauthorized data modification or execution of malicious...

8.2CVSS6.4AI score0.00295EPSS
Exploits0References6
OSV
OSV
added 2025/12/15 10:0 p.m.7 views

GHSA-VR6P-VQ2P-6J74 Withdrawn Advisory: LikeC4 has RCE through vulnerable React and Next.js versions

Withdrawn Advisory This advisory has been withdrawn because LikeC4 isn’t impacted by CVE-2025-55182 because it doesn’t ship React. React is a peer dependency. Original Description LikeC4 uses React and Next.js: which contain known RCE vulnerabilities, as seen in CVE-2025-55182. 2025-12-15 Edit: t...

10CVSS7AI score0.99562EPSS
Exploits374References5
Rows per page
Query Builder