Lucene search
+L

19670 matches found

redhatcve
redhatcve
added 2026/07/01 7:43 p.m.7 views

CVE-2026-13500

A flaw was found in ANTLR4. A remote attacker could exploit a weakness within the Grammar Action Block Handler component by executing a manipulation. This vulnerability allows for code injection, which can lead to the execution of arbitrary code on the affected system. Mitigation Mitigation for...

7.5CVSS7.4AI score0.00311EPSS
Exploits0References8
redhatcve
redhatcve
added 2026/07/01 3:46 p.m.19 views

CVE-2026-41001

A flaw was found in Spring Boot. The ArtemisEmbeddedConfigurationFactory component uses a fixed, static path for the embedded Artemis message broker's data directory when no explicit path is configured. A local attacker on the same host can exploit this by pre-creating this predictable directory ...

5.3CVSS5.6AI score0.00094EPSS
Exploits0References4
redhatcve
redhatcve
added 2026/07/01 2:9 p.m.7 views

CVE-2026-14324

RAOP module accepts unbounded Content-Length values and does not check the pwarrayadd return. Mitigation If AirPlay streaming is not required, unload or disable the module-raop-discover and module-raop-sink PipeWire modules...

6.5CVSS5.8AI score0.00175EPSS
Exploits0References3
redhatcve
redhatcve
added 2026/07/01 4:12 a.m.7 views

CVE-2026-13484

A flaw was found in MLflow. This vulnerability, located in the Experiment-scoped Label Schema CRUD API, allows a remote attacker to exploit missing authorization. This could lead to unauthorized access or manipulation of data within the affected component. The attack has a high complexity, making...

8.8CVSS5.8AI score0.00263EPSS
Exploits1References10
redhatcve
redhatcve
added 2026/06/30 10:29 p.m.9 views

CVE-2026-50193

A flaw was found in jackson-databind, a general-purpose data-binding library for Jackson Data Processor. A remote attacker can exploit this vulnerability by sending deeply nested JSON JavaScript Object Notation data to a service that reads and processes it. This can lead to a Denial of Service Do...

7.5CVSS5.7AI score0.00616EPSS
Exploits1References6
redhatcve
redhatcve
added 2026/06/30 9:36 p.m.19 views

CVE-2026-54516

A flaw was found in jackson-databind. This vulnerability allows a remote attacker to bypass security controls by exploiting an issue in how properties are handled when both @JsonProperty for renaming and @JsonIgnore for ignoring annotations are used. By supplying a specially crafted JSON key, an...

5.3CVSS5.7AI score0.00282EPSS
Exploits0References8
redhatcve
redhatcve
added 2026/06/30 9:32 p.m.18 views

CVE-2026-54517

A flaw was found in jackson-databind. A remote attacker can exploit this vulnerability due to an issue in how active-view @JsonView filters are applied. Specifically, setterless collections annotated with a restricted @JsonView can be populated from attacker-controlled JSON even when the active...

5.3CVSS5.7AI score0.00237EPSS
Exploits0References8
redhatcve
redhatcve
added 2026/06/30 9:32 p.m.19 views

CVE-2026-54518

A flaw was found in jackson-databind. This vulnerability allows a remote attacker to bypass security view restrictions by sending specially crafted JSON JavaScript Object Notation data. The UnwrappedPropertyHandler component, which processes unwrapped properties, incorrectly populates constructor...

6.5CVSS5.7AI score0.00211EPSS
Exploits0References8
redhatcve
redhatcve
added 2026/06/30 9:22 p.m.18 views

CVE-2026-54512

A flaw was found in jackson-databind. This vulnerability allows a remote attacker to bypass the PolymorphicTypeValidator PTV when polymorphic typing is enabled and a type identifier contains generic parameters. By crafting a malicious type ID, an attacker can place a denied class as a generic typ...

8.1CVSS5.9AI score0.00617EPSS
Exploits1References6
redhatcve
redhatcve
added 2026/06/30 8:50 p.m.21 views

CVE-2026-54515

A flaw was found in jackson-databind. This vulnerability occurs in the data-binding functionality where properties intended to be ignored are incorrectly restored and become writable again. An attacker could potentially exploit this by providing input that modifies data through these supposedly...

5.3CVSS5.6AI score0.00345EPSS
Exploits0References7
redhatcve
redhatcve
added 2026/06/30 8:15 p.m.8 views

CVE-2026-13455

A flaw was found in PostgreSQL Anonymizer. Unprivileged masked users can repeatedly call the anon.hash function to collect seed and hash output pairs. This allows an attacker to perform an offline brute-force attack to deduce the salt, potentially leading to information disclosure. Mitigation...

4.3CVSS5.6AI score0.00118EPSS
Exploits0References4
redhatcve
redhatcve
added 2026/06/30 8:0 p.m.8 views

CVE-2026-13573

A flaw was found in llvm. A local attacker could exploit a stack-based buffer overflow vulnerability in the llvm::StringMap::insert function. This manipulation could lead to a denial of service, making the affected system or application unavailable. Mitigation Mitigation for this issue is either...

4.8CVSS5.9AI score0.00124EPSS
Exploits0References10
redhatcve
redhatcve
added 2026/06/30 6:50 p.m.10 views

CVE-2026-54475

A flaw was found in Apache ActiveMQ. Temporary destinations, which are designed to be private to a specific connection, can be accessed by other connections due to a missing authorization check. This allows an unauthorized connection to consume messages from another connection's temporary...

8.2CVSS5.6AI score0.00589EPSS
Exploits0References4
redhatcve
redhatcve
added 2026/06/30 6:19 p.m.9 views

CVE-2026-53916

Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp. An unauthenticated client that opens a STOMP NIO connection can send header bytes that never terminate which makes the broker buffer them without limit, exhausting the JVM hea...

7.5CVSS5.8AI score0.00796EPSS
Exploits0References4
nvd
nvd
added 2026/06/30 5:16 p.m.7 views

CVE-2026-8864

The HP Fan Control App might allow local escalation of privileges. An updated version of HP Fan Control App has been released to mitigate this potential vulnerability...

7.3CVSS0.00108EPSS
Exploits0References1
euvd
euvd
added 2026/06/30 4:21 p.m.8 views

EUVD-2026-40368

The HP Fan Control App might allow local escalation of privileges. An updated version of HP Fan Control App has been released to mitigate this potential vulnerability...

7.3CVSS5.7AI score0.00108EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/06/30 4:21 p.m.7 views

CVE-2026-8864

The HP Fan Control App might allow local escalation of privileges. An updated version of HP Fan Control App has been released to mitigate this potential vulnerability...

7.3CVSS5.7AI score0.00108EPSS
Exploits0References2
cve
cve
added 2026/06/30 4:21 p.m.18 views

CVE-2026-8864

The CVE-2026-8864 entry concerns the HP Fan Control App, where local escalation of privileges is possible. The vulnerability is supported by multiple sources noting that an updated HP Fan Control App version has been released to mitigate the issue. Documented metrics indicate a local attack vecto...

7.3CVSS5.7AI score0.00108EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/30 2:51 p.m.7 views

CVE-2026-13149

A flaw was found in brace-expansion. An attacker can exploit a vulnerability in the expand function by providing a specially crafted string. This string, containing consecutive non-expanding brace groups, can trigger exponential-time complexity, leading to significant CPU consumption and event-lo...

8.7CVSS5.8AI score0.00361EPSS
Exploits0References5
redhat
redhat
added 2026/06/30 10:34 a.m.5 views

firefox: thunderbird: Mitigation bypass in the DOM: Security component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the DOM: Security component...

9.1CVSS5.7AI score0.00251EPSS
Exploits0References6
Rows per page
Query Builder