Lucene search
+L

538 matches found

EUVD
EUVD
added 2026/04/10 12:30 a.m.4 views

EUVD-2026-21193

A Weak Password Requirements vulnerability in the password management function of Juniper Networks CTP OS might allow an unauthenticated, network-based attacker to exploit weak passwords of local accounts and potentially take full control of the device. The password management menu enables the...

9.1CVSS5.8AI score0.00264EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/09 9:33 p.m.3 views

CVE-2026-33771 CTP OS: Configuring password requirements does not work which permits the use of weak passwords

A Weak Password Requirements vulnerability in the password management function of Juniper Networks CTP OS might allow an unauthenticated, network-based attacker to exploit weak passwords of local accounts and potentially take full control of the device. The password management menu enables the...

9.1CVSS5.7AI score0.00264EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/08 12:0 a.m.9 views

Juniper Junos OS Vulnerability (JSA107822)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA107822 advisory. - net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a buffer overflow in the handling of the INDEX of...

8.8CVSS6.2AI score0.01299EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/06 3:16 p.m.42 views

CVE-2026-34982 Vim modeline bypass via various options affects Vim < 9.2.0276

Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens a crafted file. The complete, guitabtooltip and printheader options are missing the PMLE flag, allowing a modeline to be executed...

8.2CVSS0.0047EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2026/04/06 3:16 p.m.8 views

CVE-2026-34982

Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens a crafted file. The complete, guitabtooltip and printheader options are missing the PMLE flag, allowing a modeline to be executed...

8.2CVSS6.3AI score0.0047EPSS
Exploits0References28
EUVD
EUVD
added 2026/04/02 6:31 p.m.5 views

EUVD-2025-209190

Apache Traffic Server allows request smuggling if chunked messages are malformed. This issue affects Apache Traffic Server: from 9.0.0 through 9.2.12, from 10.0.0 through 10.1.1. Users are recommended to upgrade to version 9.2.13 or 10.1.2, which fix the issue...

7.5CVSS5.8AI score0.00428EPSS
Exploits0References2
OSV
OSV
added 2026/04/02 5:16 p.m.4 views

DEBIAN-CVE-2025-58136

A bug in POST request handling causes a crash under a certain condition. This issue affects Apache Traffic Server: from 10.0.0 through 10.1.1, from 9.0.0 through 9.2.12. Users are recommended to upgrade to version 10.1.2 or 9.2.13, which fix the issue. A workaround for older versions is to...

7.5CVSS7.6AI score0.00673EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/02 3:55 p.m.18 views

CVE-2025-65114 Apache Traffic Server: Malformed chunked message body allows request smuggling

Apache Traffic Server allows request smuggling if chunked messages are malformed. This issue affects Apache Traffic Server: from 9.0.0 through 9.2.12, from 10.0.0 through 10.1.1. Users are recommended to upgrade to version 9.2.13 or 10.1.2, which fix the issue...

0.00428EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.11 views

Apache Traffic Server 安全漏洞

Apache Traffic Server ATS is a scalable HTTP proxy and caching server developed by the Apache Foundation in the United States. There are security vulnerabilities in Apache Traffic Server versions 9.2.12 and earlier, as well as 10.1.1 and earlier versions. These vulnerabilities stem from an error ...

7.5CVSS5.8AI score0.00428EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.11 views

Apache Traffic Server 安全漏洞

Apache Traffic Server ATS is a scalable HTTP proxy and caching server developed by the Apache Foundation in the United States. Versions of Apache Traffic Server 10.1.1 and earlier, as well as 9.2.12 and earlier versions, have security vulnerabilities. These vulnerabilities stem from defects in PO...

7.5CVSS7.4AI score0.00673EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/04/01 4:28 p.m.8 views

Important: Red Hat Security Advisory: freerdp security update

An update for freerdp is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

8.8CVSS6.5AI score0.00591EPSS
Exploits2References3
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.11 views

pypdf 安全漏洞

pypdf is an open-source, free, and pure Python PDF library developed by py-pdf. It allows for splitting, merging, cropping, and converting pages of PDF files. Prior to version 6.9.2, pypdf had a security vulnerability that could be exploited by attackers to create PDF files that led to infinite...

8.2CVSS5.8AI score0.00455EPSS
Exploits0References3
OSV
OSV
added 2026/03/26 11:58 p.m.8 views

CVE-2026-33699 pypdf: Possible infinite loop during recovery attempts in DictionaryObject.read_from_stream

pypdf is a free and open-source pure-python PDF library. Versions prior to 6.9.2 have a vulnerability in which an attacker can craft a PDF which leads to an infinite loop. This requires reading a file in non-strict mode. This has been fixed in pypdf 6.9.2. If users cannot upgrade yet, consider...

8.2CVSS5.8AI score0.00455EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/03/26 5:2 p.m.6 views

CVE-2026-32523

Unrestricted Upload of File with Dangerous Type vulnerability in denishua WPJAM Basic wpjam-basic allows Using Malicious Files.This issue affects WPJAM Basic: from n/a through = 6.9.2...

9.9CVSS5.8AI score0.00319EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 5:1 p.m.7 views

CVE-2026-23635

Kiteworks is a private data network PDN. In Kiteworks Secure Data Forms prior to version 9.2.1, a misconfiguration of the security attributes could potentially lead to Unprotected Transport of Credentials under certain circumstances. Upgrade Kiteworks to version 9.2.1 or later to receive a patch...

6.5CVSS5.8AI score0.00317EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 5:0 p.m.7 views

CVE-2026-24750

Kiteworks is a private data network PDN. In Kiteworks Secure Data Forms prior to version 9.2.1, an authenticated attacker could exploit an Improper Neutralization of Input During Web Page Generation as Stored XSS when modifying forms. Upgrade Kiteworks to version 9.2.1 or later to receive a patch...

7.6CVSS5.8AI score0.00236EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/03/25 8:5 p.m.12 views

pypdf: Possible infinite loop during recovery attempts in DictionaryObject.read_from_stream

Impact An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires reading a file in non-strict mode. Patches This has been fixed in pypdf==6.9.2. Workarounds If users cannot upgrade yet, consider applying the changes from PR 3693...

8.2CVSS5.7AI score0.00455EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/03/25 5:17 p.m.11 views

CVE-2026-32523

Unrestricted Upload of File with Dangerous Type vulnerability in denishua WPJAM Basic wpjam-basic allows Using Malicious Files.This issue affects WPJAM Basic: from n/a through = 6.9.2...

9.9CVSS0.00319EPSS
Exploits0References1
NVD
NVD
added 2026/03/25 5:16 p.m.8 views

CVE-2026-23635

Kiteworks is a private data network PDN. In Kiteworks Secure Data Forms prior to version 9.2.1, a misconfiguration of the security attributes could potentially lead to Unprotected Transport of Credentials under certain circumstances. Upgrade Kiteworks to version 9.2.1 or later to receive a patch...

6.5CVSS0.00317EPSS
Exploits0References1
CVE
CVE
added 2026/03/25 4:57 p.m.24 views

CVE-2026-23635

Kiteworks Secure Data Forms (PDN) has a vulnerability affecting versions prior to 9.2.1 due to a misconfiguration of security attributes that could lead to Unprotected Transport of Credentials. The issue is documented across CVE-2026-23635 with a CVSSv3.1 base score of 6.5 (Network, High attack v...

6.5CVSS5.8AI score0.00317EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder