Lucene search
K

11988 matches found

OSV
OSV
added 2026/06/30 11:39 p.m.2 views

BIT-GHOST-2026-53944 Ghost: Private IP filtering bypass to make server-side requests to internal services

Ghost is a Node.js content management system. From 6.0.9 until 6.21.1, when making an external request, it is possible to bypass the IP filter that ensures the request isn't going to an internal service using an IPv6 literal which maps to a private IPv4 address. This vulnerability is fixed in...

5.8CVSS5.8AI score0.00197EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/30 10:50 p.m.24 views

CVE-2026-56413 OS Command Injection in StoneFly Storage Concentrator

Storage Concentrator SC & SCVM contains a command injection vulnerability in the msservice.pl service, which listens on TCP port 9000 by default and accepts custom network packets to perform device actions. An unauthenticated remote attacker can send a specially crafted packet containing a...

10CVSS0.03081EPSS
Exploits0References3
CVE
CVE
added 2026/06/30 8:50 p.m.18 views

CVE-2026-11594

CVE-2026-11594 affects IBM WebSphere Application Server components (8.5 and 9.0; with related advisories also mentioning 9.1) where the administrative console is vulnerable to cross-site scripting. The core issue is XSS in the administrative console login/page rendering. Public bulletins from IBM...

8.5CVSS5.6AI score0.00337EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/30 8:50 p.m.5 views

EUVD-2026-40411

IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console...

8.5CVSS5.6AI score0.00337EPSS
Exploits0References1
NVD
NVD
added 2026/06/30 8:17 p.m.6 views

CVE-2026-11708

IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console's integrated help system...

9.3CVSS0.00217EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 7:50 p.m.13 views

CVE-2026-11595

CVE-2026-11595 affects IBM WebSphere Application Server 9.0 and 8.5. The IBM Security Bulletin describes a path traversal vulnerability in the administrative console’s integrated help system that could allow a remote attacker to obtain sensitive information. Affected products/versions include Web...

7.5CVSS5.8AI score0.00474EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/30 7:47 p.m.7 views

EUVD-2026-40397

IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console's integrated help system...

9.3CVSS5.6AI score0.00217EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/30 7:45 p.m.37 views

CVE-2026-11712 IBM WebSphere Application Server is affected by a cross-site scripting vulnerability

IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console help system...

9.3CVSS0.00217EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/30 7:45 p.m.5 views

EUVD-2026-40396

IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console help system...

9.3CVSS5.6AI score0.00217EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/30 5:26 p.m.3 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the POST /api/n9e/datasource/list route, which lacks proper authorization checks. An attacker can obtain sensitive credentials, such as database passwords, HTTP bearer tokens, and mTLS client keys, by sending...

7.1CVSS6AI score0.00238EPSS
Exploits0References2
OSV
OSV
added 2026/06/30 1:30 p.m.4 views

MINI-XMC8-9VW6-M68H

Bulletin has no description...

5.3CVSS5.9AI score0.00232EPSS
Exploits0
Patchstack
Patchstack
added 2026/06/30 1:28 p.m.4 views

WordPress LMS theme <= 9.7 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme LMS versions = 9.7...

7.1CVSS5.8AI score0.0018EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/06/30 10:47 a.m.3 views

RHSA-2026:28051 Red Hat Security Advisory: .NET 9.0 security update

Bulletin has no description...

7.5CVSS7AI score0.0243EPSS
Exploits0References13
Vulnrichment
Vulnrichment
added 2026/06/30 6:0 a.m.6 views

CVE-2026-11589 WP Support Plus Responsive Ticket System <= 9.1.2 - Unauthenticated Stored XSS via File Upload

The WP Support Plus Responsive Ticket System WordPress plugin through 9.1.2 does not properly validate uploaded files, allowing unauthenticated users to upload files containing malicious JavaScript such as HTML or SVG to a publicly accessible location, leading to Stored Cross-Site Scripting attac...

5.6AI score0.00276EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 5:34 a.m.25 views

CVE-2026-12073

CVE-2026-12073 affects the ProfileGrid – User Profiles, Groups and Communities plugin for WordPress (versions ≤ 5.9.9.5). The root cause is the plugin not validating a user_login on some registration forms and mishandling errors, enabling unauthenticated attackers to overwrite the email of the ad...

9.8CVSS5.8AI score0.0031EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/30 12:25 a.m.10 views

Important: Red Hat Security Advisory: kernel security, bug fix, and enhancement update

An update for kernel is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

9.8CVSS6AI score0.00298EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.10 views

RHEL 9 : ruby (RHSA-2026:33512)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:33512 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...

7.6CVSS5.8AI score0.00813EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.4 views

Oracle Linux 9 : git-lfs (ELSA-2026-30854)

The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2026-30854 advisory. - Fix CVE-2026-39821: vendored golang.org/x/net/idna ToUnicode incorrectly accepting all-ASCII xn-- labels Tenable has extracted the preceding description bloc...

9.6CVSS6.7AI score0.00478EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.12 views

Oracle Linux 9 : firefox (ELSA-2026-20574)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-20574 advisory. 140.12.0-1.0.1 - Fix firefox-oracle-default-prefs.js for new nss Orabug: 37079773 - Add firefox-oracle-default-prefs.js and remove the corresponding R...

9.8CVSS7.2AI score0.00446EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/29 10:56 p.m.7 views

Moderate: Red Hat Security Advisory: glibc security, bug fix, and enhancement update

An update for glibc is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

9.8CVSS5.9AI score0.00451EPSS
Exploits1References2
Rows per page
Query Builder