Lucene search
K

59 matches found

NVD
NVD
added yesterday7 views

CVE-2026-55420

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, under certain non-default configurations, processing of PDF uploads could be exploited to obtain RCE on the server. This issue is patched in 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5...

7.5CVSS
Exploits0References6
CVE
CVE
added yesterday8 views

CVE-2026-55420

Discourse (open-source platform) prior to versions 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, in some non-default configurations, allowed processing of PDF uploads to lead to remote code execution on the server. The root cause is tied to how PDFs are processed under specific configurations, enab...

7.5CVSS5.9AI score
Exploits0References6
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.11 views

Astra Linux – Vulnerability in OpenSSH

In OpenSSH 6.2 through 8.x, prior to version 8.8, when certain non-default configurations were used, privilege escalation could occur because supplementary groups were not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand might run with privileges...

7CVSS7.3AI score0.02367EPSS
Exploits2References2
EUVD
EUVD
added 2026/04/28 4:53 a.m.6 views

EUVD-2026-25982

OpenStack Ironic through 25.0.0 allows ipmitool execution in a non-default configuration that has a console interface...

6.6CVSS5.5AI score0.0057EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/04/28 4:53 a.m.5 views

CVE-2026-42510

OpenStack Ironic before 35.0.1 allows ipmitool execution in a non-default configuration that has a console interface...

7.2CVSS5.5AI score0.0057EPSS
Exploits0
CNNVD
CNNVD
added 2026/04/01 12:0 a.m.13 views

Sage DPW 安全漏洞

Sage DPW is a human resources system developed by the British company Sage. Version Sage DPW 202506004 contains security vulnerabilities. These vulnerabilities stem from non-default configurations that allow unverified access to diagnostic endpoints, potentially exposing sensitive information suc...

7.5CVSS5.8AI score0.00287EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/25 12:0 a.m.5 views

CVE-2025-66443

Pexip Infinity 35.0 through 38.1 before 39.0, in non-default configurations that use Direct Media for WebRTC, has Improper Input Validation in signalling that allows an attacker to trigger a software abort, resulting in a temporary denial of service...

7.5CVSS6.4AI score0.00268EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2017-0719

Malware in sbrugna...

4.7CVSS6.5AI score0.01189EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-29071

Malicious code in bioql PyPI...

7.2CVSS6.8AI score0.00177EPSS
Exploits0References2
OSV
OSV
added 2025/09/19 1:13 p.m.5 views

OESA-2025-2320 rubygem-fluentd security update

Fluentd is an open source data collector designed to scale and simplify log management. It can collect, process and ship many kinds of data in near real-time. Security Fixes: Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. A...

9.8CVSS8.8AI score0.44708EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/09/12 5:16 p.m.11 views

CVE-2025-4235 User-ID Credential Agent: Cleartext Exposure of Service Account password

An information exposure vulnerability in the Palo Alto Networks User-ID Credential Agent Windows-based can expose the service account password under specific non-default configurations. This allows an unprivileged Domain User to escalate privileges by exploiting the account’s permissions. The...

7.2CVSS0.00177EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/12 5:16 p.m.3 views

CVE-2025-4235 User-ID Credential Agent: Cleartext Exposure of Service Account password

An information exposure vulnerability in the Palo Alto Networks User-ID Credential Agent Windows-based can expose the service account password under specific non-default configurations. This allows an unprivileged Domain User to escalate privileges by exploiting the account’s permissions. The...

7.2CVSS6.5AI score0.00177EPSS
Exploits0References1
CVE
CVE
added 2025/09/12 5:16 p.m.60 views

CVE-2025-4235

The CVE-2025-4235 entry describes an information-exposure vulnerability in Palo Alto Networks’ User-ID Credential Agent (Windows). Under specific non-default configurations, the service account password can be exposed, enabling an unprivileged Domain User to escalate privileges by abusing the acc...

7.2CVSS6.5AI score0.00177EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/05 4:54 p.m.7 views

CVE-2025-1992 IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows includes DB2 Connect Server 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user in federation environment, to cause a denial of service due to insufficient release of allocated memory after usage...

5.3CVSS6AI score0.00315EPSS
Exploits0References1
CVE
CVE
added 2025/05/05 4:54 p.m.75 views

CVE-2025-1992

CVE-2025-1992 concerns IBM Db2 for Linux, UNIX and Windows (including DB2 Connect Server) in federation deployments. The issue is a denial-of-service caused by insufficient release of memory after usage, affecting Db2 versions 11.5.0–11.5.9 and 12.1.0–12.1.1 when authenticated users operate in fe...

6.5CVSS6AI score0.00315EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/05/05 4:54 p.m.19 views

CVE-2025-1992 IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows includes DB2 Connect Server 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user in federation environment, to cause a denial of service due to insufficient release of allocated memory after usage...

5.3CVSS0.00315EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/05/05 12:0 a.m.7 views

IBM Db2 安全漏洞

IBM Db2 is a relational database management system from International Business Machines IBM. The system executes on UNIX, Linux, IBMi, z/OS, and Windows server versions. A security vulnerability exists in IBM Db2 versions 11.5.9 and earlier and 12.1.1 and earlier, which stems from insufficient...

6.5CVSS6.2AI score0.00315EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/04/25 6:46 p.m.18 views

CVE-2025-43922

The FileWave Windows client before 16.0.0, in some non-default configurations, allows an unprivileged local user to escalate privileges to SYSTEM...

8.1CVSS6.9AI score0.0012EPSS
Exploits0References1
NVD
NVD
added 2025/04/21 4:15 p.m.35 views

CVE-2025-43922

The FileWave Windows client before 16.0.0, in some non-default configurations, allows an unprivileged local user to escalate privileges to SYSTEM...

8.1CVSS0.0012EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/04/21 12:0 a.m.5 views

FileWave Windows client 安全漏洞

FileWave Windows client is an end-to-end management software client from FileWave Switzerland. A security vulnerability exists in FileWave Windows client versions prior to 16.0.0, which stems from certain non-default configurations that could cause a local user to elevate privileges to SYSTEM...

8.1CVSS6.3AI score0.0012EPSS
Exploits0References1
Rows per page
Query Builder