Lucene search
K

244 matches found

Tenable Nessus
Tenable Nessus
added 6 days ago4 views

Linux Distros Unpatched Vulnerability : CVE-2026-54900

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, when in usual mode with createid enabled,...

6.3CVSS6AI score0.00253EPSS
Exploits0References3
CVE
CVE
added last week37 views

CVE-2026-50195

Containerd CVE-2026-50195 affects CRI checkpoint import: unvalidated image references in a checkpoint config allow an attacker with pod-creation permissions to trigger pulling a malicious image and assign it a local tag, poisoning the node’s local image cache. Subsequent pods on the same node usi...

9.9CVSS6.1AI score0.00354EPSS
Exploits0References1Affected Software1
CVE
CVE
added last week13 views

CVE-2026-58025

CVE-2026-58025 describes a deserialization of untrusted data vulnerability in Wikimedia Foundation MediaWiki. Affected are MediaWiki versions before 1.46.0, including 1.45.4, 1.44.6, and 1.43.9. The issue is linked to deserialization in files: includes/Import/WikiImporter.Php, includes/Import/Wik...

5.9CVSS5.8AI score0.00342EPSS
Exploits0References1
CVE
CVE
added last week10 views

CVE-2026-8857

CVE-2026-8857 concerns a vulnerability in the Wikimedia Foundation timeline extension EasyTimeline. Affected are timeline versions before 1.46.0, 1.45.4, 1.44.6, and 1.43.9. The issue is linked to the extension’s files scripts/EasyTimeline.Pl and includes/Timeline.Php. The connected documents do ...

5.8AI score0.00267EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/11 10:21 a.m.10 views

EUVD-2026-36232

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.0 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user to access confidential issue details due to incorrect authorization checks...

3.1CVSS5.5AI score0.00236EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/10 8:16 p.m.31 views

CVE-2026-46673 Russh: Unchecked CryptoVec allocation and growth handling is reachable from local agent inputs in current russh releases and from remote SSH traffic in historical pre-0.58.0 releases

Russh is a Rust SSH client & server library. Prior to version 0.60.3, CryptoVec used unchecked capacity growth, unchecked length arithmetic, and unsafe allocation/locking paths. In current russh releases, local SSH agent peers could still feed attacker-controlled frame lengths into buffer growth...

7.5CVSS0.00263EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/06/10 1:5 p.m.6 views

CVE-2026-53436

Jenkins 2.567 and earlier, LTS 2.555.2 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins when it contains relative path segments ./ or ../, allowing attackers to perform phishing attacks...

4.3CVSS5.5AI score0.00282EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 12:31 a.m.14 views

EUVD-2026-35848

CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consumption vulnerability. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this iss...

6.2CVSS5.5AI score0.00153EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.16 views

Splunk Enterprise 跨站脚本漏洞

Splunk Cloud Platform and Splunk Enterprise are both products of the American company Splunk. Splunk Cloud Platform is a powerful service for data collection, processing, and analysis. Splunk Enterprise is a suite of software for data collection and analysis. Both Splunk Cloud Platform and Splunk...

7.1CVSS5.8AI score0.00174EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.16 views

PT-2026-46099

Summary Using CookieJar.load with untrusted input may allow arbitrary code execution. Impact Most applications using this function will be doing so with the user's own data, so this is unlikely to affect many applications. Workaround If an application does allow attacker controlled files to be...

6.4CVSS6.1AI score0.00128EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/22 9:10 p.m.14 views

EUVD-2026-31500

RT is an open source, enterprise-grade issue and ticket tracking system. Versions prior to 5.0.10 and 6.0.0 through 6.0.2 contain a spreadsheet CSV/formula injection vulnerability. User-controlled data in spreadsheet exports is not sanitized before being written to the output file, which can caus...

4.6CVSS5.7AI score0.00166EPSS
Exploits0References3
NVD
NVD
added 2026/05/20 4:16 p.m.18 views

CVE-2026-8488

Allocation of resources without limits or throttling vulnerability in Progress Software MOVEit Automation allows Excessive Allocation. This issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 before 2025.1.7...

7.5CVSS0.00364EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/20 2:6 p.m.38 views

CVE-2026-8485 Uncontrolled Memory Allocation vulnerability in Progress Software MOVEit Automation

Uncontrolled Memory Allocation vulnerability in Progress Software MOVEit Automation allows Excessive Allocation. This issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 before 2025.1.7...

5.9CVSS0.00348EPSS
Exploits0References1
OSV
OSV
added 2026/05/18 1:37 p.m.14 views

CLEANSTART-2026-MP82813 Security fixes for CVE-2026-33186, CVE-2026-39882, CVE-2026-39883, CVE-2026-40179, ghsa-mqqf-5wvp-8fh8 applied in versions: 1.21.0-r0, 1.21.0-r1

Multiple security vulnerabilities affect the cortex package. These issues are resolved in later releases. See references for individual vulnerability details...

9.1CVSS5.8AI score0.01557EPSS
Exploits2References10
ATTACKERKB
ATTACKERKB
added 2026/05/14 5:38 a.m.11 views

CVE-2025-14869

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to cause denial of service by sending specially crafted payloads on certain API endpoints...

7.5CVSS5.8AI score0.00354EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/05/14 12:0 a.m.10 views

GitLab 15.7 < 18.9.7 / 18.10 < 18.10.6 / 18.11 < 18.11.3 (CVE-2026-6883)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Missing Authorization in GitLab CVE-2026-6883 Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenabl...

4.3CVSS5.8AI score0.00146EPSS
Exploits0References4
NVD
NVD
added 2026/05/12 8:16 p.m.15 views

CVE-2026-6959

HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink attack. This vulnerability CVE-2026-6959 is fixed in Nomad 2.0.1, 1.11.5 and 1.10.11...

6CVSS0.00169EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.8 views

phpseclib 资源管理错误漏洞

phpseclib is an open-source PHP security communication library developed by phpseclib. Versions prior to 1.0.29, 2.0.54, and 3.0.52 contained a resource management vulnerability. This vulnerability stemmed from an issue where bypassing CVE-2024-27355 was possible when loading untrusted ASN1 files...

7.5CVSS5.8AI score0.00201EPSS
Exploits0References2
NVD
NVD
added 2026/05/04 5:16 p.m.29 views

CVE-2026-40682

XML External Entity XXE via Unsanitized Dictionary Parsing in Apache OpenNLP DictionaryEntryPersistor Versions Affected: before 2.5.9, before 3.0.0-M3 Description: The DictionaryEntryPersistor class initializes a static SAXParserFactory at class-load time without enabling FEATURESECUREPROCESSING ...

9.1CVSS0.00515EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.14 views

PT-2026-33843

Name of the Vulnerable Software and Affected Versions Spinnaker versions prior to 2026.1.0 Spinnaker versions prior to 2026.0.1 Spinnaker versions prior to 2025.4.2 Spinnaker versions prior to 2025.3.2 Description Echo uses SPeL Spring Expression Language, a powerful expression language for the...

9.9CVSS5.9AI score0.00553EPSS
Exploits0References23
Rows per page
Query Builder