Lucene search
K

45 matches found

Cvelist
Cvelist
added 5 days ago39 views

CVE-2026-14631 webpack-dev-server vulnerable to denial of service via a malformed Host or Origin header

webpack-dev-server versions 5.2.5 and earlier terminate the whole Node.js process when an unauthenticated peer sends either a normal HTTP request with a malformed Host header or a WebSocket upgrade to the default /ws endpoint with a malformed Origin header. The malformed value causes an uncaught...

5.3CVSS0.00308EPSS
Exploits0References2
NVD
NVD
added 2026/06/02 5:16 p.m.14 views

CVE-2026-40571

NamelessMC is website software for Minecraft servers. In version 2.2.4, core/classes/Misc/ProfilePostReactionContext.php only verifies that the wall post exists and does not enforce blocked/private-profile visibility. This means that authenticated low-privileged users can add reactions to private...

5.3CVSS0.00235EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/21 3:36 p.m.8 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to path-traversal in golang os module [CVE-2026-27139]

Summary IBM Watson Speech Services Cartridge is vulnerable to path-traversal in golang os module, due to ability of a FileInfo action to reference a file outside of the Root in which the File was opened. CVE-2026-27139. Golang os module is used in our speech utilities. This vulnerabilitiy has bee...

2.5CVSS7.3AI score0.00201EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/21 3:34 p.m.17 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to cross-site-scripting in golang Go html/template [CVE-2026-27142]

Summary IBM Watson Speech Services Cartridge is vulnerable to cross-site-scripting in golang Go html/template, due to a flaw which disables escaping of URLs in actions in the meta content attribute which follow "url=" by setting htmlmetacontenturlescape=0 CVE-2026-27142. Golang Go html/template i...

6.1CVSS7.1AI score0.00328EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/21 3:32 p.m.18 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to insufficient validation in url.Parse [CVE-2026-25679]

Summary IBM Watson Speech Services Cartridge is vulnerable to insufficient validation in url.Parse, which may cause acceptance of some invalid URLs CVE-2026-25679. url.Parse is used in our speech utilities. This vulnerabilitiy has been addressed. Please read the details for remediation below...

7.5CVSS7.1AI score0.00728EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/21 3:16 p.m.7 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a path traversal in NLTK [CVE-2026-33236]

Summary IBM Watson Speech Services Cartridge is vulnerable to a path traversal in NLTK Natural Language Toolkit, caused by a NLTK downloader that does not validate the subdir and id attributes when processing remote XML index files CVE-2026-33236. NLTK is used in our speech runtimes. This...

8.1CVSS7.3AI score0.00487EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/21 3:7 p.m.13 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a TOCTOU vulnerability in ONNX [GHSA-q56x-g2fj-4rj6]

Summary IBM Watson Speech Services Cartridge is vulnerable to a TOCTOU vulnerability in ONNX, due to multiple issues in the saveexternaldata method which introduce an arbitrary file read/write on any system GHSA-q56x-g2fj-4rj6. ONNX is used in our speech runtimes. This vulnerabilitiy has been...

5.8AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/21 2:56 p.m.10 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a security control bypass in ONNX [CVE-2026-28500]

Summary IBM Watson Speech Services Cartridge is vulnerable to a security control bypass in onnx.hub.load due to improper logic in the repository trust verification mechanismCVE-2026-28500. ONNX is used in our speech runtimes. This vulnerabilitiy has been addressed. Please read the details for...

9.1CVSS5.6AI score0.00318EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/05/20 12:0 a.m.17 views

RHEL 9 : kpatch-patch-5_14_0-284_104_1, kpatch-patch-5_14_0-284_117_1, kpatch-patch-5_14_0-284_134_1, kpatch-patch-5_14_0-284_148_1, and kpatch-patch-5_14_0-284_158_1 (RHSA-2026:19573)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:19573 advisory. This is a kernel live patch module which can be loaded by the kpatch command line utility to modify the code of a running kernel. This patch module ...

8.8CVSS6.2AI score0.93235EPSS
Exploits31References4
OSV
OSV
added 2026/05/18 11:10 a.m.4 views

SUSE-SU-2026:21777-1 Security update for the Linux Kernel RT (Live Patch 5 for SUSE Linux Enterprise 16)

This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.26.1 fixes one security issue The following security issue was fixed: - CVE-2026-43284: xfrm: esp: avoid in-place decrypt on shared skb frags bsc1264459...

8.8CVSS6.1AI score0.93235EPSS
Exploits31References3
Tenable Nessus
Tenable Nessus
added 2026/05/10 12:0 a.m.9 views

SUSE SLES15 Security Update : kernel (Live Patch 5 for SUSE Linux Enterprise 15 SP7) (SUSE-SU-2026:1710-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1710-1 advisory. This update for the SUSE Linux Enterprise kernel 6.4.0-150700.53.19 fixes various security issues The following security issues were fixed: -...

7.8CVSS7.1AI score0.96267EPSS
Exploits228References16
OSV
OSV
added 2026/05/05 5:18 p.m.4 views

SUSE-SU-2026:21519-1 Security update for the Linux Kernel RT (Live Patch 5 for SUSE Linux Enterprise 16)

This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.26.1 fixes various security issues The following security issues were fixed: - CVE-2026-23004: dst: fix races in rt6uncachedlistdel and rtdeluncachedlist bsc1258655. - CVE-2026-23204: net/sched: clsu32: use skbheaderpointercareful...

7.8CVSS6.1AI score0.96267EPSS
Exploits228References11
OSV
OSV
added 2026/04/22 5:0 p.m.3 views

SUSE-SU-2026:21293-1 Security update for the Linux Kernel (Live Patch 5 for SUSE Linux Enterprise Micro 6.0)

This update for the SUSE Linux Enterprise Kernel 6.4.0-25.1 fixes various security issues The following security issues were fixed: - CVE-2025-40309: Bluetooth: SCO: Fix UAF on scoconnfree bsc1255066. - CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management...

7.8CVSS5.6AI score0.0015EPSS
Exploits0References5
OSV
OSV
added 2026/04/22 4:44 p.m.6 views

SUSE-SU-2026:21305-1 Security update for the Linux Kernel RT (Live Patch 5 for SUSE Linux Enterprise Micro 6.0)

This update for the SUSE Linux Enterprise Kernel 6.4.0-25.1 fixes various security issues The following security issues were fixed: - CVE-2025-40309: Bluetooth: SCO: Fix UAF on scoconnfree bsc1255066. - CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management...

7.8CVSS5.6AI score0.0015EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/21 11:32 p.m.8 views

EUVD-2026-24567

Craft CMS is a content management system CMS. In versions 5.6.0 through 5.9.14, the actionSavePermissions endpoint allows a user with only viewUsers permission to remove arbitrary users from all user groups. While saveUserGroups enforces per-group authorization for additions, it performs no...

5.3CVSS5.9AI score0.00248EPSS
Exploits0References2
OSV
OSV
added 2026/04/12 12:8 a.m.2 views

SUSE-SU-2026:1278-1 Security update for the Linux Kernel (Live Patch 5 for SUSE Linux Enterprise 15 SP7)

This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.19 fixes various security issues The following security issues were fixed: - CVE-2025-39973: i40e: add validation for ringlen param bsc1252036. - CVE-2025-40018: ipvs: Defer ipvsftp unregister during netns cleanup bsc1252689. -...

7.8CVSS6.7AI score0.00344EPSS
Exploits7References17
OSV
OSV
added 2026/04/09 8:48 a.m.6 views

SUSE-SU-2026:21004-1 Security update for the Linux Kernel RT (Live Patch 5 for SUSE Linux Enterprise 16)

This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.26.1 fixes various security issues The following security issues were fixed: - CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc bsc1258051. - CVE-2026-23111: netfilter: nftables: fix inverted genmask check i...

7.8CVSS5.8AI score0.00344EPSS
Exploits7References7
Vulnrichment
Vulnrichment
added 2026/04/07 6:20 p.m.3 views

CVE-2026-39347 OrangeHRM's Self‑Appraisal Submission of Admin Users Can Be Modified After Completion

OrangeHRM is a comprehensive human resource management HRM system. From 5.0 to 5.8, OrangeHRM Open Source accepts changes to self-appraisal submissions for administrator users after those submissions have been marked completed, breaking integrity of finalized appraisal records. This vulnerability...

5.1CVSS5.9AI score0.00172EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/07 12:0 a.m.3 views

SUSE SLES15 Security Update : kernel RT (Live Patch 5 for SUSE Linux Enterprise 15 SP7) (SUSE-SU-2026:1185-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1185-1 advisory. This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.7.19 fixes various security issues The following security issues were fixed: -...

7.8CVSS6.8AI score0.00344EPSS
Exploits7References25
CVE
CVE
added 2026/03/24 5:22 p.m.18 views

CVE-2026-33157

Craft CMS 5.x (5.6.0–5.9.12) is vulnerable to authenticated Remote Code Execution via malicious attached behavior, due to un sanitized fieldLayouts in ElementIndexesController::actionFilterHud() feeding FieldLayout::createFromConfig(). The bug chain bypasses a prior fix that cleansed inputs with ...

8.6CVSS5.8AI score0.0102EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder