Lucene search
K

2153 matches found

Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.11 views

PT-2026-50702

Name of the Vulnerable Software and Affected Versions Node.js version 22 Node.js version 24 Node.js version 26 Description A flaw in the Permission Model enforcement allows a bypass through path misvalidation in the process.report.writeReport function. This issue can result in a confidentiality...

1.8CVSS5.8AI score0.00208EPSS
Exploits0References104
RedHat Linux
RedHat Linux
added 2026/06/17 5:39 a.m.5 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.18.44 security and extras update

Red Hat OpenShift Container Platform release 4.18.44 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.18. Red Hat Product Security has rated this update as having a security impact of...

9.1CVSS6.5AI score0.01557EPSS
Exploits1References2
OSV
OSV
added 2026/06/15 3:34 p.m.4 views

SUSE-SU-2026:2401-1 Security update for kubevirt-1.6

This update for kubevirt-1.6 fixes the following issues Update to version 1.6.6, fixes various go embedded security issues: - CVE-2025-47911: golang.org/x/net/html: various algorithms with quadratic complexity when parsing HTML documents bsc1251420. - CVE-2025-47913: golang.org/x/crypto/ssh/agent...

9.9CVSS5.2AI score0.01557EPSS
Exploits3References15
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.12 views

PT-2026-49596

Name of the Vulnerable Software and Affected Versions starlette versions prior to 1.3.1 Description The HTTP request path is not validated before being used to reconstruct request.url. When a path does not begin with /, such as @google.com, it is concatenated as scheme://hostpath. This shifts the...

5.3CVSS5.8AI score0.00187EPSS
Exploits0References14
NVD
NVD
added 2026/06/13 7:16 a.m.18 views

CVE-2026-9062

The Store Locator WordPress plugin before 1.6.9 does not validate a parameter before using it in a file path, allowing high-privileged users such as administrators to read arbitrary .php files from the server, including configuration files that contain database credentials and authentication keys...

3.4CVSS0.00248EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/13 12:34 a.m.10 views

EUVD-2026-36633

Allegra exportReport Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Allegra. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

6.5CVSS6.5AI score0.01254EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/12 8:21 p.m.9 views

EUVD-2026-36581

A stored cross-site scripting vulnerability exists in MISP when the Overmind theme is used. The setHomePage endpoint previously saved the user-controlled path value through setSettingInternal, bypassing the normal setSetting validation logic, including validatehomepage, which requires homepage...

5.1CVSS5.3AI score0.00377EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.14 views

PT-2026-49051

Allegra exportReport Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Allegra. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

6.5CVSS6.3AI score0.01254EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.11 views

RHEL 8 : flatpak (RHSA-2026:25381)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:25381 advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fixes: flatpak: Flatpak:...

10CVSS8.3AI score0.0168EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/11 7:28 p.m.6 views

flatpak: Flatpak: Arbitrary file deletion on host via improper cache file path validation

A flaw was found in Flatpak, a Linux application sandboxing and distribution framework. The caching mechanism for ld.so dynamic linker/loader improperly removes outdated cache files without adequately verifying that the application-controlled path to the outdated cache is within the designated...

8.7CVSS5.6AI score0.00323EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/11 7:28 p.m.9 views

Important: Red Hat Security Advisory: flatpak security update

An update for flatpak is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerabili...

10CVSS7.9AI score0.0168EPSS
Exploits0References3
NVD
NVD
added 2026/06/11 7:16 p.m.11 views

CVE-2025-24268

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.4. An app may be able to access sensitive user data...

5.5CVSS0.0014EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/11 6:47 p.m.26 views

CVE-2025-24268

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.4. An app may be able to access sensitive user data...

0.0014EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/11 6:47 p.m.7 views

EUVD-2025-210120

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.4. An app may be able to access sensitive user data...

5.5CVSS5.4AI score0.0014EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/11 6:47 p.m.8 views

CVE-2025-24268

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.4. An app may be able to access sensitive user data...

5.4AI score0.0014EPSS
Exploits0References1
CVE
CVE
added 2026/06/11 6:47 p.m.16 views

CVE-2025-24268

The CVE-2025-24268 issue is tied to macOS Sequoia: a parsing problem in the handling of directory paths allowed an application to access sensitive user data. Root cause: inadequate path validation. Affected versions are prior to macOS Sequoia 15.4; the fix is implemented in Sequoia 15.4. Practica...

5.5CVSS5.5AI score0.0014EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/11 6:16 p.m.11 views

CVE-2026-47157

aiograpi is an asynchronous Instagram API for Python. aiograpi versions before 0.9.10 accepted server-supplied signup challenge paths and used them to build request URLs before validating that the paths were relative Instagram API paths. If an attacker can influence a challenge response, for...

6.5CVSS0.00195EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/11 5:18 p.m.12 views

EUVD-2026-36272

aiograpi is an asynchronous Instagram API for Python. aiograpi versions before 0.9.10 accepted server-supplied signup challenge paths and used them to build request URLs before validating that the paths were relative Instagram API paths. If an attacker can influence a challenge response, for...

6.5CVSS5.4AI score0.00195EPSS
Exploits0References4
OSV
OSV
added 2026/06/10 11:16 p.m.6 views

DEBIAN-CVE-2026-52726

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.23.2 and prior to version 1.2.5, dulwich.porcelain.submoduleupdate, and by extension porcelain.clone..., recursesubmodules=True, materializes attacker-controlled submodule paths from a crafted...

7.5CVSS5.8AI score0.00448EPSS
Exploits0References1
OSV
OSV
added 2026/06/10 11:16 p.m.5 views

UBUNTU-CVE-2026-52726

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.23.2 and prior to version 1.2.5, dulwich.porcelain.submoduleupdate, and by extension porcelain.clone..., recursesubmodules=True, materializes attacker-controlled submodule paths from a crafted...

7.5CVSS5.7AI score0.00448EPSS
Exploits0References4
Rows per page
Query Builder