Lucene search
K

851 matches found

Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.12 views

PT-2026-38281

Name of the Vulnerable Software and Affected Versions azureauthextension versions 0.124.0 through 0.150.0 Description A server-side authentication bypass exists in the azureauthextension when used by an OpenTelemetry receiver with auth: azure auth. The Authenticate function fails to validate...

8.1CVSS5.8AI score0.00222EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.9 views

RHCOS 3 : OpenShift Container Platform 3.11.685 (RHSA-2022:1420)

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1420 advisory. - xstream: Injecting highly recursive collections or maps can cause a DoS CVE-2021-43859 - workflow-cps: OS command execution throug...

8.8CVSS7.3AI score0.07934EPSS
Exploits1References29
Github Security Blog
Github Security Blog
added 2026/05/05 7:53 p.m.10 views

exiftool-vendored vulnerable to argument injection via newline characters in tag names

Impact exiftool-vendored starts ExifTool in -stayopen True -@ - mode, where arguments are read from stdin one per line. In affected versions, several caller-supplied strings were interpolated into ExifTool arguments without rejecting line delimiters. A newline or carriage return inside one of tho...

8.2CVSS6.4AI score0.00485EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-40706

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In NTFS-3G 2022.10.3 before 2026.2.25, a heap buffer overflow exists in ntfsbuildpermissionsposix in acls.c that allows an attacker to corrupt heap memory in th...

8.4CVSS5.8AI score0.00165EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/17 12:0 a.m.11 views

Mobatek MobaXterm 安全漏洞

Mobatek MobaXterm is a terminal software developed by the French company Mobatek. It integrates an enhanced terminal, X servers, and Unix command sets GNU/Cygwin. The Mobatek MobaXterm Home Edition 26.1 and earlier versions have security vulnerabilities. These vulnerabilities stem from an unknown...

7.3CVSS7.1AI score0.0015EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/16 10:45 p.m.7 views

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path via the adapterConfig.instructionsFilePath configuration field, which is processed by the server during agent execution. An attacker can access sensitive files on the host filesystem by supplying...

6CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/04/16 10:45 p.m.9 views

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path via the adapterConfig.instructionsFilePath configuration field, which is processed by the server during agent execution. An attacker can access sensitive files on the host filesystem by supplying...

6CVSS6AI score
Exploits0References2
NVD
NVD
added 2026/04/14 10:16 p.m.9 views

CVE-2026-34370

Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, the notebook module contains an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated student to read the private course notes of any other user on the platform by manipulating t...

6.5CVSS0.00227EPSS
Exploits0References2
CVE
CVE
added 2026/04/14 9:25 p.m.13 views

CVE-2026-34370

Chamilo LMS is affected in versions prior to 2.0.0-RC.3 by an IDOR in the Notebook module. An authenticated student can read another user’s private notes by altering notebook_id in the editnote action. The read path get_note_information() does not verify ownership, while write paths have ownershi...

6.5CVSS5.8AI score0.00227EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/14 2:10 p.m.3 views

CVE-2026-4913

Improper protection of an alternate path in Ivanti N-ITSM before version 2025.4 allows a remote authenticated attacker to retain access when their account has been disabled...

5.7CVSS5.8AI score0.00586EPSS
Exploits0References2
CVE
CVE
added 2026/04/14 12:0 a.m.8 views

CVE-2025-65135

CVE-2025-65135 affects manikandan580 School-management-system 1.0. The issue is a time-based blind SQL injection in /studentms/admin/between-date-reprtsdetails.php exploitable via the fromdate POST parameter. According to the data, the vulnerability has CVSS v3.1: Critical (Base Score 9.8) with n...

9.8CVSS5.9AI score0.00285EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.8 views

ClearanceKit 安全漏洞

ClearanceKit is a macOS file system access control tool developed by Craig J. Bass. Versions of ClearanceKit prior to 5.0.4-beta-1f46165 contained security vulnerabilities. These vulnerabilities stemmed from the endpoint security event handler only checking the source path for double-path...

6.8CVSS5.8AI score0.00115EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/09 12:10 p.m.2 views

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration through the logout handler in airflow-core/src/airflow/apifastapi/coreapi/routes/public/auth.py and the token validation path in airflow-core/src/airflow/apifastapi/auth/managers/baseauthmanager.py. An...

9.1CVSS5.8AI score0.00667EPSS
Exploits0References2
SUSE Linux
SUSE Linux
added 2026/04/08 4:3 p.m.4 views

Security update for python-poetry

This update for python-poetry fixes the following issue: CVE-2026-34591: From version 1.4.0 to before version 2.3.3, a crafted wheel can contain ../ paths that Poetry writes to disk without containment checks, allowing arbitrary file write bsc1261383. Patch Instructions: To install this SUSE upda...

7.1CVSS6AI score0.00468EPSS
Exploits1References4
CVE
CVE
added 2026/04/07 2:32 p.m.14 views

CVE-2026-35463

Pyload/pyload-ng (CVE-2026-35463) exposes a remote code execution path when the AntiVirus plugin’s executable path (avfile) and arguments are user-configurable. The ADMIN_ONLY_OPTIONS protection applies to core config but not to plugin config, allowing a non-admin user with SETTINGS permission to...

8.8CVSS6.2AI score0.00815EPSS
Exploits1References2Affected Software1
CNVD
CNVD
added 2026/04/07 12:0 a.m.5 views

Endian Firewall remark parameter cross-site scripting vulnerability

Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall remark parameter, which stems from improper handling of the remark parameter in /manage/password/web/, and can be exploited by an attacker to inject malicious scri...

6.4CVSS5AI score0.00138EPSS
Exploits0
Cvelist
Cvelist
added 2026/04/03 10:36 p.m.19 views

CVE-2026-34787 Emlog: Local File Inclusion in plugin.php via unsanitized plugin parameter

Emlog is an open source website building system. In versions 2.6.2 and prior, a Local File Inclusion LFI vulnerability exists in admin/plugin.php at line 80. The $plugin parameter from the GET request is directly used in a requireonce path without proper sanitization. If the CSRF token check can ...

6.5CVSS0.00511EPSS
Exploits1References1
Snyk
Snyk
added 2026/04/02 6:20 p.m.5 views

Permissive Regular Expression

Overview rack is a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a singl...

6.9CVSS5.9AI score0.0024EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/01 9:16 p.m.7 views

EUVD-2026-17679

Claude SDK for TypeScript: Memory Tool Path Validation Allows Sandbox Escape to Sibling Directories...

6.3CVSS5.9AI score0.00292EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/01 12:0 a.m.17 views

Amazon Linux 2023 : runfinch-finch (ALAS2023-2026-1507)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1507 advisory. Fulcio is a certificate authority for issuing code signing certificates for an OpenID Connect OIDC identity. Prior to 1.8.5, Fulcio's metaRegex function uses unanchored regex, allowing attacke...

7.5CVSS7AI score0.00728EPSS
Exploits2References14
Rows per page
Query Builder