Lucene search
K

2320 matches found

Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.9 views

PT-2026-49061

Summary In affected versions, Bugsink stores every tag supplied with an incoming event. An event with an unusually large number of custom i.e. supplied by an attacker tags can therefore make ingestion spend more time than intended writing tag rows. Bugsink uses a single-writer database...

4.3CVSS5.5AI score0.00056EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.9 views

Lyrion Music Server 跨站脚本漏洞

Lyrion Music Server is an audio server software developed by the Lyrion organization. Version 9.2.0 of Lyrion Music Server contains a cross-site scripting vulnerability. This vulnerability stems from an unvalidated reflective cross-site scripting vulnerability present in the server.log endpoint,...

6.1CVSS5.1AI score0.00324EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2026/06/04 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-42779

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The fix for CVE-2026-41635 was not applied to the 2.1.X and 2.2.X branches. Here was the original issue description: Apache MINA's AbstractIoBuffer.resolveClass...

9.8CVSS6.8AI score0.00902EPSS
Exploits1References2
CVE
CVE
added 2026/06/02 3:29 p.m.16 views

CVE-2026-34460

NamelessMC (Minecraft server website software) is affected in versions up to 2.2.4 where the OAuth callback handling does not validate the state parameter server‑side before exchanging the authorization code. This can let an attacker capture a valid OAuth callback URL for their own account and ca...

5.4CVSS5.8AI score0.00114EPSS
Exploits0References1
CVE
CVE
added 2026/06/02 3:19 p.m.18 views

CVE-2026-33398

NamelessMC 2.2.4 is affected by an insecure access control in modules/Forum/pages/forum/get_quotes.php, which only checks that a caller is logged in and reads a post by an attacker-controlled post ID. The backend helper in modules/Forum/classes/Forum.php does not enforce forum or topic ACLs, allo...

7.1CVSS5.8AI score0.00225EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/02 7:48 a.m.39 views

CVE-2026-4071 BirdSeed <= 2.2.0 - Cross-Site Request Forgery via BirdSeed Token Change

The BirdSeed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. This is due to missing nonce validation in the birdseedpluginsettingspage function. The function processes the 'birdseedtoken' GET parameter and saves it to the database via...

4.3CVSS0.00131EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.22 views

PT-2026-45801

NamelessMC is website software for Minecraft servers. In version 2.2.4, the profile page modules/Core/pages/profile.php processes wall post submissions and replies before verifying whether the viewer is authorized to access the profile. This allows any user with the profile.post permission to wri...

5.3CVSS5.9AI score0.00236EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/01 7:34 a.m.12 views

EUVD-2026-33580

A bug in Apache Airflow's KubernetesExecutor caused JWT tokens used by worker pods to authenticate against the Execution API to be passed to the worker container as command-line arguments visible in the pod spec. An authenticated UI/API user with Kubernetes read-only access to the cluster e.g...

8.7CVSS5.8AI score0.00488EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/05/28 9:29 p.m.18 views

Important: Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.28.0 Release.

Red Hat OpenShift Dev Spaces 3.28.0 has been released. Red Hat OpenShift Dev Spaces provides a cloud developer workspace server and a browser-based IDE built for teams and organizations. Dev Spaces runs in OpenShift and is well-suited for container-based development. The 3.28 release is based on...

10CVSS7AI score0.0115EPSS
Exploits20References41
EUVD
EUVD
added 2026/05/28 8:17 p.m.11 views

EUVD-2026-33043

Vulnerability in the Oracle Financials Common Modules product of Oracle E-Business Suite component: Common Components. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

8.5CVSS5.8AI score0.00227EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/28 2:24 p.m.11 views

CVE-2026-45017 Python Liquid: Absolute paths escape filesystem loader search path

Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.0, the built-in FileSystemLoader and CachingFileSystemLoader do not guard against reading files outside their search paths when given an absolute path to resolve. This allows malicious template authors to load and...

8.2CVSS5.9AI score0.00335EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/05/28 12:0 a.m.15 views

OWASP FinBot CTF 0.2

FinBot is an Agentic AI security CTF platform from OWASP. Interact with AI agents, exploit real vulnerabilities, and learn to secure agentic systems. All from your browser...

5.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/05/27 8:14 p.m.10 views

CVE-2026-9533

A vulnerability was detected in Totolink CA750-PoE 6.2c.510. The impacted element is the function recvUpgradeNewFw of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Performing a manipulation of the argument fwUrl/magicid results in os command injection. It is possible to initiate...

6.5CVSS6.5AI score0.01803EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/27 3:45 p.m.11 views

EUVD-2026-32575

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's UDR nudr-dr DELETE /subscription-data/ueId/servingPlmnId/ee-subscriptions/subsId/amf-subscriptions handler contains a nil-pointer dereference reachable from a single authenticated request, after one...

4.3CVSS5.8AI score0.0035EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/05/27 3:38 p.m.40 views

CVE-2026-44329 free5GC: SMF UPI management interface lacks auth middleware; unauthenticated topology read/write requests reach handlers

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's SMF mounts the UPI management route group without OAuth2/bearer-token authorization middleware. A network attacker who can reach SMF on the SBI can hit UPI endpoints with no Authorization header at all, and...

10CVSS0.00331EPSS
Exploits1References4
EUVD
EUVD
added 2026/05/27 3:38 p.m.12 views

EUVD-2026-32569

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's SMF mounts the UPI management route group without OAuth2/bearer-token authorization middleware. A network attacker who can reach SMF on the SBI can hit UPI endpoints with no Authorization header at all, and...

10CVSS5.8AI score0.00331EPSS
Exploits1References4
EUVD
EUVD
added 2026/05/27 3:3 p.m.13 views

EUVD-2026-32548

RabbitMQ is a messaging and streaming broker. From 4.2.0 to before 4.2.4, RabbitMQ's MQTT plugin allows for topic-level authorization using regular expressions with variable substitution. Administrators can create patterns such as ^clientid-sensors$ to restrict user access to topics that include...

5.3CVSS5.8AI score0.0025EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/27 1:47 p.m.10 views

EUVD-2024-55599

IBM SDI 7.2.0.0 through 7.2.0.14 and IBM Security Directory Integrator 10.0.0.0 through 10.0.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system...

5.3CVSS5.8AI score0.00385EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 9:49 a.m.19 views

CVE-2026-42729

CVE-2026-42729 documents a DOM-based Cross-Site Scripting (XSS) vulnerability in the WordPress PropertyHive plugin, specifically in versions &lt;= 2.2.2. The root cause is described as improper neutralization of input during web page generation. Affected product: PropertyHive (WordPress plugin); ...

7.1CVSS5.8AI score0.00175EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.9 views

Synology Surveillance Station 安全漏洞

Synology Surveillance Station is an application developed by Synology, a Chinese company. It provides intelligent monitoring and video management tools to protect your valuable assets. There are security vulnerabilities in versions of Synology Surveillance Station prior to 9.2.2.2-11575 and...

4.9CVSS5.8AI score0.0023EPSS
Exploits0References1
Rows per page
Query Builder