Lucene search
K

1188 matches found

Cvelist
Cvelist
added 6 days ago33 views

CVE-2026-50750 Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All: Pre-authentication OpenWire DoS following fix for CVE-2026-49270

Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. Following the fix for CVE-2026-49270 an unauthenticated attacker can now cause broker OOM by sending an repeated BrokerInfo commands without sending a ConnectionInfo, until the broke...

0.00707EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 6 days ago4 views

Linux Distros Unpatched Vulnerability : CVE-2026-39948

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cacti is an open source performance and fault management framework. In versions 1.2.30 and prior, the rfilter request parameter is retrieved via the raw accesso...

9.8CVSS6.1AI score0.00456EPSS
Exploits0References3
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-565 vLLM has RCE In Video Processing

Summary A chain of vulnerabilities in vLLM allow Remote Code Execution RCE: 1. Info Leak - PIL error messages expose memory addresses, bypassing ASLR 2. Heap Overflow - JPEG2000 decoder in OpenCV/FFmpeg has a heap overflow that lets us hijack code execution Result: Send a malicious video URL to...

9.8CVSS7.4AI score0.03816EPSS
Exploits0References8
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-311 ChromaDB Python project has a pre-authentication code injection vulnerability

A pre-authentication, code injection vulnerability in version 1.0.0 or later of the ChromaDB Python project allows an unauthenticated attacker to run arbitrary code on the server by sending a malicious model repository and trustremotecode set to true in...

10CVSS6.1AI score0.12387EPSS
Exploits2References6
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-283 ArchiveBox Vulnerable to RCE via unvalidated per-crawl config overrides in AddView

The /add/ endpoint AddView in core/views.py accepts a config JSON field that gets merged into the crawl config without validation. This config is exported as environment variables when archive plugins run, allowing injection of arbitrary tool arguments to achieve RCE. When PUBLICADDVIEW=True comm...

9.8CVSS6.4AI score0.00404EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/06/26 7:26 p.m.22 views

CVE-2026-46386 OpenProject: Pre-authentication RCE in openproject/openproject Docker image via default `SECRET_KEY_BASE=OVERWRITE_ME` and `cookies_serializer = :marshal`

OpenProject is open-source, web-based project management software. Prior to , the official openproject/openproject Docker image ships ENV SECRETKEYBASE=OVERWRITEME as the default Rails master key. Combined with cookiesserializer = :marshal, this gives any logged-in user a deterministic...

9.9CVSS0.00272EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 1:16 p.m.8 views

CVE-2026-57915

It is possible to bypass the Kerberos pre-authentication check in Apache Kerby by sending a PA-DATA with an unrecognized or unsupported type. Users are recommended to upgrade to version 2.1.2, which fixes this issue...

7.3CVSS0.00321EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/26 12:9 p.m.29 views

CVE-2026-57915 Apache Kerby: Kerberos Pre-Authentication Bypass

It is possible to bypass the Kerberos pre-authentication check in Apache Kerby by sending a PA-DATA with an unrecognized or unsupported type. Users are recommended to upgrade to version 2.1.2, which fixes this issue...

0.00321EPSS
Exploits0References1
OSV
OSV
added 2026/06/26 8:43 a.m.5 views

BIT-GRAFANA-2026-42127 Grafana pre-auth DoS through arbitrarily large input to public dashboard query handler

The public dashboard query endpoint does not limit request body size before processing, allowing unauthenticated attackers to trigger excessive memory allocation by sending arbitrarily large JSON payloads. This can lead to denial of service through memory exhaustion. No valid dashboard access tok...

7.5CVSS5.8AI score0.00432EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.13 views

PT-2026-52698

Name of the Vulnerable Software and Affected Versions Apache Kerby versions prior to 2.1.2 Description An issue exists where the Kerberos pre-authentication check can be bypassed by sending a PA-DATA containing an unrecognized or unsupported type. Recommendations Upgrade to version 2.1.2...

7.3CVSS5.8AI score0.00321EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.15 views

IBM DB2 Multiple Vulnerabilities (7277424, 7277423, 7277417) (Windows)

According to its self-reported version number, IBM Db2 is affected by multiple vulnerabilities: - IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server could disclose sensitive information to an authenticated user from the monitoring and event tables. CVE-2025-36372 - IBM Db2 is...

9.8CVSS6.5AI score0.0086EPSS
Exploits0References6
NVD
NVD
added 2026/06/25 7:16 p.m.11 views

CVE-2026-54088

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.6, the Hook Authentication feature in File Browser allows administrators to delegate login verification to an external shell command. User-supplie...

9.3CVSS0.00533EPSS
Exploits0References1
OSV
OSV
added 2026/06/25 6:26 p.m.4 views

GO-2026-5149 Traefik: Pre-authentication decision bypass due to forwarded alias spoofing in github.com/traefik/traefik

Traefik: Pre-authentication decision bypass due to forwarded alias spoofing in github.com/traefik/traefik...

10CVSS5.8AI score0.00479EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/06/25 5:49 p.m.32 views

CVE-2026-54088 File Browser: Command Injection via Authentication Hook Shell Substitution (Pre-Authentication RCE)

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.6, the Hook Authentication feature in File Browser allows administrators to delegate login verification to an external shell command. User-supplie...

9.3CVSS0.00533EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/25 5:49 p.m.5 views

CVE-2026-54088

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.6, the Hook Authentication feature in File Browser allows administrators to delegate login verification to an external shell command. User-supplie...

9.3CVSS6.3AI score0.00533EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/25 5:49 p.m.22 views

CVE-2026-54088

File Browser (web UI) before version 2.63.6 is affected by a pre-authentication RCE. The Hook Authentication feature interpolates user-supplied credentials into a shell command using os.Expand without sanitization, enabling unauthenticated remote attackers to inject shell metacharacters in the lo...

9.3CVSS6.3AI score0.00533EPSS
Exploits0References1
Nuclei
Nuclei
added 2026/06/25 1:31 a.m.41 views

SonicWall SRA 4600 VPN - SQL Injection

The SonicWall SRA 4600 VPN appliance is susceptible to a pre-authentication SQL injection vulnerability. id: CVE-2019-7481 info: name: SonicWall SRA 4600 VPN - SQL Injection author: darrenmartyn severity: high description: The SonicWall SRA 4600 VPN appliance is susceptible to a pre-authenticatio...

7.5CVSS7.4AI score0.99906EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.13 views

PT-2026-52536

Name of the Vulnerable Software and Affected Versions File Browser versions prior to 2.63.6 Description The Hook Authentication feature allows administrators to delegate login verification to an external shell command. User-supplied credentials, specifically the username and password variables, a...

9.3CVSS6.5AI score0.00533EPSS
Exploits0References6
NVD
NVD
added 2026/06/24 11:16 p.m.10 views

CVE-2026-39955

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have pre-authentication SQL Injection via unanchored FILTERVALIDATEREGEXP in graphview.php. This issue has been fixed in version 1.2.31...

9.8CVSS0.00315EPSS
Exploits0References2
OSV
OSV
added 2026/06/24 11:16 p.m.2 views

DEBIAN-CVE-2026-39955

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have pre-authentication SQL Injection via unanchored FILTERVALIDATEREGEXP in graphview.php. This issue has been fixed in version 1.2.31...

9.8CVSS5.9AI score0.00315EPSS
Exploits0References1
Rows per page
Query Builder