Lucene search
K

543 matches found

Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.5 views

PT-2026-28739

The '/logs' and '/logs-stream' endpoints in the log router allow any authenticated user to read the full application log buffer. These endpoints only require basic authentication 'get current active user' without any privilege checks e.g., 'is superuser'...

6.5CVSS5.9AI score0.00244EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.10 views

Langflow 安全漏洞

Langflow is an open-source visualization framework developed by Langflow for building multi-agent and RAG applications. Langflow has a security vulnerability, which stems from endpoints/logs and/logs-stream in the logging router requiring only basic authentication without privilege checks. This...

6.5CVSS5.8AI score0.00244EPSS
Exploits0References1
NVD
NVD
added 2026/03/26 3:16 p.m.11 views

CVE-2026-23995

EVerest is an EV charging software stack. Prior to version 2026.02.0, stack-based buffer overflow in CAN interface initialization: passing an interface name longer than IFNAMSIZ 16 to CAN open routines overflows ifreq.ifrname, corrupting adjacent stack data and enabling potential code execution. ...

8.4CVSS0.00211EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/26 2:36 p.m.4 views

EUVD-2026-16199

EVerest is an EV charging software stack. Prior to version 2026.02.0, stack-based buffer overflow in CAN interface initialization: passing an interface name longer than IFNAMSIZ 16 to CAN open routines overflows ifreq.ifrname, corrupting adjacent stack data and enabling potential code execution. ...

8.4CVSS6.3AI score0.00211EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.4 views

PT-2026-28335

Name of the Vulnerable Software and Affected Versions EVerest versions prior to 2026.02.0 Description EVerest is an EV charging software stack. A stack-based buffer overflow exists in the CAN interface initialization process. This occurs when an interface name exceeding IFNAMSIZ 16 characters is...

8.4CVSS6.2AI score0.00211EPSS
Exploits1References4
OSV
OSV
added 2026/03/18 8:31 a.m.4 views

OPENSUSE-SU-2026:20131-1 Security update for postgresql17 and postgresql18

This update for postgresql17 and postgresql18 fixes the following issues: Changes in postgresql17, postgresql18: Update to 17.7: https://www.postgresql.org/about/news/p-3171/ https://www.postgresql.org/docs/release/17.7/ bsc1253332, CVE-2025-12817: Missing check for CREATE privileges on the schem...

5.9CVSS6.1AI score0.00332EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/09 12:31 p.m.3 views

EUVD-2025-208408

By default, jailed processes cannot mount filesystems, including nullfs4. However, the allow.mount.nullfs option enables mounting nullfs filesystems, subject to privilege checks. If a privileged user within a jail is able to nullfs-mount directories, a limitation of the kernel's path lookup logic...

5.8AI score0.00112EPSS
Exploits0References2
NVD
NVD
added 2026/03/09 12:16 p.m.5 views

CVE-2025-15547

By default, jailed processes cannot mount filesystems, including nullfs4. However, the allow.mount.nullfs option enables mounting nullfs filesystems, subject to privilege checks. If a privileged user within a jail is able to nullfs-mount directories, a limitation of the kernel's path lookup logic...

8.8CVSS0.00112EPSS
Exploits0References1
CNVD
CNVD
added 2026/03/06 12:0 a.m.6 views

Google Android Information Disclosure Vulnerability (CNVD-2026-18787)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability that stems from a lack of privilege checking, which can be exploited by attackers to obtain sensitive information...

6.2CVSS5.7AI score0.00103EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/04 1:56 a.m.7 views

CVE-2025-47385

Memory Corruption when accessing trusted execution environment without proper privilege check...

7.8CVSS6.1AI score0.00069EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/02 4:53 p.m.1 views

CVE-2025-47385

Memory Corruption when accessing trusted execution environment without proper privilege check...

7.8CVSS6.1AI score0.00069EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/02 12:0 a.m.7 views

PT-2026-22648

Name of the Vulnerable Software and Affected Versions versions prior to 2.3 Description A memory corruption issue exists when accessing the trusted execution environment without a proper privilege check. This can lead to potential system compromise. There is no information about the number of...

7.8CVSS6.1AI score0.00069EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/03/02 12:0 a.m.6 views

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability that stems from a lack of privilege checking, which can be exploited by attackers to obtain sensitive information...

6.2CVSS5.7AI score0.00103EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2026/02/04 12:0 a.m.156 views

📄 Microsoft Windows 11 Build 10.0.27898.1000 Advanced Admin Protection Bypass

This enhanced proof of concept demonstrates an advanced method for bypassing Windows Administrator Protection by manipulating registry hives using both WinAPI and NTAPI. The code implements safe smart‑pointer wrappers for handles, secure SID management, deep registry enumeration, privilege checks...

5.5AI score
Exploits0
RedHat Linux
RedHat Linux
added 2026/01/13 4:54 p.m.5 views

Moderate: Red Hat Security Advisory: postgresql:13 security update

An update for the postgresql:13 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

5.9CVSS6.3AI score0.00332EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/12/17 12:0 a.m.5 views

Apple Safari和Apple macOS 安全漏洞

Apple Safari and Apple macOS are both products of Apple Inc. Apple Safari is a web browser that is the default browser shipped with the Mac OS X and iOS operating systems. apple macOS is a dedicated operating system developed for Mac computers. A security vulnerability exists in Apple macOS Tahoe...

5.5CVSS6AI score0.00148EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/12/16 12:0 a.m.3 views

WordPress plugin Salient Core 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

4.3CVSS6.7AI score0.00185EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/12/12 12:0 a.m.6 views

SUSE SLED15: libecpg6 / libecpg6-32bit / libpq5 / libpq5-32bit / postgresql / etc (SUSE-SU-2025:4363-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4363-1 advisory. Changes in postgresql18: - Fix build with uring for post SLE15 code streams. Update to 18.1:...

5.9CVSS7AI score0.00332EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/12/10 12:0 a.m.4 views

Jenkins 安全漏洞

Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project. A security vulnerability exists in Jenkins 2.540 and earlier and LTS 2.528.2 and earlier, which stems from a lack of...

4.3CVSS6.6AI score0.00216EPSS
Exploits0References2
CNVD
CNVD
added 2025/11/27 12:0 a.m.2 views

WordPress Autochat Automatic Conversation plugin unauthorized data modification vulnerability

WordPress Autochat Automatic Conversation plugin is an automated chat plugin designed for WordPress, which is mainly used to automate the communication between website visitors and merchants. WordPress Autochat Automatic Conversation plugin suffers from an unauthorized data modification...

5.3CVSS7.1AI score0.00239EPSS
Exploits0References1
Rows per page
Query Builder