Lucene search
+L

1708 matches found

cnnvd
cnnvd
added 2026/06/01 12:0 a.m.12 views

Red Hat OpenShift Container Platform 安全漏洞

Red Hat OpenShift Container Platform is a platform developed by Red Hat Corporation that helps enterprises develop, deploy, and manage container-based applications across physical, virtual, and public cloud infrastructures. There is a security vulnerability in Red Hat OpenShift Container Platform...

5CVSS5.4AI score0.0023EPSS
Exploits0References2
redhatcve
redhatcve
added 2026/05/29 8:13 p.m.17 views

CVE-2026-44797

Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, Nautobot's Webhook data model and associated feature set could be configured by users with sufficient access to perform requests to various hosts and IP addresses that should not be permitted, allowi...

8.5CVSS5.8AI score0.00235EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/05/29 12:0 a.m.18 views

PT-2026-44965

Name of the Vulnerable Software and Affected Versions JetBrains YouTrack versions prior to 2026.1.13570 Description Improper access control allows low-privileged users to modify service accounts. Recommendations Update to version 2026.1.13570...

6.5CVSS5.8AI score0.00213EPSS
Exploits0References4
nvd
nvd
added 2026/05/28 9:16 p.m.14 views

CVE-2026-42398

Server-Side Request Forgery CWE-918 in Kibana allows authenticated users with connector management privileges to bypass the operator-configured connection allowlist. By configuring a Webhook connector with a crafted target, an attacker can cause Kibana to issue outbound requests to destinations...

7.7CVSS0.003EPSS
Exploits0References1
cvelist
cvelist
added 2026/05/28 8:27 p.m.29 views

CVE-2026-44655 MantisBT: Stored XSS on Move Attachments Admin Page

Mantis Bug Tracker MantisBT is an open source issue tracker. From 1.3.0 to 2.28.1, unescaped Project Name allows an attacker that can set it which typically requires manager or administrator access level to inject HTML in Move Attachments admin page. This vulnerability is fixed in 2.28.2...

8.6CVSS0.00298EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/05/28 4:59 p.m.16 views

CVE-2026-44797

Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, Nautobot's Webhook data model and associated feature set could be configured by users with sufficient access to perform requests to various hosts and IP addresses that should not be permitted, allowi...

8.5CVSS5.8AI score0.00235EPSS
Exploits0References6Affected Software1
euvd
euvd
added 2026/05/28 4:59 p.m.18 views

EUVD-2026-32974

Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, Nautobot's Webhook data model and associated feature set could be configured by users with sufficient access to perform requests to various hosts and IP addresses that should not be permitted, allowi...

8.5CVSS5.8AI score0.00235EPSS
Exploits0References5
euvd
euvd
added 2026/05/28 4:1 a.m.11 views

EUVD-2026-32715

Insufficient character filtering in backup agent signing module on Comet Backup server allows authenticated tenant administrator to execute an arbitrary code on behalf of a privileged user on the affected server and connected devices...

9CVSS6.2AI score0.00313EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/28 12:0 a.m.14 views

WebPros Comet Backup 安全漏洞

WebPros Comet Backup is a data backup and recovery platform developed by the Swiss company WebPros. There is a security vulnerability in WebPros Comet Backup, which stems from insufficient character filtering in the backup proxy signature module. This vulnerability may allow authenticated tenant...

9CVSS6.2AI score0.00313EPSS
Exploits0References1
osv
osv
added 2026/05/27 8:47 a.m.16 views

BIT-JOOMLA-2026-48900 Joomla! Core - [20260516] - Incorrect Access Control in com_scheduler

An improper access check allowed low privileged users to edit the task types of existing scheduler tasks...

6.4CVSS5.8AI score0.00154EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/05/27 12:0 a.m.12 views

IBM QRadar 安全漏洞

IBM QRadar is a security information and event management platform developed by the American multinational company IBM. There are security vulnerabilities in the version of IBM QRadar 7.5.0 up to 7.5.0 UP15 Interim Fix 002. These vulnerabilities stem from privileged users uploading malicious back...

7.2CVSS5.7AI score0.00463EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/27 12:0 a.m.11 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel. This vulnerability stems from the nfosfmatchone function, which calculates ctx-window % f-wss.val in the OSFWSSMODULO...

5.8AI score0.00114EPSS
Exploits0References5
cvelist
cvelist
added 2026/05/26 5:43 p.m.34 views

CVE-2026-44669 Faction: Stored XSS in Assessment Attachment Filename Preview Rendering

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, Faction is vulnerable to stored cross-site scripting XSS via attachment filenames in assessment file preview flows. User-supplied filename values are persisted and later rendered into HTML/attribute contexts...

8.7CVSS0.00211EPSS
Exploits0References2
nvd
nvd
added 2026/05/26 5:16 p.m.26 views

CVE-2026-48900

An improper access check allowed low privileged users to edit the task types of existing scheduler tasks...

6.4CVSS0.00154EPSS
Exploits0References1
osv
osv
added 2026/05/26 5:16 p.m.1 views

CVE-2026-48900

An improper access check allowed low privileged users to edit the task types of existing scheduler tasks...

4.3CVSS6AI score
Exploits0References1
vulnrichment
vulnrichment
added 2026/05/26 5:10 p.m.11 views

CVE-2026-8834 IBM HTTP Server is affected by multiple vulnerabilities

IBM HTTP Server 8.5, and 9.0 contains a buffer overflow vulnerability. A privileged user, authenticated to the Administration Server, could exploit this vulnerability to execute remote code or cause a denial of service...

8CVSS6.4AI score0.0026EPSS
Exploits0References1
cve
cve
added 2026/05/26 4:43 p.m.35 views

CVE-2026-48900

CVE-2026-48900 affects Joomla! Core (com_scheduler). An improper access check allows low-privileged users to edit the task types of existing scheduler tasks, indicating a privilege-escalation in the scheduler component. The CVE details indicate a CVSS v4 score of 6.4 (MEDIUM) with network attack ...

6.4CVSS5.8AI score0.00154EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2026/05/26 4:43 p.m.40 views

CVE-2026-48900 Joomla! Core - [20260516] - Incorrect Access Control in com_scheduler

An improper access check allowed low privileged users to edit the task types of existing scheduler tasks...

6.4CVSS0.00154EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/05/26 4:43 p.m.10 views

CVE-2026-48900 Joomla! Core - [20260516] - Incorrect Access Control in com_scheduler

An improper access check allowed low privileged users to edit the task types of existing scheduler tasks...

6.4CVSS5.8AI score0.00154EPSS
Exploits0References1
euvd
euvd
added 2026/05/26 4:43 p.m.14 views

EUVD-2026-31879

An improper access check allowed low privileged users to edit the task types of existing scheduler tasks...

6.4CVSS5.8AI score0.00154EPSS
Exploits0References1
Rows per page
Query Builder