Lucene search
K

3669 matches found

Adobe
Adobe
added 2026/06/09 12:0 a.m.15 views

APSB26-62 : Security update available for Adobe Dreamweaver

Adobe has released a security update for Adobe Dreamweaver. This update resolves critical and important vulnerabilities that could lead to arbitrary code execution, memory exposure, and arbitrary file system read...

5.8AI score
Exploits0Affected Software1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.16 views

Adobe Dreamweaver Desktop 访问控制错误漏洞

Adobe Dreamweaver Desktop is a web design and development software provided by Adobe, a company based in America. Versions of Adobe Dreamweaver Desktop starting from 21.7 and earlier contain an access control vulnerability. This vulnerability stems from improper access control mechanisms, which m...

8.6CVSS5.4AI score0.00168EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.12 views

389 Directory Server 389-ds-base 缓冲区错误漏洞

389 Directory Server is an open-source implementation of a highly available, fully functional, reliable, and secure LDAP server. There is a security vulnerability in 389 Directory Server, which stems from the ldaputf8prev function reading bytes from the buffer without boundary checks. This leads ...

6.3CVSS6AI score0.00177EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/09 12:0 a.m.7 views

RHEL 9 : kpatch-patch (RHSA-2026:24814)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:24814 advisory. This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel...

7.8CVSS5.6AI score0.03663EPSS
Exploits17References6
RedhatCVE
RedhatCVE
added 2026/06/08 6:58 p.m.11 views

CVE-2026-46302

A flaw was found in the Linux kernel's Security-Enhanced Linux SELinux policy handling. A local attacker could exploit this by opening the /sys/fs/selinux/policy file, which prevents other processes from accessing or reading the kernel's security policy. This could lead to a denial of service DoS...

5.5CVSS5.5AI score0.001EPSS
Exploits0References4
OSV
OSV
added 2026/06/08 12:0 a.m.11 views

ALSA-2026:24381 Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: smb: client: fix OOB reads parsing symlink error response CVE-2026-31613 kernel: Buffer overflow in drivers/xen/sys-hypervisor.c CVE-2026-31786 kernel: Linux kernel: smb: client: reject...

8.1CVSS6.6AI score0.00378EPSS
Exploits4References8
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.11 views

RHEL 9 : kernel (RHSA-2026:24381)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:24381 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: smb: client: fix OOB reads...

8.1CVSS6.5AI score0.00378EPSS
Exploits4References8
RedhatCVE
RedhatCVE
added 2026/06/07 12:43 a.m.13 views

CVE-2026-11414

A hard-coded cryptographic key is used by Altium Enterprise Server to sign file download URLs in the Vault service. Because the key is identical across all installations, an unauthenticated network attacker who can reach the server can forge valid download signatures and retrieve files from the...

10CVSS5.6AI score0.00478EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.20 views

RHEL 9 : kpatch-patch-5_14_0-284_104_1, kpatch-patch-5_14_0-284_117_1, kpatch-patch-5_14_0-284_134_1, kpatch-patch-5_14_0-284_148_1, and kpatch-patch-5_14_0-284_158_1 (RHSA-2026:23469)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:23469 advisory. This is a kernel live patch module which can be loaded by the kpatch command line utility to modify the code of a running kernel. This patc...

7.8CVSS5.6AI score0.03663EPSS
Exploits17References6
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.9 views

CVE-2026-10717

Out of bounds write and reads in openSeaChest’s --showSCSIDefects in Seagate’s openSeaChest v25.05.3 on all supported platforms allows for writing defect information out of bounds for very large defects lists via a very bad drive with lots of defects or a maliciously crafted SCSI device’s defect...

1.8CVSS5.5AI score0.00102EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:43 p.m.9 views

CVE-2026-8560

Heap buffer overflow in SwiftShader in Google Chrome on Mac and iOS prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: Medium...

4.3CVSS5.8AI score0.00251EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:37 p.m.11 views

CVE-2026-41484

OpenTelemetry.Exporter.OneCollector is a .NET exporter that sends telemetry to a OneCollector back-end over HTTP. In versions 1.15.0 and earlier, when a request to the configured back-end or collector results in an unsuccessful HTTP 4xx or 5xx response, the HttpJsonPostTransport class reads the...

5.9CVSS5.5AI score0.00338EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:12 p.m.10 views

CVE-2026-39885

FrontMCP is a TypeScript-first framework for the Model Context Protocol MCP. Prior to 2.3.0, the mcp-from-openapi library uses @apidevtools/json-schema-ref-parser to dereference $ref pointers in OpenAPI specifications without configuring any URL restrictions or custom resolvers. A malicious OpenA...

7.5CVSS5.4AI score0.00319EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:12 p.m.10 views

CVE-2026-44881

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer supports deploying stacks from Git repositories. When a...

9.9CVSS5.6AI score0.00416EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:11 p.m.12 views

CVE-2026-44307

A flaw was found in Mako, a Python template library. A remote attacker could exploit a directory traversal vulnerability by crafting a Uniform Resource Identifier URI with backslash traversal. This bypasses security checks, allowing the attacker to read files outside the intended template...

8.7CVSS5.3AI score0.00609EPSS
Exploits1References7
EUVD
EUVD
added 2026/06/05 7:1 p.m.11 views

EUVD-2026-34899

A hard-coded cryptographic key is used by Altium Enterprise Server to sign file download URLs in the Vault service. Because the key is identical across all installations, an unauthenticated network attacker who can reach the server can forge valid download signatures and retrieve files from the...

10CVSS5.6AI score0.00478EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 6:48 p.m.11 views

CVE-2024-2374

The XML parsers within multiple WSO2 products accept user-supplied XML data without properly configuring to prevent the resolution of external entities. This omission allows malicious actors to craft XML payloads that exploit the parser's behavior, leading to the inclusion of external resources. ...

9.1CVSS5.4AI score0.00377EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/05 6:24 p.m.12 views

CVE-2026-46393 HAXcms createSite SSRF Enables Arbitrary File Read

HAX CMS helps manage microsite universe with PHP or NodeJs backends. An authenticated Server-Side Request Forgery SSRF vulnerability in versions prior to 26.0.0 allows authenticated users to fetch arbitrary internal or local resources and write the responses to a web-accessible directory, enablin...

7.1CVSS5.6AI score0.00238EPSS
Exploits0References1
OSV
OSV
added 2026/06/05 4:16 p.m.6 views

ALPINE-CVE-2026-48101

7-Zip is a file archiver with a high compression ratio. Versions 9.21 through 26.00 contain an An uninitialized memory disclosure vulnerability in the UEFI capsule .scap parser in 7-Zip. The OpenCapsule function allocates a heap buffer of attacker-declared CapsuleImageSize up to 1 GiB without...

6.5CVSS5.4AI score0.00277EPSS
Exploits1References1
OSV
OSV
added 2026/06/05 5:40 a.m.8 views

BIT-AIRFLOW-2026-41014 Apache Airflow: per-DAG RBAC bypass on /ui/partitioned_dag_runs endpoints

The partitioneddagruns endpoints in the Airflow UI enforced only asset-level access control, not per-Dag authorization. An authenticated UI/API user with global Asset:read permission could enumerate partition run state, schedule configuration, and asset wiring for Dags they were not authorized to...

4.3CVSS5.5AI score0.00352EPSS
Exploits0References4
Rows per page
Query Builder