Lucene search
K

1619 matches found

Vulnrichment
Vulnrichment
added 2026/02/09 10:26 p.m.2 views

CVE-2026-25893 FUXA Unauthenticated Remote Code Execution via Admin JWT Minting

FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. Prior to 1.2.10, an authentication bypass vulnerability in FUXA allows an unauthenticated, remote attacker to gain administrative access via the heartbeat refresh API and execute arbitrary code on the server. This issue has...

10CVSS6.2AI score0.00677EPSS
Exploits0References2
CVE
CVE
added 2026/02/09 10:26 p.m.22 views

CVE-2026-25893

CVE-2026-25893 affects FUXA, a web-based Process Visualization (SCADA/HMI/Dashboard) platform. The issue is an authentication bypass via the heartbeat refresh API that lets an unauthenticated, remote attacker gain administrative access and potentially execute arbitrary code on the server. This vu...

10CVSS6.2AI score0.00677EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/02/09 10:26 p.m.30 views

CVE-2026-25893 FUXA Unauthenticated Remote Code Execution via Admin JWT Minting

FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. Prior to 1.2.10, an authentication bypass vulnerability in FUXA allows an unauthenticated, remote attacker to gain administrative access via the heartbeat refresh API and execute arbitrary code on the server. This issue has...

10CVSS0.00677EPSS
Exploits0References2
SUSE Linux
SUSE Linux
added 2026/02/05 2:23 p.m.7 views

Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following issues: Security fixes: - CVE-2026-21925: Fixed Oracle Java SE component RMI bsc1257034 - CVE-2026-21932: Fixed Oracle Java SE component AWT and JavaFX bsc1257036 - CVE-2026-21933: Fixed Oracle Java SE component Networking bsc1257037 -...

7.5CVSS5.4AI score0.00864EPSS
Exploits1References18
OSV
OSV
added 2026/02/05 2:23 p.m.5 views

SUSE-SU-2026:0390-1 Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following issues: Security fixes: - CVE-2026-21925: Fixed Oracle Java SE component RMI bsc1257034 - CVE-2026-21932: Fixed Oracle Java SE component AWT and JavaFX bsc1257036 - CVE-2026-21933: Fixed Oracle Java SE component Networking bsc1257037 -...

7.5CVSS5.8AI score0.00864EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2026/02/05 12:0 a.m.9 views

PT-2026-7184

Name of the Vulnerable Software and Affected Versions FUXA versions prior to 1.2.10 Description FUXA is a web-based Process Visualization software. A flaw exists that allows a remote, unauthenticated attacker to gain administrative access and execute arbitrary code on the server. This is possible...

10CVSS6.1AI score0.00677EPSS
Exploits0References9
SUSE Linux
SUSE Linux
added 2026/02/04 12:46 p.m.6 views

Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following issues: Security fixes: - CVE-2026-21925: Fixed Oracle Java SE component RMI bsc1257034 - CVE-2026-21932: Fixed Oracle Java SE component AWT and JavaFX bsc1257036 - CVE-2026-21933: Fixed Oracle Java SE component Networking bsc1257037 -...

7.5CVSS5.8AI score0.00864EPSS
Exploits1References18
Tenable Nessus
Tenable Nessus
added 2026/02/03 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-1035

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the Keycloak server during refresh token processing, specifically in the TokenManager class responsible for enforcing refresh token reuse...

3.1CVSS5.3AI score0.00282EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/01/31 7:39 p.m.143 views

capstone-poc

Capstone Proof of Concept 1. Create the UI using the run fu...

5.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/29 3:26 a.m.10 views

CVE-2026-24748

Kargo manages and automates the promotion of software artifacts. Prior to versions 1.8.7, 1.7.7, and 1.6.3, a bug was found with authentication checks on the GetConfig API endpoint. This allowed unauthenticated users to access this endpoint by specifying an Authorization header with any non-empty...

7.2CVSS5.8AI score0.00342EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/01/28 12:25 a.m.3 views

SUSE CVE-2026-21720

Every uncached /avatar/:hash request spawns a goroutine that refreshes the Gravatar image. If the refresh sits in the 10-slot worker queue longer than three seconds, the handler times out and stops listening for the result, so that goroutine blocks forever trying to send on an unbuffered channel...

7.5CVSS5.9AI score0.00618EPSS
Exploits0References6
Snyk
Snyk
added 2026/01/27 10:15 p.m.1 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the GetConfig and RefreshResource API endpoints. An attacker can access sensitive configuration data or trigger excessive reconciliations by sending requests with any non-empty Bearer token in the Authorizati...

7.2CVSS5.9AI score0.00342EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/27 9:23 p.m.24 views

CVE-2026-24748 Kargo's `GetConfig()` and `RefreshResource()` API endpoints allow unauthenticated access

Kargo manages and automates the promotion of software artifacts. Prior to versions 1.8.7, 1.7.7, and 1.6.3, a bug was found with authentication checks on the GetConfig API endpoint. This allowed unauthenticated users to access this endpoint by specifying an Authorization header with any non-empty...

6.9CVSS0.00342EPSS
Exploits0References4
OSV
OSV
added 2026/01/27 9:15 a.m.3 views

CVE-2026-21720

Every uncached /avatar/:hash request spawns a goroutine that refreshes the Gravatar image. If the refresh sits in the 10-slot worker queue longer than three seconds, the handler times out and stops listening for the result, so that goroutine blocks forever trying to send on an unbuffered channel...

7.5CVSS5.5AI score0.00618EPSS
Exploits0References1
NVD
NVD
added 2026/01/27 9:15 a.m.10 views

CVE-2026-21720

Every uncached /avatar/:hash request spawns a goroutine that refreshes the Gravatar image. If the refresh sits in the 10-slot worker queue longer than three seconds, the handler times out and stops listening for the result, so that goroutine blocks forever trying to send on an unbuffered channel...

7.5CVSS0.00618EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/01/27 9:15 a.m.9 views

CVE-2026-21720

Every uncached /avatar/:hash request spawns a goroutine that refreshes the Gravatar image. If the refresh sits in the 10-slot worker queue longer than three seconds, the handler times out and stops listening for the result, so that goroutine blocks forever trying to send on an unbuffered channel...

7.5CVSS6.7AI score0.00618EPSS
Exploits0References2
OSV
OSV
added 2026/01/27 9:15 a.m.2 views

UBUNTU-CVE-2026-21720

Every uncached /avatar/:hash request spawns a goroutine that refreshes the Gravatar image. If the refresh sits in the 10-slot worker queue longer than three seconds, the handler times out and stops listening for the result, so that goroutine blocks forever trying to send on an unbuffered channel...

7.5CVSS6AI score0.00618EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/27 9:7 a.m.7 views

CVE-2026-21720

Every uncached /avatar/:hash request spawns a goroutine that refreshes the Gravatar image. If the refresh sits in the 10-slot worker queue longer than three seconds, the handler times out and stops listening for the result, so that goroutine blocks forever trying to send on an unbuffered channel...

7.5CVSS5.9AI score0.00618EPSS
Exploits0References2Affected Software2
AlpineLinux
AlpineLinux
added 2026/01/27 9:7 a.m.5 views

CVE-2026-21720

Every uncached /avatar/:hash request spawns a goroutine that refreshes the Gravatar image. If the refresh sits in the 10-slot worker queue longer than three seconds, the handler times out and stops listening for the result, so that goroutine blocks forever trying to send on an unbuffered channel...

7.5CVSS5.5AI score0.00618EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/27 12:0 a.m.5 views

PT-2026-4877

Name of the Vulnerable Software and Affected Versions Grafana affected versions not specified Description The software can crash due to a memory exhaustion issue triggered by uncached requests to the /avatar/:hash endpoint. Each request spawns a goroutine to refresh the Gravatar image. If this...

7.8CVSS5.4AI score0.00618EPSS
Exploits0References85
Rows per page
Query Builder