Lucene search
K

67 matches found

Snyk
Snyk
added 2026/06/08 11:2 p.m.8 views

Allocation of Resources Without Limits or Throttling

Overview io.netty:netty-codec-http2 is a HTTP2 sub package for the netty library, an event-driven asynchronous network application framework. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the lack of enforcement of the advertised...

6.9CVSS5.5AI score0.00292EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/01 8:30 a.m.8 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses brace-expansion-1.1.12.tgz, brace-expansion-5.0.4.tgz which is vulnerable to CVE-2026-33750

Summary IBM Maximo Application Suite - Visual Inspection component uses brace-expansion-1.1.12.tgz, brace-expansion-5.0.4.tgz which is vulnerable to CVE-2026-33750, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-33750...

7.5CVSS5.9AI score0.0043EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/29 9:1 a.m.34 views

Security Bulletin: IBM Maximo Application Suite - Predict Component uses jackson-core-2.18.2.jar which is vulnerable to WS-2026-0003

Summary Security Bulletin: IBM Maximo Application Suite - Predict Component uses jackson-core-2.18.2.jar which is vulnerable to WS-2026-0003. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details ID:WS-2026-0003 DESCRIPTION: The non-blocking async...

5.8AI score
Exploits0Affected Software1
Snyk
Snyk
added 2026/05/28 5:44 p.m.6 views

External Control of File Name or Path

Overview compliance-trestle is a Tools to manage & autogenerate python objects representing the OSCAL layers/models Affected versions of this package are vulnerable to External Control of File Name or Path via the -o/--output argument in the trestle author jinja. An attacker can overwrite arbitra...

8.6CVSS5.8AI score0.0005EPSS
Exploits0References4
Snyk
Snyk
added 2026/05/26 11:38 p.m.13 views

Incorrect Behavior Order: Validate Before Canonicalize

Overview @fedify/fedify is an An ActivityPub server framework Affected versions of this package are vulnerable to Incorrect Behavior Order: Validate Before Canonicalize through manipulation of JSON-LD document structure using keywords such as @graph, @included, and @reverse. An attacker can alter...

8.3CVSS5.9AI score0.00171EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/05/14 5:36 a.m.8 views

CVE-2026-1338

Removed by vendor...

4.3CVSS5.8AI score0.0019EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/05/14 5:34 a.m.13 views

CVE-2026-6063

GitLab has remediated an issue in GitLab EE affecting all versions from 11.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that under certain conditions could have allowed an authenticated user with developer-role permissions to remove code owner approval rules from merge request...

4.3CVSS5.9AI score0.0019EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2026/05/13 7:28 p.m.3 views

Use of a Non-reentrant Function in a Concurrent Context

Overview Affected versions of this package are vulnerable to Use of a Non-reentrant Function in a Concurrent Context via a race condition in the Grafana Live process. An attacker can cause the server to crash and become unavailable by sending concurrent requests as an authenticated user with View...

7.1CVSS6.6AI score0.00262EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/05 12:47 p.m.13 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses tar-7.5.7.tgz, tar-7.5.9.tgz which is vulnerable to CVE-2026-29786

Summary IBM Maximo Application Suite - Visual Inspection component uses tar-7.5.7.tgz, tar-7.5.9.tgz which is vulnerable to CVE-2026-29786, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-29786 DESCRIPTION: node-tar is a...

8.6CVSS6.3AI score0.00408EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/05 10:43 a.m.11 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses google.golang.org/protobuf-v1.30.0, google.golang.org/protobuf-v1.31.0 which is vulnerable to CVE-2024-24786

Summary IBM Maximo Application Suite - Visual Inspection component uses google.golang.org/protobuf-v1.30.0, google.golang.org/protobuf-v1.31.0 which is vulnerable to CVE-2024-24786, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details...

7.5CVSS6.8AI score0.01262EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/05 9:38 a.m.8 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses axios-1.12.1.tgz which is vulnerable to CVE-2026-25639

Summary IBM Maximo Application Suite - Visual Inspection component uses axios-1.12.1.tgz which is vulnerable to CVE-2026-25639, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-25639 DESCRIPTION: Axios is a promise based HTTP...

7.5CVSS7.4AI score0.02591EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/05 8:36 a.m.9 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses ajv-6.12.6.tgz which is vulnerable to CVE-2025-69873

Summary IBM Maximo Application Suite - Visual Inspection component uses ajv-6.12.6.tgz which is vulnerable to CVE-2025-69873, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2025-69873 DESCRIPTION: ajv Another JSON Schema Validat...

7.5CVSS7.3AI score0.00492EPSS
Exploits1Affected Software1
Snyk
Snyk
added 2026/05/04 5:20 p.m.10 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization when handling HTTP request paths that have had normalizedPath applied. An attacker can gain unauthorized access to protected resources by appending a semicolon and arbitrary text to the request URL, exploiting...

8.8CVSS6AI score0.00444EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/04 6:53 a.m.7 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty could provide weaker than expected security which is vulnerable to CVE-2025-14923.

Summary Security Bulletin: IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty could provide weaker than expected security which is vulnerable to CVE-2025-14923. This bulletin contains information addressing the vulnerability. Vulnerability Details...

9.8CVSS5.8AI score0.00173EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/04 6:52 a.m.6 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses flatted-3.3.1.tgz, flatted-3.3.2.tgz which is vulnerable to CVE-2026-32141.

Summary IBM Maximo Application Suite - Monitor Component uses flatted-3.3.1.tgz, flatted-3.3.2.tgz which is vulnerable to CVE-2026-32141. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-32141 DESCRIPTION: flatted is a circular JSON parser. Pri...

7.5CVSS7.2AI score0.00777EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/01 2:54 p.m.10 views

Security Bulletin: IBM Maximo Application Suite - Predict Component uses cryptography-46.0.6-cp311-abi3-manylinux_2_34_x86_64.whl which is vulnerable to CVE-2026-39892

Summary Security Bulletin: IBM Maximo Application Suite - Predict Component uses cryptography-46.0.6-cp311-abi3-manylinux234x8664.whl which is vulnerable to CVE-2026-39892. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2026-39892...

9.8CVSS5.9AI score0.00652EPSS
Exploits0Affected Software1
Snyk
Snyk
added 2026/04/27 10:15 a.m.4 views

Improper Handling of Case Sensitivity

Overview Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity due to a flaw in the default filtering mechanism HeaderFilterStrategy that only blocks headers starting with specific prefixes. An attacker can execute arbitrary code and write files by injecting...

9.9CVSS6.2AI score0.0086EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/22 4:29 p.m.28 views

CVE-2026-4922 Cross-Site Request Forgery (CSRF) in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.0 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed an unauthenticated user to execute GraphQL mutations on behalf of authenticated users due to insufficient CSRF protection...

8.1CVSS0.00178EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/04/13 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-1516

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab EE affecting all versions from 18.0.0 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that in Code Quality...

5.7CVSS5.9AI score0.00428EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/08 10:27 p.m.4 views

CVE-2025-9484 Missing Authorization in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 16.6 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that under certain circumstances could have allowed an authenticated user to have access to other users' email addresses via certain GraphQL queries...

4.3CVSS5.9AI score0.00264EPSS
Exploits0References3
Rows per page
Query Builder