Lucene search
K

104995 matches found

Nuclei
Nuclei
added 2 days ago114 views

Palo Alto Networks PAN-OS Web Interface - Cross Site-Scripting

PAN-OS management web interface is vulnerable to reflected cross-site scripting. A remote attacker able to convince an administrator with an active authenticated session on the firewall management interface to click on a crafted link to that management web interface could potentially execute...

8.8CVSS7.2AI score0.2389EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2 days ago6 views

freerdp: FreeRDP: Arbitrary code execution and denial of service via heap-buffer-overflow

A heap-buffer overflow vulnerability exists in the FreeRDP server's clipboard channel. A remote attacker can exploit this by sending a specially crafted message to the server, which can crash the service Denial of Service or potentially allow the attacker to execute arbitrary code...

8.8CVSS7.5AI score0.03472EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2 days ago4 views

openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing

A flaw was found in OpenSSL. A remote attacker could exploit this vulnerability by sending a specially crafted Cryptographic Message Syntax CMS EnvelopedData message. During the processing of a KeyTransportRecipientInfo with RSA-OAEP encryption, the system attempts to access an optional parameter...

7.5CVSS5.9AI score0.00805EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 2 days ago7 views

perl-HTTP-Daemon: HTTP::Daemon: Arbitrary code execution via OS command injection in send_file()

A flaw was found in HTTP::Daemon, a Perl module used for creating HTTP servers. A remote attacker can exploit this vulnerability by providing specially crafted input to the sendfile function, leading to OS command injection. This allows the attacker to execute arbitrary commands on the system wit...

9.1CVSS6.2AI score0.01452EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2 days ago4 views

CVE-2026-14604

A flaw was found in Open Asset Import Library Assimp. This vulnerability, a double free, exists within the PLY Model Handler component. A remote attacker could exploit this flaw by manipulating PLY model files, leading to a denial of service and making the application unavailable. Mitigation To...

6.5CVSS6AI score0.00233EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2 days ago5 views

Cisco Catalyst Center Arbitrary File Read (cisco-sa-catc-file-read-wLH2vf8X)

The version of Cisco Catalyst Center formerly Cisco DNA Center installed on the remote host is affected by a vulnerability. - A vulnerability in Cisco Catalyst Center could allow an unauthenticated, remote attacker to read arbitrary files from a restricted container. This vulnerability is due to...

7.5CVSS7.3AI score0.00756EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 3 days ago5 views

nodejs: Node.js WebCrypto: Denial of Service via large input to subtle.encrypt()

A flaw was found in the Node.js WebCrypto implementation. A remote attacker could exploit this vulnerability by providing an input to the subtle.encrypt function that is a multiple of 2 gigabytes GiB. This could lead to a denial of service DoS by crashing the Node.js process...

7.5CVSS7AI score0.02806EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 3 days ago6 views

CVE-2026-55487

A flaw was found in pnpm, a package manager. This vulnerability allows a remote attacker to bypass security checks by manipulating how package source strings are processed. By crafting a specially designed source string, an attacker could trick the system into approving and using a malicious...

8.8CVSS6.2AI score0.00118EPSS
Exploits1References4
CVE
CVE
added 3 days ago17 views

CVE-2026-13698

CVE-2026-13698 is a memory-leak issue in OpenVPN related to tls-crypt-v2 client key handling, as noted in Mageia advisory MGASA-2026-0236. The advisory explicitly links this CVE to a memory leak that could contribute to server instability or crashes. Mageia reports the OpenVPN vulnerability along...

7.5CVSS6AI score0.00521EPSS
Exploits0References1Affected Software1
RedHat Linux
RedHat Linux
added 3 days ago6 views

kernel: mptcp: fix slab-use-after-free in __inet_lookup_established

A flaw was found in the Linux kernel's Multipath TCP MPTCP implementation. Due to incorrect memory allocation for IPv6 subflow child sockets, a use-after-free vulnerability exists. A remote attacker could exploit this by triggering concurrent lookups in the kernel's hash table, potentially leadin...

9.8CVSS6.6AI score0.004EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 3 days ago5 views

CVE-2026-41695

A flaw was found in Spring Data Commons. A remote attacker can exploit this vulnerability by providing specially crafted property path strings to the MappingContext property path resolution. This can lead to resource exhaustion, resulting in a denial of service DoS for affected applications...

7.5CVSS5.9AI score0.00363EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 3 days ago5 views

CVE-2026-14620

A flaw was found in webpack-dev-server. This vulnerability allows a remote attacker to exploit exposed internal developer endpoints, /webpack-dev-server/open-editor and /webpack-dev-server/invalidate, through cross-origin requests. By visiting a malicious website while the development server is...

4.7CVSS6AI score0.00116EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 3 days ago6 views

nodejs: Node.js WebCrypto: Denial of Service via large input to subtle.encrypt()

A flaw was found in the Node.js WebCrypto implementation. A remote attacker could exploit this vulnerability by providing an input to the subtle.encrypt function that is a multiple of 2 gigabytes GiB. This could lead to a denial of service DoS by crashing the Node.js process...

7.5CVSS5.9AI score0.02806EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 3 days ago11 views

Node.js: Node.js: Trust-policy bypass due to hostname matching inconsistency

A flaw was found in Node.js. An inconsistency in how Node.js matches hostnames can be exploited by a remote attacker in multi-context mTLS mutual Transport Layer Security setups. This vulnerability allows for a trust-policy bypass, potentially leading to unauthorized access to sensitive informati...

5.4CVSS6AI score0.00256EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 3 days ago6 views

python-pyjwt: PyJWT: Authentication bypass due to forged JSON Web Tokens

A flaw was found in PyJWT, a Python library for JSON Web Token JWT implementation. When decoding JWTs, the library fails to validate the use of JSON Web Keys JWK in the HMAC algorithm while also supporting asymmetric algorithms. This allows a remote attacker to use the issuer's public key as the...

7.4CVSS5.9AI score0.00394EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 3 days ago3 views

kernel: mptcp: fix slab-use-after-free in __inet_lookup_established

A flaw was found in the Linux kernel's Multipath TCP MPTCP implementation. Due to incorrect memory allocation for IPv6 subflow child sockets, a use-after-free vulnerability exists. A remote attacker could exploit this by triggering concurrent lookups in the kernel's hash table, potentially leadin...

9.8CVSS6.2AI score0.004EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 3 days ago6 views

Node.js: Node.js: Trust-policy bypass due to hostname matching inconsistency

A flaw was found in Node.js. An inconsistency in how Node.js matches hostnames can be exploited by a remote attacker in multi-context mTLS mutual Transport Layer Security setups. This vulnerability allows for a trust-policy bypass, potentially leading to unauthorized access to sensitive informati...

5.4CVSS6.3AI score0.00256EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 3 days ago4 views

ruby/net-imap: ruby: Net::IMAP: IMAP Command Injection via Symbol Arguments

A flaw was found in Net::IMAP, a Ruby library that provides Internet Message Access Protocol IMAP client functionality. This vulnerability allows a remote attacker to inject arbitrary IMAP commands. This is achieved by passing specially crafted symbol arguments to IMAP commands. Successful...

7.1CVSS6AI score0.00813EPSS
Exploits0References8
BDU FSTEC
BDU FSTEC
added 3 days ago3 views

The vulnerability of the ipv6_rpl_srh_rcv function in the RFC 6554 Source Routing Header Handler component of the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the ipv6rplsrhrcv function in the RFC 6554 Source Routing Header Handler component of the Linux operating system is related to the execution of operations outside the buffer boundaries in memory. Exploitation of this vulnerability could allow a remote attacker to compromise t...

10CVSS6.3AI score0.00475EPSS
Exploits0References11Affected Software4
IBM Security Bulletins
IBM Security Bulletins
added 6 days ago4 views

Security Bulletin: IBM Cloud Pak System is vulnerable to HTML injection[CVE-2023-38007].

Summary IBM Cloud Pak System is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. Vulnerability was addressed in IBM Cloud Pak System. Vulnerability...

5.4CVSS6.2AI score0.00212EPSS
Exploits0Affected Software2
Rows per page
Query Builder