Lucene search
K

2330 matches found

RedHat Linux
RedHat Linux
added 5 hours ago6 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.17.55 packages and security update

Red Hat OpenShift Container Platform release 4.17.55 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.17. Red Hat Product Security has rated this update as having a...

9.1CVSS6.9AI score0.01557EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added yesterday3 views

micrometer: micrometer-core: Micrometer: Denial of Service via specially crafted gRPC requests

A flaw was found in Micrometer. A remote attacker can provide specially crafted gRPC gRPC Remote Procedure Call requests, which may lead to a denial-of-service DoS condition. This vulnerability allows an attacker to disrupt the availability of the affected system...

7.5CVSS6AI score0.00474EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 3 days ago5 views

CVE-2026-59712 Leantime - Credential Disclosure via Unauthenticated JSON-RPC users.getUser Method

Leantime's Users::getUser method in the JSON-RPC API lacks proper authorization checks, allowing authenticated users to retrieve full user credential rows including password hashes, TOTP secrets, and session tokens. Attackers can exploit this by calling users.getUser with arbitrary user IDs to...

8.6CVSS6AI score0.0025EPSS
Exploits0References4
NVD
NVD
added 3 days ago5 views

CVE-2026-24013

Authentication Bypass by Spoofing vulnerability in Apache IoTDB. Certain Thrift RPC query handlers lack strict validation of the sessionId parameter. An attacker can construct requests with a forged sessionId and, without performing openSession authentication, receive valid query results. This...

9.1CVSS0.00471EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 6 days ago9 views

PT-2026-55524

Name of the Vulnerable Software and Affected Versions Eclipse Theia versions 1.26.0 and later Description The backend /services/request-service RPC accepts a URL controlled by an attacker from any client connected to the standard /services messaging endpoint. The server performs the HTTP request...

8.5CVSS6.1AI score0.00297EPSS
Exploits0References7
EUVD
EUVD
added last week7 views

EUVD-2026-41422

LobeChat through 2.2.9 server-database deployments are vulnerable to broken object-level authorization in MessageModel. The updateMessagePlugin, updatePluginState, updatePluginError, updateTTS and updateTranslate methods filter target rows by message id alone, omitting the userId scope that sibli...

6CVSS5.8AI score0.00154EPSS
Exploits0References2
CVE
CVE
added last week13 views

CVE-2026-58580

LobeChat up to version 2.2.9 is affected by broken object-level authorization in MessageModel. An authenticated user who knows another user’s non-enumerable message identifier can overwrite that victim’s plugin tool‑call metadata, plugin state/error, and TTS/translation records via tRPC message p...

6CVSS5.8AI score0.00154EPSS
Exploits0References2
OSV
OSV
added last week3 views

GHSA-C8W6-X74F-VMG3 zebrad vulnerable to full node denial of service via crafted Sapling receiver in z_listunifiedreceivers

Am I affected You are affected if: 1. You run zebrad up to and including v4.4.1. 2. Your zebrad.toml sets rpc.listenaddr to a TCP address RPC server is enabled. 3. An attacker can authenticate to the RPC endpoint. With the default enablecookieauth = true, this requires the attacker to read the...

6.5CVSS5.8AI score
Exploits0References4
Cvelist
Cvelist
added 2026/06/30 10:8 p.m.22 views

CVE-2026-56300 Capgo - Unauthenticated API Key Validity and Permission Oracle via RPC Functions

Capgo before 12.128.2 contains unauthenticated security definer RPC functions getuserid and getorgpermforapikey that expose API key validity oracles and user UUID disclosure. Unauthenticated attackers using the public API key can validate leaked keys, enumerate users and apps, and determine...

8.7CVSS0.00349EPSS
Exploits0References2
NVD
NVD
added 2026/06/29 7:16 p.m.10 views

CVE-2026-13757

A flaw was found in p11-kit. The RPC message attribute parsing functions p11rpcmessagegetattribute and p11rpcmessagegetattributearrayvalue form a mutually-recursive call chain with no recursion depth limit when processing nested CKAWRAPTEMPLATE, CKAUNWRAPTEMPLATE, and CKADERIVETEMPLATE attributes...

6.2CVSS0.00114EPSS
Exploits0References2
OSV
OSV
added 2026/06/29 7:16 p.m.5 views

UBUNTU-CVE-2026-13757

A flaw was found in p11-kit. The RPC message attribute parsing functions p11rpcmessagegetattribute and p11rpcmessagegetattributearrayvalue form a mutually-recursive call chain with no recursion depth limit when processing nested CKAWRAPTEMPLATE, CKAUNWRAPTEMPLATE, and CKADERIVETEMPLATE attributes...

6.2CVSS5.8AI score0.00114EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/29 6:44 p.m.8 views

EUVD-2026-40173

A flaw was found in p11-kit. The RPC message attribute parsing functions p11rpcmessagegetattribute and p11rpcmessagegetattributearrayvalue form a mutually-recursive call chain with no recursion depth limit when processing nested CKAWRAPTEMPLATE, CKAUNWRAPTEMPLATE, and CKADERIVETEMPLATE attributes...

6.2CVSS5.8AI score0.00114EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/29 6:44 p.m.7 views

CVE-2026-13757

A flaw was found in p11-kit. The RPC message attribute parsing functions p11rpcmessagegetattribute and p11rpcmessagegetattributearrayvalue form a mutually-recursive call chain with no recursion depth limit when processing nested CKAWRAPTEMPLATE, CKAUNWRAPTEMPLATE, and CKADERIVETEMPLATE attributes...

6.2CVSS5.8AI score0.00114EPSS
Exploits0References3
OSV
OSV
added 2026/06/29 5:40 a.m.3 views

BIT-ENVOY-2026-47207 Envoy crashes if multiple unexpected ext_proc responses are packed into one gRPC message

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, Envoy crashes if an extproc server sends a single gRPC message containing multiple, specially crafted ProcessingResponse messages. This can occur when the...

6.5CVSS5.7AI score0.00444EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-53151

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - rxrpc: Fix the ACK parser to extract the SACK table for parsing Fix modification of the received skbuff in rxrpcinputsoftacks and a potential incorrect access o...

9.8CVSS6.2AI score0.00497EPSS
Exploits0References3
OSV
OSV
added 2026/06/27 6:4 a.m.5 views

RLSA-2026:30129 Important: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: rxrpc: fix RESPONSE authenticator parser OOB read CVE-2026-31636 kernel: ipv6: icmp: clear skb2-cb in ip6errgenicmpv6unreach CVE-2026-43038 kernel: tcp: fix potential race in...

7.3CVSS6.5AI score0.00465EPSS
Exploits0References9
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/26 6:37 p.m.3 views

Security Bulletin: IBM Terracotta is affected by a Micrometer vulnerability that could allow Denial of Service (Dos) attacks

Summary IBM Terracotta uses Micrometer, a popular Java library used in Spring applications, for application monitoring within the product. Vulnerability Details CVEID:CVE-2026-40983 DESCRIPTION: In Micrometer, it is possible for a user to provide specially crafted gRPC requests that may cause a...

7.5CVSS5.8AI score0.00573EPSS
Exploits0Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/26 5:52 p.m.5 views

CVE-2026-47207

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, Envoy crashes if an extproc server sends a single gRPC message containing multiple, specially crafted ProcessingResponse messages. This can occur when the...

6.5CVSS5.7AI score0.00444EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/06/26 5:52 p.m.8 views

EUVD-2026-39826

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, Envoy crashes if an extproc server sends a single gRPC message containing multiple, specially crafted ProcessingResponse messages. This can occur when the...

6.5CVSS5.7AI score0.00444EPSS
Exploits1References1
NVD
NVD
added 2026/06/26 11:16 a.m.9 views

CVE-2026-13325

A flaw was found in KubeVirt's migration proxy. When spec.configuration.migrations.disableTLS is set to true on the KubeVirt custom resource, the target virt-handler binds a plain TCP listener on all interfaces 0.0.0.0/:: on a random port with no authentication, peer allow-list, or handshake toke...

8.5CVSS0.00175EPSS
Exploits0References2
Rows per page
Query Builder