Lucene search
K

2790 matches found

RedhatCVE
RedhatCVE
added last week4 views

CVE-2026-14969

A flaw was found in 389-ds-base where the LDBM backend attribute encryption uses a hardcoded static initialization vector for AES-CBC and 3DES-CBC operations, allowing an attacker with privileged filesystem access to detect plaintext equality across encrypted entries by comparing ciphertext block...

4.4CVSS5.9AI score0.00077EPSS
Exploits0References3
OSV
OSV
added 2026/07/02 4:45 p.m.9 views

GHSA-GP79-M99V-GJMH OpenClaw: Mattermost handlers could fall open when channel type was missing

Summary Mattermost handlers could fall open when channel type was missing. In affected versions, a Mattermost event missing channel type metadata could continue without applying the intended DM policy decision. This advisory is scoped to the named feature and configuration. It does not change...

6.3CVSS6AI score0.00189EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/07/02 12:22 p.m.6 views

CVE-2026-14363

A flaw was found in the Mediawiki Cargo Extension. This vulnerability, identified as SQL Injection, allows an attacker to execute malicious SQL commands. By exploiting improper handling of special characters in SQL commands, an attacker can potentially access, modify, or delete sensitive data...

9.8CVSS5.8AI score0.00294EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/08 2:13 p.m.13 views

CVE-2026-50292

A flaw was found in libinput. A local attacker with access to /dev/uinput can inject arbitrary udev properties through the libinput-device-group helper. This injection can lead to root code execution, for example, by exploiting REMOVECMD properties that are executed when a device is removed. This...

9.8CVSS5.7AI score0.00498EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:31 p.m.12 views

CVE-2025-71210

A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute commands on affected installations. Please note: although this vulnerability carries a technical critical CVSS rating, this was reported via responsible disclosure via...

9.8CVSS8.3AI score0.03811EPSS
Exploits0References1
NVD
NVD
added 2026/05/22 10:16 p.m.24 views

CVE-2026-41075

RT is an open source, enterprise-grade issue and ticket tracking system. Versions 5.0.0 through 5.0.9 and 6.0.0 through 6.0.2 contain an SQL injection vulnerability. An authenticated user can craft input that is incorporated into database queries without proper validation, potentially allowing th...

8.8CVSS0.00344EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.15 views

PT-2026-42837

Name of the Vulnerable Software and Affected Versions RT versions 5.0.0 through 5.0.9 RT versions 6.0.0 through 6.0.2 Description An authenticated user can craft input that is incorporated into database queries without proper validation, potentially allowing them to read or modify data in the...

8.8CVSS5.9AI score0.00344EPSS
Exploits0References19
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.19 views

PT-2026-37091

Name of the Vulnerable Software and Affected Versions Langchain-Chatchat versions prior to 0.3.1.4 Description An issue exists in the Uploaded File Handler component within the get file id function of the file libs/chatchat-server/chatchat/server/api server/openai routes.py. Manipulation of this...

2.6CVSS5.7AI score0.00235EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/05/04 10:17 a.m.9 views

CVE-2026-41263

A flaw was found in Traefik. A remote attacker can exploit a timing side-channel vulnerability in Traefik's BasicAuth middleware. This flaw allows an attacker to enumerate valid usernames by observing differences in authentication response times. The vulnerability arises because a constant-time...

6.3CVSS5.7AI score0.00369EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/04/28 12:27 p.m.11 views

CVE-2026-6993

A flaw was found in go-kratos kratos. A remote attacker could exploit a vulnerability in the HTTP server's NewServer function, specifically within the http.DefaultServeMux Fallback Handler. This manipulation creates an unintended intermediary, which can lead to the disclosure of sensitive...

6.9CVSS5.5AI score0.00315EPSS
Exploits0References10
Snyk
Snyk
added 2026/04/25 6:30 p.m.9 views

HTTP Request Smuggling

Overview Affected versions of this package are vulnerable to HTTP Request Smuggling via the NewServer function in the HTTP server, specifically within the http.DefaultServeMux Fallback Handler. An attacker can access sensitive information by sending crafted HTTP requests that trigger the unintend...

6.9CVSS5.8AI score0.00315EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.16 views

PT-2026-37175

Name of the Vulnerable Software and Affected Versions nova-toggle-5 versions prior to 1.3.0 Description The toggle endpoint "POST /nova-vendor/nova-toggle/toggle/resource/resourceId" was protected only by web and auth: middleware. This allowed any user authenticated on the configured guard to fli...

6.5CVSS6AI score0.00201EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/04/15 9:30 p.m.12 views

Pyroscope Exposes Storage Secret

Pyroscope is an open-source continuous profiling database. The database supports various storage backends, including Tencent Cloud Object Storage COS. If the database is configured to use Tencent COS as the storage backend, an attacker could extract the secretkey configuration value from the...

9.1CVSS5.4AI score0.00406EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/04/15 6:13 p.m.18 views

CVE-2026-33435

Weblate: Remote code execution during project backup restoration in versions prior to 5.17 due to backups not filtering Git/Mercurial config files. Fixed in 5.17. Remediation: upgrade to 5.17+ or restrict access to backups (backups are only accessible to users who can create projects).

8CVSS6.4AI score0.00708EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/30 12:0 a.m.10 views

PT-2026-28758

Name of the Vulnerable Software and Affected Versions Totolink A3300R version 17.0.0cu.557 b20221024 Description A security issue exists in Totolink A3300R version 17.0.0cu.557 b20221024. The setStaticRoute function within the /cgi-bin/cstecgi.cgi file is susceptible to command injection through...

6.5CVSS5.7AI score0.02483EPSS
Exploits1References7
SUSE CVE
SUSE CVE
added 2026/03/28 12:28 a.m.10 views

SUSE CVE-2026-27858

Attacker can send a specifically crafted message before authentication that causes managesieve to allocate large amount of memory. Attacker can force managesieve-login to be unavailable by repeatedly crashing the process. Protect access to managesieve protocol, or install fixed version. No public...

7.5CVSS5.9AI score0.0079EPSS
Exploits0References10
AlpineLinux
AlpineLinux
added 2026/03/27 8:10 a.m.6 views

CVE-2025-59032

ManageSieve AUTHENTICATE command crashes when using literal as SASL initial response. This can be used to crash ManageSieve service repeatedly, making it unavailable for other users. Control access to ManageSieve port, or disable the service if it's not needed. Alternatively upgrade to a fixed...

7.5CVSS5.2AI score0.00703EPSS
Exploits1References18
EUVD
EUVD
added 2026/03/26 3:30 p.m.4 views

EUVD-2025-209051

Vulnerability related to an unquoted service path in Small HTTP Server 3.06.36, specifically affecting the executable located at 'C:\Program Files x86\shttpsmg\http.exe service'. This misconfiguration allows a local attacker to place a malicious executable with the same name in a higher priority...

8.5CVSS6.1AI score0.00155EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/26 12:20 p.m.2 views

CVE-2025-41359 Multiple vulnerabilities in Small HTTP server by Smallsrv

Vulnerability related to an unquoted service path in Small HTTP Server 3.06.36, specifically affecting the executable located at 'C:\Program Files x86\shttpsmg\http.exe service'. This misconfiguration allows a local attacker to place a malicious executable with the same name in a higher priority...

8.5CVSS6.1AI score0.00155EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.6 views

PT-2026-28650

Name of the Vulnerable Software and Affected Versions code-projects Simple Laundry System version 1.0 Description A cross site scripting issue exists in the Parameter Handler component of code-projects Simple Laundry System. The issue is related to the manipulation of the firstName argument withi...

5.3CVSS5.2AI score0.0027EPSS
Exploits1References8
Rows per page
Query Builder