Lucene search
K

27013 matches found

Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.7 views

PT-2026-29705

SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to forge a GINA-encrypted email...

6.3CVSS5.9AI score0.00126EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.3 views

PT-2026-29706

SEPPmail Secure Email Gateway before version 15.0.3 does not properly authenticate the inner message of S/MIME-encrypted MIME entities, allowing an attacker to control trusted headers...

7.8CVSS5.9AI score0.0025EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.4 views

PT-2026-29805

Name of the Vulnerable Software and Affected Versions OpenSSH versions prior to 10.3 Description When using the -O option with the legacy scp protocol as root without the -p option, a downloaded file may be installed with setuid or setgid permissions, which may not align with user expectations...

8.1CVSS5.7AI score0.00419EPSS
Exploits0References88
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.7 views

OpenSSH 安全漏洞

OpenSSH OpenBSD Secure Shell is a set of open-source tools developed by OpenBSD in Canada for secure access to remote computers. This tool is an open-source implementation of the SSH protocol, supporting encryption of all transmissions. It effectively prevents eavesdropping, connection hijacking,...

8.1CVSS5.9AI score0.00419EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.4 views

OpenSSH 安全漏洞

OpenSSH OpenBSD Secure Shell is a set of open-source tools developed by OpenBSD in Canada, designed for secure access to remote computers. This tool is an open-source implementation of the SSH protocol, supporting encryption of all transmissions. It effectively prevents eavesdropping, connection...

2.5CVSS5.9AI score0.0013EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/01 9:30 p.m.4 views

EUVD-2026-18068

IBM Maximo Application Suite 9.1, 9.0, 8.11, and 8.10 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to th...

4.3CVSS5.8AI score0.00118EPSS
Exploits0References2
NVD
NVD
added 2026/04/01 9:17 p.m.8 views

CVE-2026-4820

IBM Maximo Application Suite 9.1, 9.0, 8.11, and 8.10 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to th...

4.3CVSS0.00118EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/04/01 9:12 p.m.9 views

openssl-encrypt has CORS wildcard with allow_credentials=True in standalone servers

Summary Both standalone servers configure CORS with alloworigins="", allowcredentials=True, allowmethods="", and allowheaders="". Affected Code python server/key-server/app/main.py:86-92 server/telemetry-server/app/main.py:23-29 app.addmiddleware CORSMiddleware, alloworigins=settings.corsorigins,...

5.9AI score
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/01 8:54 p.m.1 views

CVE-2026-4820

IBM Maximo Application Suite 9.1, 9.0, 8.11, and 8.10 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to th...

4.3CVSS5.8AI score0.00118EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/04/01 8:54 p.m.11 views

CVE-2026-4820

CVE-2026-4820 affects IBM Maximo Application Suite 9.1, 9.0, 8.11, and 8.10, where authorization tokens or session cookies are not marked with the Secure attribute. This can allow an unauthenticated attacker to steal cookie values by directing users to an http link and monitoring traffic, enablin...

4.3CVSS5.8AI score0.00118EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/04/01 8:54 p.m.17 views

CVE-2026-4820 IBM Maximo Application Suite was vulnerable to because Cookie ltpatoken2_<workspace_name> was not set with secure flag

IBM Maximo Application Suite 9.1, 9.0, 8.11, and 8.10 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to th...

4.3CVSS0.00118EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/01 8:54 p.m.2 views

CVE-2026-4820 IBM Maximo Application Suite was vulnerable to because Cookie ltpatoken2_<workspace_name> was not set with secure flag

IBM Maximo Application Suite 9.1, 9.0, 8.11, and 8.10 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to th...

4.3CVSS5.8AI score0.00118EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/01 7:9 p.m.8 views

Security Bulletin: IBM Maximo Application Suite was vulnerable to CVE-2026-4820 because Cookie ltpatoken2_<workspace_name> was not set with secure flag

Summary IBM Maximo Application Suite was vulnerable to CVE-2026-4820 because Cookie ltpatoken2 was not set with secure flag Vulnerability Details CVEID:CVE-2026-4820 DESCRIPTION: IBM Maximo Application Suite does not set the secure attribute on authorization tokens or session cookies. Attackers m...

4.3CVSS5.8AI score0.00118EPSS
Exploits0Affected Software1
The Hacker News
The Hacker News
added 2026/04/01 12:46 p.m.4 views

Block the Prompt, Not the Work: The End of "Doctor No"

There is a character that keeps appearing in enterprise security departments, and most CISOs know exactly who that is. It doesn’t build. It doesn’t enable. Its entire function is to say "No." No to ChatGPT. No to DeepSeek. No to the file-sharing tool the product team swears by. For years, this...

6AI score
Exploits0
EUVD
EUVD
added 2026/04/01 9:31 a.m.4 views

EUVD-2026-17822

Dell Secure Connect Gateway SCG 5.0 Appliance and Application versions 5.28.00.xx to 5.32.00.xx, contains an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability. A high privileged attacker within the management network could potentially exploit this...

4.7CVSS5.9AI score0.00381EPSS
Exploits0References2
NVD
NVD
added 2026/04/01 8:16 a.m.4 views

CVE-2026-27101

Dell Secure Connect Gateway SCG 5.0 Appliance and Application versions 5.28.00.xx to 5.32.00.xx, contains an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability. A high privileged attacker within the management network could potentially exploit this...

7.2CVSS0.00381EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/01 7:27 a.m.1 views

CVE-2026-27101

Dell Secure Connect Gateway SCG 5.0 Appliance and Application versions 5.28.00.xx to 5.32.00.xx, contains an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability. A high privileged attacker within the management network could potentially exploit this...

4.7CVSS5.9AI score0.00381EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/01 7:27 a.m.3 views

CVE-2026-27101

Dell Secure Connect Gateway SCG 5.0 Appliance and Application versions 5.28.00.xx to 5.32.00.xx, contains an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability. A high privileged attacker within the management network could potentially exploit this...

4.7CVSS5.9AI score0.00381EPSS
Exploits0References2
CVE
CVE
added 2026/04/01 7:27 a.m.11 views

CVE-2026-27101

Dell Secure Connect Gateway (SCG) 5.0 Appliance and Application versions 5.28.00.xx–5.32.00.xx are affected by a Path Traversal vulnerability. The issue stems from improper path filtering, enabling a high-privilege attacker within the management network to potentially achieve remote code executio...

7.2CVSS5.9AI score0.00381EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/04/01 7:27 a.m.27 views

CVE-2026-27101

Dell Secure Connect Gateway SCG 5.0 Appliance and Application versions 5.28.00.xx to 5.32.00.xx, contains an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability. A high privileged attacker within the management network could potentially exploit this...

4.7CVSS0.00381EPSS
Exploits0References1
Rows per page
Query Builder