Lucene search
K

27026 matches found

ICS
ICS
added 2026/03/10 7:0 a.m.4 views

Schneider Electric EcoStruxure Data Center Expert

GENERAL SECURITY RECOMMENDATIONS Schneider Electric strongly recommends the following industry cybersecurity best practices: Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install physical controls so no unauthorized...

7.5CVSS6.5AI score0.00679EPSS
Exploits0References11
ICS
ICS
added 2026/03/10 6:0 a.m.8 views

Honeywell IQ4 Series BMS Controller (Update A)

RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthorized attacker to access controller management settings, control components, disclose information, or cause a denial-of-service condition. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to...

10CVSS5.8AI score0.05585EPSS
Exploits1References13
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.7 views

PT-2026-24611

Apache Maven will follow repositories that are defined in a dependency’s Project Object Model pom which may be surprising to some users, resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that repository...

9.1CVSS5.7AI score0.08691EPSS
Exploits2References45
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.3 views

PT-2026-24606

Certificate verification can panic when a certificate in the chain has an empty DNS name and another certificate in the chain has excluded name constraints. This can crash programs that are either directly verifying X.509 certificate chains, or those that use TLS...

5.9CVSS5.8AI score0.0035EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.6 views

Fortinet FortiSwitchAXFixed 访问控制错误漏洞

The Fortinet FortiSwitchAXFixed is a network switch device developed by the American company Fortinet. There was an access control vulnerability in the Fortinet FortiSwitchAXFixed version 1.0.0 to 1.0.1. This vulnerability stemmed from improper access control, allowing authenticated administrator...

6.7CVSS5.9AI score0.00147EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/03/10 12:0 a.m.12 views

EulerOS 2.0 SP13 : python3 (EulerOS-SA-2026-1256)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : If the value passed to os.path.expandvars is user-controlled a performance degradation is possible when expanding environment...

7.5CVSS7AI score0.01525EPSS
Exploits0References7
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/09 10:10 a.m.6 views

Security Bulletin: IBM Sterling Secure Proxy is vulnerable to bypass of Trust Restrictions due to Eclipse Jersey

Summary A race condition in Eclipse Jersey can cause ignoring of critical SSL configurations - such as mutual authentication, custom key/trust stores, and other security settings. IBM Sterling Secure Proxy has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-12383 DESCRIPTION: I...

9.4CVSS5.8AI score0.00271EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/03/09 10:9 a.m.5 views

MAL-2026-1290 Malicious code in remjsonparse (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e478d1e016f1d6d6d1cb4a9d23ac45449c22d99aa8e71c88d2f38fae8951f23f During import, package starts advanced compromise actions: exfiltrates AWS and git credentials, commands history, security tools in use. After that, the code...

6AI score
Exploits0References1
EUVD
EUVD
added 2026/03/09 9:30 a.m.7 views

EUVD-2025-208368

A low‑privileged local attacker who gains access to the UBR service account e.g., via SSH can escalate privileges to obtain full system access. This is due to the service account being permitted to execute certain binaries e.g., tcpdump and ip with sudo...

7.8CVSS5.9AI score0.00161EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/09 9:30 a.m.4 views

EUVD-2025-208377

Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupload.cgi endpoint to upload and apply arbitrary data. This includes, but is not limited to, contact images, HTTPS certificates, system backups for restoration, server peer configurations, and...

9.1CVSS5.9AI score0.00265EPSS
Exploits0References2
NVD
NVD
added 2026/03/09 9:16 a.m.3 views

CVE-2025-41765

Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupload.cgi endpoint to upload and apply arbitrary data. This includes, but is not limited to, contact images, HTTPS certificates, system backups for restoration, server peer configurations, and...

9.1CVSS0.00265EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/09 12:0 a.m.6 views

SSH2 安全漏洞

SSH2 is an SSH client and server module developed by mscdex’s individual developers. Version 1.17.0 of SSH2 contains a security vulnerability, which stems from the inefficiency of regular expressions...

7.5CVSS5.8AI score0.00339EPSS
Exploits0References3
Packet Storm News
Packet Storm News
added 2026/03/09 12:0 a.m.5 views

Lockbox -- a Zero Trust Architecture for Secure Processing of Sensitive Cloud Workloads

Enterprises increasingly rely on cloud-based applications to process highly sensitive data artifacts. Although cloud adoption improves agility and scalability, it also introduces new security challenges such as expanded attack surfaces, a wider radius of attack from credential compromise, and...

6AI score
Exploits0
NVD
NVD
added 2026/03/08 11:15 a.m.9 views

CVE-2026-3731

A weakness has been identified in libssh up to 0.11.3. The impacted element is the function sftpextensionsgetname/sftpextensionsgetdata of the file src/sftp.c of the component SFTP Extension Name Handler. Executing a manipulation of the argument idx can lead to out-of-bounds read. The attack may ...

7.5CVSS0.00631EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/03/08 12:0 a.m.5 views

PT-2026-23936

Name of the Vulnerable Software and Affected Versions libssh versions up to 0.11.3 Description A flaw exists in libssh related to the SFTP Extension Name Handler component, specifically within the sftp extensions get name and sftp extensions get data functions in the src/sftp.c file. A manipulati...

7.5CVSS5.9AI score0.00631EPSS
Exploits0References68
ATTACKERKB
ATTACKERKB
added 2026/03/07 3:57 p.m.3 views

CVE-2026-30832

Soft Serve is a self-hostable Git server for the command line. From version 0.6.0 to before version 0.11.4, an authenticated SSH user can force the server to make HTTP requests to internal/private IP addresses by running repo import with a crafted --lfs-endpoint URL. The initial batch request is...

9.1CVSS5.7AI score0.00328EPSS
Exploits1References4Affected Software1
Fedora
Fedora
added 2026/03/07 3:33 a.m.7 views

[SECURITY] Fedora 42 Update: chezmoi-2.69.4-1.fc42

Manage your dotfiles across multiple diverse machines, securely...

7.5CVSS5.8AI score0.00626EPSS
Exploits3
Fedora
Fedora
added 2026/03/07 2:31 a.m.8 views

[SECURITY] Fedora 44 Update: nss-3.120.1-1.fc44

Network Security Services NSS is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME, X.509 v3 certificates, and other security...

5.8AI score
Exploits0
Github Security Blog
Github Security Blog
added 2026/03/07 2:31 a.m.9 views

FUXA has a hardcoded fallback JWT signing secret

FUXA used a static fallback JWT signing secret frangoteam751 when no secretCode was configured. If authentication was enabled without explicitly setting a custom secret, an attacker who knew the default value could forge valid JWT tokens and bypass authentication. This issue has been addressed in...

9.8CVSS5.7AI score0.02036EPSS
Exploits0References4Affected Software1
AstraLinux
AstraLinux
added 2026/03/06 9:4 p.m.5 views

Astra Linux - уязвимость в curl

A cookie is set using the secure keyword for https://target 2. curl is redirected to or otherwise made to speak with http://target same hostname, but using clear text HTTP using the same cookie set 3. The same cookie name is set - but with just a slash as path path="/",. Since this site is not...

7.5CVSS6.2AI score0.01301EPSS
Exploits1References2
Rows per page
Query Builder