Lucene search
K

53675 matches found

Nuclei
Nuclei
added 2026/06/16 7:13 a.m.32 views

Apache Solr - Authentication Bypass

Solr instances using the PKIAuthenticationPlugin, which is enabled by default when Solr Authentication is used, are vulnerable to Authentication bypass.A fake ending at the end of any Solr API URL path, will allow requests to skip Authentication while maintaining the API contract with the origina...

9.8CVSS8.6AI score0.90709EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.9 views

PT-2026-49593

Name of the Vulnerable Software and Affected Versions AIOHTTP versions prior to 3.14.1 Description Host-only cookies saved using the CookieJar.save function and subsequently restored via the CookieJar.load function lose their host-only status. This can result in cookies loaded from disk being sen...

5.3CVSS5.8AI score0.00279EPSS
Exploits0References5
NVD
NVD
added 2026/06/14 4:16 a.m.14 views

CVE-2026-54421

In OpenStack Ironic before 37.0.1, when applying a PATCH to update fields in volume properties the user is authorized for, Ironic can return unredacted sensitive information such as iSCSI credentials. The PATCH outcome is a security issue; the POST outcome is not a security issue...

6.8CVSS0.00291EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/14 3:49 a.m.11 views

EUVD-2026-36658

In OpenStack Ironic through 35.0.1, when applying a PATCH to update fields in volume properties the user is authorized for, Ironic can return unredacted sensitive information such as iSCSI credentials. The PATCH outcome is a security issue; the POST outcome is not a security issue...

6.8CVSS5.3AI score0.00291EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/14 12:0 a.m.18 views

PT-2026-49105

Name of the Vulnerable Software and Affected Versions OpenStack Ironic versions prior to 35.0.2 Description When applying a PATCH request to update fields in volume properties for which a user is authorized, the system may return unredacted sensitive information, such as iSCSI credentials. This...

6.8CVSS5.9AI score0.00291EPSS
Exploits0References8
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/12 6:50 p.m.10 views

Security Bulletin: Security Vulnerability in Spring Security Affects IBM Sterling B2B Integrator and IBM Sterling File Gateway (CVE-2025-41248)

Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the security vulnerability in Spring Security Vulnerability Details CVEID:CVE-2025-41248 DESCRIPTION: The Spring Security annotation detection mechanism may not correctly resolve annotations on methods within type...

7.5CVSS6.9AI score0.0046EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/06/12 6:28 p.m.7 views

GHSA-3GP5-Q4JW-3V94 Budibase: Basic app users can exfiltrate stored REST datasource auth by rewriting datasource base URL

Summary Budibase stores external REST datasource credentials server-side and documents that database credentials are applied server-side and are not exposed in the UI. The REST datasource implementation redacts stored Basic/Bearer/OAuth2 auth secrets before returning datasource data to clients...

8.1CVSS5.7AI score0.00257EPSS
Exploits0References3
OSV
OSV
added 2026/06/12 4:16 p.m.7 views

DEBIAN-CVE-2026-47691

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's DnsResolveContext insufficiently validates the bailiwick of NS records, enabling DNS Cache Poisoning. An attacker controlling an authoritative name...

10CVSS5.3AI score0.00285EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/06/12 10:4 a.m.146 views

Exploit for CVE-2026-20253

No d...

9.8CVSS5.2AI score0.88171EPSS
Exploits5
OSV
OSV
added 2026/06/11 10:16 p.m.5 views

DEBIAN-CVE-2026-12022

Race in Safe Browsing in Google Chrome on Mac prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. Chromium security severity: High...

8.3CVSS5.4AI score0.00166EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/11 5:13 p.m.9 views

CVE-2026-49261 MariaDB server has unsafe parameter handling in `wsrep_notify_cmd`

MariaDB server is a community developed fork of MySQL server. Versions 10.6.1 through 10.6.26, 10.11.1 through 10.11.17, 11.4.1 through 11.4.11, 11.8.1 through 11.8.7, and 12.3.1 with wsrepnotifycmd enabled would execute shell commands embedded in the name of the joiner node. This is fixed in...

10CVSS5.6AI score0.00998EPSS
Exploits0References2
Chainguard
Chainguard
added 2026/06/11 1:48 a.m.6 views

GHSA-WWX6-X28X-8259 vulnerabilities

Vulnerabilities for packages: yazi...

5.4AI score
Exploits0
EUVD
EUVD
added 2026/06/11 12:32 a.m.9 views

EUVD-2022-56002

A person with access to a Mac may be able to bypass Login Window. A consistency issue was addressed with improved state handling. This issue is fixed in macOS Monterey 12.4...

3.5CVSS5.4AI score0.00153EPSS
Exploits0References2
OSV
OSV
added 2026/06/10 5:10 p.m.8 views

DRUPAL-CONTRIB-2026-047

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466s-becoming-owner-maintainer-or-co-mai...

5.5AI score
Exploits0References1
OSV
OSV
added 2026/06/10 5:8 p.m.7 views

DRUPAL-CONTRIB-2026-045

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466s-becoming-owner-maintainer-or-co-mai...

5.5AI score
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.18 views

Silverpeas 安全漏洞

Silverpeas is an open-source business collaboration platform developed by Silverpeas. This platform includes applications such as project management, blogs, forums, and document management. Versions of Silverpeas prior to 6.4.6 contained security vulnerabilities, which were caused by improper...

6.5CVSS5.3AI score0.00327EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.10 views

PT-2026-48594

The security team is marking the Composer module for Drupal project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read:...

5.5AI score
Exploits0References2
Drupal
Drupal
added 2026/06/10 12:0 a.m.10 views

Composer - Critical - Unsupported - SA-CONTRIB-2026-046

The security team is marking the Composer module for Drupal project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read:...

5.3AI score
Exploits0References2
Drupal
Drupal
added 2026/06/10 12:0 a.m.6 views

Mother May I - Critical - Unsupported - SA-CONTRIB-2026-045

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466s-becoming-owner-maintainer-or-co-mai...

5.2AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.18 views

PT-2026-48486

Name of the Vulnerable Software and Affected Versions Palo Alto Networks PAN-OS affected versions not specified Description A memory corruption issue occurs during the processing of tunnel traffic. An authenticated user can trigger system reboots by sending a maliciously crafted packet. If these...

6.9CVSS5.3AI score0.00192EPSS
Exploits0References5
Rows per page
Query Builder