Lucene search
K

12086 matches found

Nuclei
Nuclei
added 8 hours ago11 views

Starlette - Improper Validation of Unsafe Equivalence in Input

A flaw was found in Starlette, a lightweight ASGI Asynchronous Server Gateway Interface framework. A remote attacker could exploit this vulnerability by sending a specially crafted HTTP Host request header. This malformed header could cause the request.url to be incorrectly reconstructed, leading...

6.5CVSS6.6AI score0.01438EPSS
Exploits2References2
Nuclei
Nuclei
added 8 hours ago33 views

Adobe Experience Manager ≤ 6.5.23.0 - XML Injection

Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an XML Injection vulnerability that could result in a Security feature bypass. id: CVE-2025-54251 info: name: Adobe Experience Manager ≤ 6.5.23.0 - XML Injection author: DhiyaneshDK,assetnote severity: medium description: |...

4.3CVSS6.1AI score0.01609EPSS
Exploits0
Nuclei
Nuclei
added 8 hours ago31 views

SolarWinds Web Help Desk < 12.8.8 Hotfix 1 (HF1) - Security Control Bypass

SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could allow an unauthenticated attacker to gain access to certain restricted functionality. id: CVE-2025-40536 info: name: SolarWinds Web Help Desk 12.8.8 Hotfix 1 HF1 - Security...

9.8CVSS7AI score0.8413EPSS
Exploits4References3
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-42987

MCP Server Kubernetes before 3.9.0 contains an argument injection vulnerability in structured tools kubectlget, kubectldescribe, kubectldelete that allows attackers to bypass the assertNoDangerousFlags security check by supplying resourceType and name parameters with leading dashes. Attackers can...

9.8CVSS6.1AI score0.00421EPSS
Exploits0References5
NVD
NVD
added 4 days ago6 views

CVE-2026-57501

Zen is a firefox-based browser. Prior to 1.21.5b, Zen's glance and split-view context-menu actions, Open link in glance and Split link in new tab, load a page-controlled link URL with the System principal instead of the originating page's principal, allowing a malicious web page to place a link t...

0.0029EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 4 days ago7 views

CVE-2026-53655

A flaw was found in node-tar. This vulnerability arises because node-tar incorrectly applies PAX extended header size records to subsequent intermediary metadata headers, leading to a desynchronization of the tar stream cursor compared to other standard tar implementations. A remote attacker coul...

6.9CVSS5.9AI score0.00107EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 4 days ago5 views

golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: Security bypass due to improper handling of key restrictions

A flaw was found in golang.org/x/crypto/ssh/agent. When a key was added to a remote agent, security restrictions, known as constraint extensions, were not properly processed during the request. This allowed these restrictions to be silently removed when keys were forwarded, leading to the...

9.1CVSS6AI score0.00525EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 4 days ago7 views

CVE-2026-54590

A flaw was found in AsyncSSH, a Python package for implementing the SSHv2 protocol. An incomplete fix for a previous vulnerability allowed an attacker to bypass security restrictions in the AuthorizedKeysFile processing. By using specific characters like or environment variables $ENV in the...

5.9CVSS6AI score0.00285EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 4 days ago7 views

PT-2026-57005

Name of the Vulnerable Software and Affected Versions Zen versions prior to 1.21.5b Description In the glance and split-view context-menu actions, specifically Open link in glance and Split link in new tab, the browser loads a page-controlled link URL using the System principal instead of the...

6.1AI score0.0029EPSS
Exploits0References5
NVD
NVD
added 5 days ago7 views

CVE-2026-58525

Improper access control in Microsoft Edge Chromium-based allows an unauthorized attacker to bypass a security feature over a network...

8.2CVSS0.00362EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-42401

Improper access control in Microsoft Edge Chromium-based allows an unauthorized attacker to bypass a security feature over a network...

8.2CVSS5.9AI score0.00362EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago30 views

CVE-2026-58525 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

...

8.2CVSS0.00362EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 5 days ago4 views

jackson-databind: Jackson-databind: Security bypass allows arbitrary code execution

A flaw was found in jackson-databind, a library used for processing data. This vulnerability allows an attacker to bypass security controls designed to validate data types. By sending specially crafted input, an attacker can force the system to process untrusted data, which may lead to the...

8.1CVSS6AI score0.00695EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 5 days ago4 views

CVE-2026-59997

A flaw was found in OpenSSH. The internal-sftp component within sshd incorrectly processes command-line arguments, recognizing only the first nine. This limitation can prevent the application of intended security configurations for SFTP SSH File Transfer Protocol connections, potentially leading ...

5.4CVSS5.9AI score0.00177EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 5 days ago10 views

PT-2026-56610

Name of the Vulnerable Software and Affected Versions Microsoft Edge Chromium-based affected versions not specified Description Improper access control allows an unauthorized attacker to bypass a security feature over a network. Recommendations At the moment, there is no information about a newer...

8.2CVSS6.1AI score0.00362EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 6 days ago7 views

kernel: drm/gem: Fix inconsistent plane dimension calculation in drm_gem_fb_init_with_funcs()

A flaw was found in the Linux kernel's Direct Rendering Manager DRM Graphics Execution Manager GEM component. This vulnerability arises from an inconsistent calculation of plane dimensions, which can lead to incorrect memory allocation checks. A local attacker could exploit this by creating a...

7.8CVSS6.1AI score0.00139EPSS
Exploits0References5
Cvelist
Cvelist
added 6 days ago33 views

CVE-2026-44938 Fleet has PSS Bypass through addLabelsFromOptions in Fleet Agent

A vulnerability has been identified in Fleet's agent-side deployer, which did not filter security-sensitive keys from namespaceLabels in fleet.yaml or BundleDeployment.spec.options.namespaceLabels when applying them to the target namespace. An attacker with git push access to a Fleet-monitored...

8.8CVSS0.00508EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 6 days ago8 views

Important: Red Hat Security Advisory: ruby:3.3 security update

An update for the ruby:3.3 module is now available for Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

7.6CVSS6AI score0.00813EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added last week15 views

kernel: drm/gem: Fix inconsistent plane dimension calculation in drm_gem_fb_init_with_funcs()

A flaw was found in the Linux kernel's Direct Rendering Manager DRM Graphics Execution Manager GEM component. This vulnerability arises from an inconsistent calculation of plane dimensions, which can lead to incorrect memory allocation checks. A local attacker could exploit this by creating a...

7.8CVSS6.7AI score0.00139EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added last week6 views

CVE-2026-55487

A flaw was found in pnpm, a package manager. This vulnerability allows a remote attacker to bypass security checks by manipulating how package source strings are processed. By crafting a specially designed source string, an attacker could trick the system into approving and using a malicious...

8.8CVSS6.2AI score0.00118EPSS
Exploits1References4
Rows per page
Query Builder