Lucene search
K

152 matches found

Cvelist
Cvelist
added 6 hours ago9 views

CVE-2026-20187 Cisco RoomOS Security Hardening Release - Exceptional Conditions Handling Vulnerabilities

As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has conducted a comprehensive internal security review. This review resulted in a software hardening release that addresses multiple internally discovered vulnerabilities. The...

7.5CVSS
Exploits0References1
Cvelist
Cvelist
added 6 hours ago9 views

CVE-2026-20158 Cisco RoomOS Security Hardening Release - Resource Lifetime Management Vulnerabilities

As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has conducted a comprehensive internal security review. This review resulted in a software hardening release that addresses multiple internally discovered vulnerabilities. The...

7.5CVSS
Exploits0References1
Cvelist
Cvelist
added 6 hours ago7 views

CVE-2026-20153 Cisco RoomOS Security Hardening Release - Input Validation Vulnerabilities

As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has conducted a comprehensive internal security review. This review resulted in a software hardening release that addresses multiple internally discovered vulnerabilities. The...

7.5CVSS
Exploits0References1
Cvelist
Cvelist
added 6 hours ago8 views

CVE-2026-20157 Cisco RoomOS Security Hardening Release - Missing Encryption Vulnerabilities

As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has conducted a comprehensive internal security review. This review resulted in a software hardening release that addresses multiple internally discovered vulnerabilities. The...

7.5CVSS
Exploits0References1
CVE
CVE
added 6 hours ago7 views

CVE-2026-20157

Technical details are not publicly available in provided documents. The CVE entry mentions missing encryption under CWE-311 and a Cisco RoomOS hardening release, but specific affected products, versions, root cause, impact, or fixes are not disclosed here. Monitor for updates.

7.5CVSS6.1AI score
Exploits0References1
Cvelist
Cvelist
added 6 hours ago7 views

CVE-2026-20156 Cisco RoomOS Security Hardening Release - Buffer Management Vulnerabilities

As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has conducted a comprehensive internal security review. This review resulted in a software hardening release that addresses multiple internally discovered vulnerabilities. The...

8.1CVSS
Exploits0References1
CVE
CVE
added 6 hours ago10 views

CVE-2026-20156

CVE-2026-20156 relates to Cisco RoomOS and a set of buffer management vulnerabilities (CWE-119) arising from improper bounds checks. The hardening release addresses multiple internally discovered issues; CVSSv3.1 metrics indicate network-access, high impact on confidentiality, integrity, and avai...

8.1CVSS6.2AI score
Exploits0References1
Cvelist
Cvelist
added 6 hours ago9 views

CVE-2026-20150 Cisco RoomOS Security Hardening Release - Access Control Vulnerabilities

As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has conducted a comprehensive internal security review. This review resulted in a software hardening release that addresses multiple internally discovered vulnerabilities. The...

8.8CVSS
Exploits0References1
CVE
CVE
added 6 hours ago8 views

CVE-2026-20150

CVE-2026-20150 concerns Cisco RoomOS, detailing improper access control (CWE-284). CVSS 3.1: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H; impact: high across confidentiality, integrity, availability; vector: network, no user interaction, low privileges required. A Cisco software hardening release is cite...

8.8CVSS6.1AI score
Exploits0References1
OSV
OSV
added 2026/07/02 4:58 p.m.4 views

GHSA-P39J-X9H5-Q66M OpenClaw: Embedded runner policy could be confused by provider aliases

Summary Embedded runner policy could be confused by provider aliases. In affected versions, a request using provider aliases could compare policy against an alias instead of the canonical provider identity. This advisory is scoped to the named feature and configuration. It does not change...

4.8CVSS5.9AI score0.00093EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/06/17 6:35 p.m.13 views

OpenStack Horizon RC file generation does not escape special characters in project names

OpenStack Horizon before 25.7.4 produces scripts for OpenStack RC file downloading that may have a crafted project name with shell metacharacters. NOTE: some parties consider this a security hardening opportunity to address certain types of user error, not a vulnerability...

6CVSS5.3AI score0.0019EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/06/17 3:17 p.m.12 views

CVE-2026-55748

OpenStack Horizon before 25.7.4 produces scripts for OpenStack RC file downloading that may have a crafted project name with shell metacharacters. NOTE: some parties consider this a security hardening opportunity to address certain types of user error, not a vulnerability...

6CVSS0.0019EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 2:12 p.m.10 views

EUVD-2026-37723

OpenStack Horizon before 25.7.4 produces scripts for OpenStack RC file downloading that may have a crafted project name with shell metacharacters. NOTE: some parties consider this a security hardening opportunity to address certain types of user error, not a vulnerability...

6CVSS5.4AI score0.0019EPSS
Exploits0References2
CVE
CVE
added 2026/06/17 2:12 p.m.16 views

CVE-2026-55748

OpenStack Horizon prior to 25.7.4 can generate scripts for downloading OpenStack RC files where a crafted project name containing shell metacharacters is possible. The description notes this as a security hardening opportunity rather than a vulnerability, and the CVSS 3.1 metrics indicate a MEDIU...

6CVSS5.4AI score0.0019EPSS
Exploits0References2
SUSE Linux
SUSE Linux
added 2026/05/18 8:16 a.m.7 views

Security update for php-composer2

This update for php-composer2 fixes the following issues CVE-2026-40176: command injection via malicious Perforce repository definition bsc1262254. CVE-2026-40261: command injection via malicious Perforce source reference/url bsc1262255. Changes for php-composer2: version update to 2.2.27 align...

7.8CVSS7.6AI score0.03282EPSS
Exploits4References20
Veeam
Veeam
added 2026/05/15 12:0 a.m.12 views

Exchange Backup Jobs Run Longer Than Expected or Fail with: Contract schema check for the Exchange Online REST API failed

Challenge Exchange backup jobs in Veeam Backup for Microsoft 365 or Veeam Data Cloud for Microsoft 365 run far longer than expected or fail to complete. The job log contains the following warnings and errors: Warning: Failed to retrieve Exchange Online REST API cmdlet information Warning: HTTP...

5.8AI score
Exploits0Affected Software1
OSV
OSV
added 2026/05/07 9:45 p.m.4 views

GHSA-J7H9-2JH7-G967 mcp-ssh-tool has file transfer path policy bypass and bearer token comparison hardening

Summary mcp-ssh-tool has released version 2.1.1 with security hardening for transfer path authorization and HTTP bearer authentication. The release addresses: - insufficient local path policy enforcement in transfer-related filesystem handling - incomplete canonicalization and segment-boundary...

8.7CVSS5.8AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/07 9:45 p.m.13 views

mcp-ssh-tool has file transfer path policy bypass and bearer token comparison hardening

Summary mcp-ssh-tool has released version 2.1.1 with security hardening for transfer path authorization and HTTP bearer authentication. The release addresses: - insufficient local path policy enforcement in transfer-related filesystem handling - incomplete canonicalization and segment-boundary...

5.8AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/30 5:25 p.m.19 views

Jupyter Notebook Vulnerable to Authentication Token Theft via CommandLinker XSS

Impact A stored Cross-Site Scripting XSS vulnerability in Jupyter Notebook allows attackers to steal authentication tokens from users who open malicious notebook files and interact with elements that the attacker can make look indistinguishable from legitimate controls single click interaction. T...

8.4CVSS5.7AI score0.00476EPSS
Exploits0References4Affected Software4
OSV
OSV
added 2026/04/28 3:28 p.m.3 views

SUSE-SU-2026:21422-1 Security update for libsodium

This update for libsodium fixes the following issues: Security fixes: - CVE-2025-15444: Cryptographic bypass via improper elliptic curve point validation bsc1256070. - CVE-2025-69277: incorrect validation of elliptic curve points certain custom cryptography or untrusted data to...

9.8CVSS5.9AI score0.00228EPSS
Exploits0References5
Rows per page
Query Builder