Lucene search
K

66 matches found

EUVD
EUVD
added 6 days ago6 views

EUVD-2026-42283

A flaw was found in the TrustyAI Service Operator. When deploying services like gorch or NemoGuardrails, if a specific security setting is not enabled, these services can expose their communication channels without requiring users to prove their identity. This allows any other program within the...

6.3CVSS5.9AI score0.0017EPSS
Exploits0References2
Cvelist
Cvelist
added 6 days ago40 views

CVE-2026-15044 Trustyai-service-operator: trustyai service operator: unauthenticated access to ai guardrails and orchestrator apis

A flaw was found in the TrustyAI Service Operator. When deploying services like gorch or NemoGuardrails, if a specific security setting is not enabled, these services can expose their communication channels without requiring users to prove their identity. This allows any other program within the...

6.3CVSS0.0017EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 6 days ago6 views

PT-2026-56458

Name of the Vulnerable Software and Affected Versions TrustyAI Service Operator affected versions not specified Description A flaw in the TrustyAI Service Operator occurs when deploying services such as gorch or NemoGuardrails. If a specific security setting is not enabled, these services expose...

6.3CVSS6.1AI score0.0017EPSS
Exploits0References4
OSV
OSV
added 2026/06/30 1:16 a.m.4 views

UBUNTU-CVE-2026-12243

NLTK version 3.9.4 is vulnerable to a path traversal attack due to an incomplete fix for GitHub Issue 3504. The UNSAFENOPROTOCOLRE regex in nltk/data.py checks for literal ../ sequences but fails to account for percent-encoded traversal sequences such as ..%2f. The url2pathname function decodes...

7.5CVSS7.2AI score0.0051EPSS
Exploits1References3
The Hacker News
The Hacker News
added 2026/06/06 1:36 p.m.18 views

New ChatGPT Lockdown Mode Limits Tools That Could Enable Data Exfiltration

OpenAI has begun rolling out a new Lockdown Mode to ChatGPT for eligible personal accounts to reduce the risk of data exfiltration arising from prompt injection attacks. The feature is primarily designed for people and organizations that handle sensitive data and require stricter protection...

5.7AI score
Exploits0
NVD
NVD
added 2026/06/03 8:16 p.m.12 views

CVE-2026-40495

FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 leak the exact system version through asset cache buster parameters in HTML output, bypassing the hideversionpublic security setting. The FOSSBilling version is embedded in the query string of every a...

6.9CVSS0.00279EPSS
Exploits0References2
OSV
OSV
added 2026/05/29 8:44 a.m.14 views

BIT-JOOMLA-2026-48902 Joomla! Core - [20260518] - Transport encryption downgrade for password and username reset links

The password and username reset features created plain http links for https connections if the "Force SSL" flag wasn't explicitly set...

9.8CVSS5.8AI score0.0019EPSS
Exploits0References2
CVE
CVE
added 2026/05/26 4:43 p.m.44 views

CVE-2026-48902

CVE-2026-48902 affects Joomla! Core. The password/username reset features generate plain http links for https connections when Force SSL is not explicitly enabled, enabling possible credential exposure via downgraded transport. The issue is documented across multiple feeds (e.g., JOOMLA-1050) and...

9.8CVSS5.8AI score0.0019EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/09 2:21 a.m.16 views

CVE-2026-30495

The Optoma CinemaX P2 projector firmware TVOS-04.24.010.04.01, Android 8.0.0 exposes Android Debug Bridge ADB on TCP port 5555 over the network without requiring authentication. The device is configured with ro.adb.secure=0, which disables RSA key verification. Additionally, a functional su binar...

8.8CVSS5.8AI score0.00216EPSS
Exploits0References1
OSV
OSV
added 2026/03/06 10:16 p.m.17 views

AZL-79649 CVE-2026-27142 affecting package tensorflow 2.16.1-11

Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actio...

6.1CVSS7.2AI score0.00328EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2005-4764

Malware in sbrugna...

4.6CVSS6.4AI score0.0032EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-17317

Malicious code in bioql PyPI...

5.9CVSS6.6AI score0.00593EPSS
Exploits0References3
OSV
OSV
added 2025/09/22 9:10 p.m.5 views

GHSA-WQ2J-W9PM-7X2P DNN allows loading unused themes on anonymous clients through query parameters

Summary Arbitrary themes can be loaded through query parameters. If an installed theme had a vulnerability, even if it was not used on any page, this could be loaded on unsuspecting clients without knowledge of the site owner. Details Many people who run DNN sites have a number of installed theme...

6.5CVSS7.7AI score0.00322EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/05/23 6:19 a.m.12 views

CVE-2024-43382

Snowflake JDBC driver versions = 3.2.6 and = 3.19.1 have an Incorrect Security Setting that can result in data being uploaded to an encrypted stage without the additional layer of protection provided by client side encryption...

5.9CVSS6.7AI score0.00173EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/28 10:48 p.m.18 views

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in the Snowflake JDBC driver

Summary Multiple vulnerabilities in the Snowflake JDBC driver that is used by InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2024-43382 DESCRIPTION: Snowflake JDBC driver could provide weaker than expected security, caused by an incorrect security setting. A remote...

7.8CVSS7.3AI score0.00252EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2025/01/09 12:0 a.m.6 views

PT-2025-4489 · Mattermost +1 · Mattermost +1

Name of the Vulnerable Software and Affected Versions: Mattermost versions 10.x through 10.2 Description: The issue arises from Mattermost's failure to accurately reflect missing settings, leading to confusion among administrators regarding a Calls security-sensitive configuration due to incorrec...

8.9CVSS6.4AI score0.0104EPSS
Exploits2References91
Veracode
Veracode
added 2024/11/13 4:38 a.m.22 views

Incorrect Security Setting

net.snowflake, snowflake-jdbc is vulnerable to an Incorrect Security Setting. The vulnerability is due to data being uploaded to an encrypted stage without client-side encryption, allowing unauthorized parties to access or modify sensitive information...

5.9CVSS6.6AI score0.00173EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2024/10/30 9:15 p.m.22 views

CVE-2024-43382

Snowflake JDBC driver versions = 3.2.6 and = 3.19.1 have an Incorrect Security Setting that can result in data being uploaded to an encrypted stage without the additional layer of protection provided by client side encryption...

5.9CVSS0.00173EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2024/10/30 2:37 p.m.26 views

Snowflake JDBC Security Advisory

Impacted Products Snowflake JDBC driver versions = 3.2.6 & = 3.19.1 are affected. Introduction Snowflake recently identified an issue affecting JDBC drivers that can result in data being uploaded to an encrypted stage without the additional layer of protection provided by client side encryption...

5.9CVSS6.8AI score0.00173EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2024/10/30 12:0 a.m.281 views

CVE-2024-43382

CVE-2024-43382 affects Snowflake JDBC driver bug where versions 3.2.6–3.19.1 have an incorrect security setting that can allow data to be uploaded to an encrypted stage without the extra protection of client-side encryption. The root cause is an insufficient security configuration, potentially ex...

5.9CVSS6.9AI score0.00173EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder