Lucene search
+L

815 matches found

CVE
CVE
added 3 days ago19 views

CVE-2026-46421

The CVE concerns a supply-chain compromise in the SAP Cloud Application Programming Model’s cap-js/cds-dbs monorepo. On 2026-04-29, compromised versions of @cap-js/[email protected], @cap-js/[email protected], and @cap-js/[email protected] were published; these malicious packages harvested credentials (n...

9.3CVSS6.1AI score0.00384EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/08 10:4 p.m.33 views

CVE-2026-54776 CoreWCF: Unix Domain Socket PosixIdentity transport accepts connections that skip the security upgrade

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, a CoreWCF service hosted on Unix Domain Sockets with PosixIdentity client credentials can accept connections that skip the application/unixposix stream upgrade before dispatching...

4.4CVSS0.00109EPSS
Exploits0References6
CVE
CVE
added 2026/07/08 10:4 p.m.24 views

CVE-2026-54776

CoreWCF (UnixDomainSocket transport) with PosixIdentity client credentials is affected by a vulnerability where connections can bypass the framing-layer identity checks by skipping the application/unixposix stream upgrade before message dispatch. Affected versions include CoreWCF prior to 1.8.1 a...

4.4CVSS6AI score0.00109EPSS
Exploits0References6
OSV
OSV
added 2026/07/08 10:4 p.m.4 views

CVE-2026-54776 CoreWCF: Unix Domain Socket PosixIdentity transport accepts connections that skip the security upgrade

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, a CoreWCF service hosted on Unix Domain Sockets with PosixIdentity client credentials can accept connections that skip the application/unixposix stream upgrade before dispatching...

4.4CVSS6.1AI score0.00109EPSS
Exploits0References8
Snyk
Snyk
added 2026/07/07 4:40 p.m.6 views

Buffer Access with Incorrect Length Value

Overview Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Affected versions of this package are vulnerable to Buffer Access with Incorrect Length Value in the GDALRaster process when constructed from a bytes object. An attacker can access...

6.3CVSS6AI score0.00291EPSS
Exploits0References2
CVE
CVE
added 2026/07/06 8:2 a.m.14 views

CVE-2026-46584

CVE-2026-46584 affects Apache Camel’s Mail component. The MailProducer.getSender could read headers from the mail.smtp/mail.smtps namespace and apply them as JavaMail session properties, overriding endpoint config. This allows attacker-controlled inputs to influence SMTP parameters if untrusted i...

3.7CVSS6AI score0.00378EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/06 7:55 a.m.7 views

CVE-2026-46453

Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel ElasticSearch Rest Client. The camel-elasticsearch-rest-client component reads several Exchange headers to control its behaviour - SEARCHQUERY an advanced query body, OPERATION which...

6AI score0.00451EPSS
Exploits1References2Affected Software1
Snyk
Snyk
added 2026/07/04 11:13 a.m.6 views

Improper Resource Shutdown or Release

Overview Affected versions of this package are vulnerable to Improper Resource Shutdown or Release via the RRCInactiveTransitionReport function of the NGAP Message Handler component. An attacker can cause a service disruption by sending specially crafted messages remotely. Remediation Upgrade...

5.3CVSS6AI score0.00522EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/29 10:23 p.m.6 views

Always-Incorrect Control Flow Implementation

Overview org.apache.tomcat:tomcat-util is a Common code shared by multiple Tomcat components. Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation due to the incomplete logging of the effective web.xml when special roles and empty authorization...

9.1CVSS5.9AI score0.00368EPSS
Exploits0References2
OSV
OSV
added 2026/06/23 2:37 p.m.6 views

BIT-APISIX-2026-49871 Apache APISIX: cas-auth login CSRF / session injection issue

Cross-Site Request Forgery CSRF vulnerability in the cas-auth plugin under default configurations. This defect allows a remote attacker that manages to send a victim to a webpage controlled by them can cause the victim's browser to become authenticated as a different identity. Actions the victim...

9.3CVSS5.9AI score0.00261EPSS
Exploits0References3
CBLMariner
CBLMariner
added 2026/06/22 9:21 p.m.7 views

CVE-2026-46136 affecting package kernel for versions less than 6.6.141.1-1

CVE-2026-46136 affecting package kernel for versions less than 6.6.141.1-1. An upgraded version of the package is available that resolves this issue...

7.8CVSS5.8AI score0.00129EPSS
Exploits0
OSV
OSV
added 2026/06/19 8:46 p.m.6 views

GHSA-WJPQ-6766-7F5J CoreWCF: Unix Domain Socket PosixIdentity transport accepts connections that skip the security upgrade

Impact A CoreWCF service hosted on Unix Domain Sockets with the PosixIdentity client credential type UnixDomainSocketBinding with Security.Mode = TransportCredentialOnly and Security.Transport.ClientCredentialType = PosixIdentity does not require the client to perform the application/unixposix...

4.4CVSS5.8AI score0.00109EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/19 8:46 p.m.8 views

CoreWCF: Unix Domain Socket PosixIdentity transport accepts connections that skip the security upgrade

Impact A CoreWCF service hosted on Unix Domain Sockets with the PosixIdentity client credential type UnixDomainSocketBinding with Security.Mode = TransportCredentialOnly and Security.Transport.ClientCredentialType = PosixIdentity does not require the client to perform the application/unixposix...

4.4CVSS5.8AI score0.00109EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.12 views

PT-2026-51073

Name of the Vulnerable Software and Affected Versions CoreWCF versions prior to 1.8.1 CoreWCF versions prior to 1.9.1 Description A CoreWCF service hosted on Unix Domain Sockets using PosixIdentity client credentials may accept connections that bypass the application/unixposix stream upgrade befo...

4.4CVSS6AI score0.00109EPSS
Exploits0References12
OSV
OSV
added 2026/06/12 2:57 p.m.2 views

CVE-2026-9641 Crypt::PBKDF2 versions before 0.261630 for Perl have a weak default algorithm and number of iterations

Crypt::PBKDF2 versions before 0.261630 for Perl have a weak default algorithm and number of iterations. The default algorithm is HMAC-SHA1, which should only be used for legacy systems. These versions default to using 1000 iterations. Depending on the chosen algorithm, 220,000 to 1,400,000...

5.3CVSS5.9AI score0.00226EPSS
Exploits0References11
NVD
NVD
added 2026/06/12 10:16 a.m.12 views

CVE-2026-50629

The 'clientId' parameter from incoming HTTP requests is directly concatenated into OAuth2 server log warning messages without sanitizing control characters. This allows an attacker to inject arbitrary content, including fake log entries, into the server's log files. Users are recommended to upgra...

5.3CVSS0.0047EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/12 8:56 a.m.8 views

EUVD-2026-36396

A logic error in OAuthRequestFilter rejects legitimate requests originating from the bound IP address, while blindly allowing requests from any other IP address. Enabling this security feature inadvertently creates an inverse security check. Users are recommended to upgrade to versions 4.2.2 or...

5.2AI score0.00668EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.17 views

PT-2026-48851

A further incomplete fix for a previous advisory CVE-2026-44417 Untrusted JMS configuration can lead to RCE for Apache CXF has been identified, which can allow code execution capabilities, if untrusted users are allowed to configure JMS for Apache CXF. Users are recommended to upgrade to versions...

5.7AI score0.00646EPSS
Exploits0References2
OSV
OSV
added 2026/06/09 2:30 a.m.4 views

CVE-2026-11619 Dolibarr ERP CRM Legacy Filemanager config.inc.php improper authorization

A vulnerability was identified in Dolibarr ERP CRM up to 23.0.2. The impacted element is an unknown function of the file htdocs/core/filemanagerdol/connectors/php/config.inc.php of the component Legacy Filemanager. The manipulation leads to improper authorization. It is possible to initiate the...

5.3CVSS5.5AI score0.00209EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.17 views

PT-2026-47720

Name of the Vulnerable Software and Affected Versions apache-airflow-providers-samba versions prior to 4.12.6 Description The GCSToSambaOperator in the Apache Airflow Samba provider fails to perform a containment check when joining GCS object names to the SMB destination path. This allows an...

6.5CVSS5.6AI score0.00695EPSS
Exploits0References9
Rows per page
Query Builder