Lucene search
+L

6225 matches found

RedHat Linux
RedHat Linux
added 2026/07/08 9:46 a.m.7 views

xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: use-after-free in SyncChangeCounter()

A use-after-free flaw was found in the X.Org X server and Xwayland in SyncChangeCounter. A client that sets up multiple SyncCounters can trigger a use-after-free when destroying those counters via a second client connection while changing those counters. This may be used to crash the server, or f...

7.8CVSS6.9AI score0.0014EPSS
Exploits0References7
AlpineLinux
AlpineLinux
added 2026/07/08 9:25 a.m.9 views

CVE-2026-56003

A heap buffer overflow due to missing size checking in the property buffer when parsing PCF files in libXfont2 ComputeScaledProperties before libXfont2 before 2.0.8 could be used by attackers using authenticated X clients to execute code within the X server...

8.8CVSS6.3AI score0.00643EPSS
Exploits0
EUVD
EUVD
added 2026/07/08 5:58 a.m.8 views

EUVD-2026-42177

An Improper Authentication vulnerability affecting DELMIA Apriso from Release 2020 through Release 2026 could allow an attacker to gain privileged access to the server...

9.8CVSS6AI score0.00326EPSS
Exploits0References1
CVE
CVE
added 2026/07/06 3:25 p.m.16 views

CVE-2026-5268

Technical details about CVE-2026-5268 are not publicly provided in the supplied documents. No affected products, versions, root cause, or remediation are enumerated here. Monitor for updates and additional technical disclosures.

9.1CVSS6AI score0.0042EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/07/05 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2020-14844

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: PS. Supported versions that are affected are 8.0.21 and prior. Easily exploitable...

6.8CVSS6AI score0.02183EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.14 views

PT-2026-54750

Name of the Vulnerable Software and Affected Versions Guardian language-system affected versions not specified Description An unauthenticated remote attacker can execute arbitrary OS commands on the server. The issue occurs because the translate text.php file passes the id GET parameter directly...

9.8CVSS6.1AI score0.00537EPSS
Exploits0References5
OSV
OSV
added 2026/06/29 11:50 a.m.7 views

PYSEC-2026-371 Open Source Kubectl MCP Server vulnerable to arbitrary code execution via user interaction with crafted HTML page

An issue in Open Source Kubectl MCP Server v1.1.1 allows attackers to execute arbitrary code on a victim system via user interaction with a crafted HTML page...

9.8CVSS6.2AI score0.00578EPSS
Exploits0References6
OSV
OSV
added 2026/06/26 2:16 a.m.3 views

ALPINE-CVE-2026-48619

A flaw in Node.js HTTP/2 client allows a server to send an unlimited number of ORIGIN frames, which could lead to an Out of Memory error on the client. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

7.5CVSS6.3AI score0.00656EPSS
Exploits0References1
CVE
CVE
added 2026/06/24 9:17 p.m.24 views

CVE-2026-54069

SiYuan Note

9.2CVSS5.9AI score0.00607EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/24 5:15 p.m.7 views

Apache Tomcat: Apache Tomcat: Incorrect control flow in rewrite valve allows unexpected rule processing

A flaw was found in Apache Tomcat's rewrite valve. This vulnerability involves an incorrect control flow implementation where, during the processing of rewrite rules, if the first condition in an OR chain matched, subsequent non-OR conditions were unexpectedly skipped. This can lead to unintended...

7.3CVSS6.1AI score0.00413EPSS
Exploits0References5
NVD
NVD
added 2026/06/24 3:16 p.m.10 views

CVE-2026-12986

A critical vulnerability in Admin GUI in Payara Server Full 4.x, 5.x, 6.x, 7.x, 7.2026.x, 6.2025.x, 6.2024.x on All platforms that allows the attacker to leak the admin gfresttoken to an attacker-controlled host that can result in a full unauthenticated takeover of Payara admin domain. A...

8.8CVSS0.00181EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/23 7:29 a.m.11 views

redis: RESTORE invalid memory access may allow remote code execution

A flaw was found in Redis. An authenticated attacker with permission to execute the RESTORE command can send a crafted serialized payload that may lead to an invalid memory access due to an improper validation of the serialized values. This flaw can cause the server to crash and may allow arbitra...

8.8CVSS6.1AI score0.02995EPSS
Exploits0References6
Snyk
Snyk
added 2026/06/22 9:10 p.m.4 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the JMX RMI connector. An attacker can execute arbitrary code on the server by sending specially crafted serialized Java objects prior to authentication. Note: This is only exploitable if the JMX...

9.8CVSS6.2AI score
Exploits0References2
Wolfi
Wolfi
added 2026/06/22 8:20 p.m.12 views

GHSA-VM85-HXW5-5432 vulnerabilities

Vulnerabilities for packages: nextcloud-server...

5.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.9 views

Amazon Linux 2023 : libnetapi, libnetapi-devel, libsmbclient (ALAS2023-2026-1895)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1895 advisory. unauthenticated udp packet crashes AD DC nbt server CVE-2026-3238 Samba file servers and classic non-AD domain controllers offer theSamValidatePasswordChange and SamValidatePasswordReset RPC...

9.8CVSS6.6AI score0.12797EPSS
Exploits9References8
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-12199

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability in nltk.app.wordnetapp up to version 3.9.3 allows unauthenticated remote shutdown of the local WordNet Browser HTTP server when started in its...

7.5CVSS7.1AI score0.00325EPSS
Exploits0References3
CVE
CVE
added 2026/06/19 3:53 p.m.22 views

CVE-2026-12621

GridTime 3000 GNSS Time Server Password Reset form is vulnerable to XSS due to improper neutralization of input during web page generation. Affected from 1.0r0.03 up to, but not including, 1.2r0.0. Base CVSS v4 score is 5.3 (Medium). No exploitation details are provided in the documents; no remed...

5.4CVSS5.8AI score0.00136EPSS
Exploits0References1Affected Software1
Debian CVE
Debian CVE
added 2026/06/18 6:1 p.m.11 views

CVE-2026-48937

A flaw in Node.js HTTP/2 server API can cause servers to keep accepting data even after sending a GOAWAY frame. This vulnerability affects two supported release lines: Node.js 22 and Node.js 24...

5.3CVSS5.3AI score0.00445EPSS
Exploits0
OSV
OSV
added 2026/06/18 1:52 p.m.4 views

GHSA-VMF9-XX9W-86WX PraisonAI ToolsMCPServer legacy SSE transport accepts attacker Host/Origin and exposes registered tools

PraisonAI ToolsMCPServer legacy SSE transport accepts attacker Host/Origin and exposes registered tools Summary praisonaiagents.mcp.ToolsMCPServer.runsse builds a Starlette MCP HTTP+SSE server around mcp.server.sse.SseServerTransport. The server exposes /sse and /messages/, but it does not valida...

8.3CVSS5.6AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.15 views

PT-2026-49891

Name of the Vulnerable Software and Affected Versions Oracle WebCenter Content version 12.2.1.4.0 Oracle WebCenter Content version 14.1.2.0.0 Description An issue exists in the Content Server component of Oracle WebCenter Content. An unauthenticated attacker with network access via HTTP can...

9CVSS5.9AI score0.00366EPSS
Exploits0References5
Rows per page
Query Builder