Lucene search
K

48594 matches found

NVD
NVD
added 2026/06/11 10:16 p.m.13 views

CVE-2026-45173

Idira Identity Browser Extension Chrome, Firefox, and Edge builds versions prior to 26.8.1 exhibit an origin validation flaw within its internal web-page verification routines. If an authenticated user navigates to a specially crafted webpage, this interaction could potentially allow a remote...

8.4CVSS0.00161EPSS
Exploits0References1
NVD
NVD
added 2026/06/11 10:16 p.m.11 views

CVE-2026-45172

Due to incomplete input validation in Idira Privileged Session Manager for SSH PSMP versions prior to 15.0.2, 14.6.3, 14.2.5, and 14.0.6, an authenticated, low-privileged user could potentially execute arbitrary commands on the PSMP host. CyberArk Security Bulletins: CA26-17 and CA26-18...

8.8CVSS0.0055EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/11 9:55 p.m.9 views

CVE-2026-45171 Idira Privileged Session Manager (PSM): Potential Code Execution due to an Incomplete Input Validation

Incomplete input validation and improperly configured folder permissions within Idira Privileged Session Manager PSM versions prior to 15.0.3, 14.6.3, 14.2.5, and 14.0.5, an authenticated, low-privileged user could potentially execute arbitrary code. CyberArk Security Bulletin: CA26-17 and CA26-1...

8.7CVSS5.7AI score0.00544EPSS
Exploits0References4
CVE
CVE
added 2026/06/11 9:55 p.m.18 views

CVE-2026-45171

Idira Privileged Session Manager (PSM) affected by CVE-2026-45171 due to incomplete input validation and misconfigured folder permissions. Versions prior to 15.0.3, 14.6.3, 14.2.5, and 14.0.5 are at risk. An authenticated, low-privileged user could potentially execute arbitrary code. The issue is...

8.8CVSS5.8AI score0.00544EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/06/11 9:41 p.m.29 views

CVE-2026-45172

The CVE describes an input validation flaw in Idira Privileged Session Manager for SSH (PSMP). A authenticated, low-privilege user could potentially execute arbitrary commands on the PSMP host due to incomplete input validation in PSMP versions prior to 15.0.2, 14.6.3, 14.2.5, and 14.0.6. Affecte...

8.8CVSS5.9AI score0.0055EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/06/11 9:41 p.m.31 views

CVE-2026-45172 Idira Privileged Session Manager for SSH (PSMP): Arbitrary Command Execution via Improper Neutralization of Special Elements used in an OS Command

Due to incomplete input validation in Idira Privileged Session Manager for SSH PSMP versions prior to 15.0.2, 14.6.3, 14.2.5, and 14.0.6, an authenticated, low-privileged user could potentially execute arbitrary commands on the PSMP host. CyberArk Security Bulletins: CA26-17 and CA26-18...

8.7CVSS0.0055EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/11 9:41 p.m.10 views

CVE-2026-45172 Idira Privileged Session Manager for SSH (PSMP): Arbitrary Command Execution via Improper Neutralization of Special Elements used in an OS Command

Due to incomplete input validation in Idira Privileged Session Manager for SSH PSMP versions prior to 15.0.2, 14.6.3, 14.2.5, and 14.0.6, an authenticated, low-privileged user could potentially execute arbitrary commands on the PSMP host. CyberArk Security Bulletins: CA26-17 and CA26-18...

8.7CVSS5.7AI score0.0055EPSS
Exploits0References4
CVE
CVE
added 2026/06/11 7:4 p.m.18 views

CVE-2026-49973

CVE-2026-49973 affects Hermes WebUI prior to version 0.51.358. The issue is an improper access control in the settings API that allows unauthenticated remote attackers to hijack the initial setup by posting to the /api/settings endpoint using the _set_password parameter without origin restriction...

9.4CVSS5.7AI score0.00543EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/11 5:18 p.m.10 views

EUVD-2026-36272

aiograpi is an asynchronous Instagram API for Python. aiograpi versions before 0.9.10 accepted server-supplied signup challenge paths and used them to build request URLs before validating that the paths were relative Instagram API paths. If an attacker can influence a challenge response, for...

6.5CVSS5.4AI score0.00195EPSS
Exploits0References4
NVD
NVD
added 2026/06/11 4:16 p.m.15 views

CVE-2026-4096

IBM DevOps Plan 3.0.0 through 3.0.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking...

6.5CVSS0.00149EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/11 2:44 p.m.10 views

CVE-2026-4096 A vulnerability has been identified in IBM DevOps Plan that allows a Host Header Injection attack due to improper handling of the Host header in HTTP requests.

IBM DevOps Plan 3.0.0 through 3.0.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking...

6.5CVSS5.3AI score0.00149EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/11 2:44 p.m.29 views

CVE-2026-4096 A vulnerability has been identified in IBM DevOps Plan that allows a Host Header Injection attack due to improper handling of the Host header in HTTP requests.

IBM DevOps Plan 3.0.0 through 3.0.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking...

6.5CVSS0.00149EPSS
Exploits0References1
CVE
CVE
added 2026/06/11 2:44 p.m.24 views

CVE-2026-4096

Summary of CVE-2026-4096 (IBM DevOps Plan) IBM DevOps Plan versions 3.0.0 to 3.0.6 are affected by an HTTP header injection vulnerability caused by improper validation of the Host header. This can enable attacker-driven attacks such as cross-site scripting, cache poisoning, or session hijacking a...

6.5CVSS5.3AI score0.00149EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/11 2:44 p.m.9 views

EUVD-2026-36252

IBM DevOps Plan 3.0.0 through 3.0.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking...

6.5CVSS5.3AI score0.00149EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/11 2:41 p.m.31 views

CVE-2026-7787 Unauthenticated Session History Access via Public Flow Execution

IBM Langflow OSS 1.0.0 through 1.9.1 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references...

7.5CVSS0.00248EPSS
Exploits0References1
CVE
CVE
added 2026/06/11 2:41 p.m.26 views

CVE-2026-7787

CVE-2026-7787 affects Langflow OSS versions 1.0.0–1.9.1. A session ID namespace bypass in the POST /api/v1/build_public_tmp/{flow_id}/flow endpoint allows unauthenticated attackers to read or modify chat history by overriding the session_id used during flow execution when a PUBLIC flow includes a...

8.1CVSS5.4AI score0.00248EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/11 2:41 p.m.8 views

CVE-2026-7787 Unauthenticated Session History Access via Public Flow Execution

IBM Langflow OSS 1.0.0 through 1.9.1 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references...

7.5CVSS5.5AI score0.00248EPSS
Exploits0References1
NVD
NVD
added 2026/06/11 2:16 p.m.9 views

CVE-2026-53661

Boruta is a standalone authorization server that aims to implement OAuth 2.0 and Openid Connect up to decentralized identity specifications. Prior to version 0.9.1, boruta session cookies and the identity “remember me” cookie were set without the Secure attribute. In deployments where users could...

8.8CVSS0.00259EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/11 1:58 p.m.13 views

crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption

A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security TLS session resumption when certificate authority CA settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing ...

10CVSS6.8AI score0.00765EPSS
Exploits1References8
RedHat Linux
RedHat Linux
added 2026/06/11 1:58 p.m.21 views

Important: Red Hat Security Advisory: runc security update

An update for runc is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

10CVSS7.1AI score0.01945EPSS
Exploits3References5
Rows per page
Query Builder