Lucene search
K

48594 matches found

Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.11 views

PT-2026-48787

Name of the Vulnerable Software and Affected Versions Idira Privileged Session Manager PSM versions prior to 15.0.3 Idira Privileged Session Manager PSM versions prior to 14.6.3 Idira Privileged Session Manager PSM versions prior to 14.2.5 Idira Privileged Session Manager PSM versions prior to...

8.8CVSS6AI score0.00544EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.9 views

PT-2026-48665

Boruta is a standalone authorization server that aims to implement OAuth 2.0 and Openid Connect up to decentralized identity specifications. Prior to version 0.9.1, boruta session cookies and the identity “remember me” cookie were set without the Secure attribute. In deployments where users could...

8.8CVSS5.5AI score0.00259EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.12 views

PT-2026-48788

Name of the Vulnerable Software and Affected Versions Idira Privileged Session Manager for SSH PSMP versions prior to 15.0.2 Idira Privileged Session Manager for SSH PSMP versions prior to 14.6.3 Idira Privileged Session Manager for SSH PSMP versions prior to 14.2.5 Idira Privileged Session Manag...

8.8CVSS5.7AI score0.0055EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.14 views

PT-2026-48672

Name of the Vulnerable Software and Affected Versions IBM DevOps Plan versions 3.0.0 through 3.0.6 Description An issue exists due to improper validation of input within the Host header of HTTP requests. This allows for HTTP header injection, which can be leveraged to perform cross-site scripting...

6.5CVSS5.7AI score0.00149EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.21 views

PT-2026-48659

A vulnerability was determined in TwiN gatus 5.36.0. Impacted is the function setSessionCookie of the file security/oidc.go of the component OIDC Session Cookie Handler. Executing a manipulation can lead to sensitive cookie without secure attribute. The attack can be launched remotely. This attac...

6.3CVSS4.9AI score0.00191EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.13 views

RHEL 9 : skopeo (RHSA-2026:25250)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:25250 advisory. The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and...

10CVSS5.6AI score0.01945EPSS
Exploits3References12
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.14 views

RHEL 9 : buildah (RHSA-2026:25252)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:25252 advisory. The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a...

10CVSS5.6AI score0.01945EPSS
Exploits3References12
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.18 views

PT-2026-48789

Name of the Vulnerable Software and Affected Versions Idira Identity Browser Extension Chrome, Firefox, and Edge builds versions prior to 26.8.1 Description An origin validation flaw exists within the internal web-page verification routines. This issue allows a remote attacker to trigger...

8.4CVSS5.6AI score0.00161EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.17 views

CyberArk Idira Privileged Session Manager 路径遍历漏洞

CyberArk Idira Privileged Session Manager is a privileged session management platform developed by the American company CyberArk. Versions of CyberArk Idira Privileged Session Manager prior to 15.0.3, 14.6.3, 14.2.5, and 14.0.5 contained a path traversal vulnerability. This vulnerability stemmed...

8.8CVSS5.9AI score0.00544EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.12 views

boruta-server 安全漏洞

Boruta-Server is an open-source independent authorization server developed by Malach.it. Versions of Boruta-Server prior to 0.9.1 contained security vulnerabilities. These vulnerabilities stemmed from the lack of the Secure attribute for session cookies and remember-me cookies. In deployments whe...

8.8CVSS5.3AI score0.00259EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.15 views

gatus 安全漏洞

Gatus is a service health monitoring and alerting tool developed by TwiN’s individual developers. Version 5.36.0 of Gatus contains a security vulnerability. This vulnerability stems from the setSessionCookie function in the OIDC session cookie handler. Performing certain operations may result in...

6.3CVSS4.9AI score0.00191EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.14 views

CyberArk Idira Privileged Session Manager 操作系统命令注入漏洞

CyberArk Idira Privileged Session Manager is a privileged session management platform developed by the American company CyberArk. Versions of CyberArk Idira Privileged Session Manager for SSH prior to 15.0.2, 14.6.3, 14.2.5, and 14.0.6 contained an operating system command injection vulnerability...

8.8CVSS5.9AI score0.0055EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.18 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.5.18 contained security vulnerabilities. These vulnerabilities stemmed from insufficient source verification in node event handling, allowing paired nodes to forge exec lifecycle...

8.6CVSS5.3AI score0.00342EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.13 views

PT-2026-48685

Impact Wreck strips credential headers Authorization, Cookie, Proxy-Authorization before following a cross-origin redirect, but the origin check compares hostnames only and ignores scheme and port. As a result, credentials are forwarded intact across same-host port changes and HTTPS-to-HTTP...

6.5CVSS5.5AI score0.0001EPSS
Exploits0References4
NVD
NVD
added 2026/06/10 11:16 p.m.8 views

CVE-2026-44693

Pi-hole FTL is the core engine of the Pi-hole network-level advertisement and tracker blocker. Prior to version 6.6.1, Pi-hole FTL contains a race condition vulnerability in the HTTP session management subsystem, introduced with the v6.0 rewrite of the embedded CivetWeb-based web server. This iss...

8.8CVSS0.0023EPSS
Exploits0References2
CVE
CVE
added 2026/06/10 10:11 p.m.18 views

CVE-2026-44693

Pi-hole FTL contains a race condition in the HTTP session management subsystem (global session buffer) introduced with the v6.0 CivetWeb rewrite, allowing unauthenticated session hijacking. It affects versions prior to 6.6.1 and is patched in 6.6.1. CVSS v3.1 is 8.8 (Network, Privileges None, Use...

8.8CVSS5.4AI score0.0023EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/10 10:11 p.m.11 views

EUVD-2026-36194

Pi-hole FTL is the core engine of the Pi-hole network-level advertisement and tracker blocker. Prior to version 6.6.1, Pi-hole FTL contains a race condition vulnerability in the HTTP session management subsystem, introduced with the v6.0 rewrite of the embedded CivetWeb-based web server. This iss...

8.8CVSS5.4AI score0.0023EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/10 10:11 p.m.7 views

CVE-2026-44693 Pi-hole FTL: Unauthenticated Session Hijacking via Race Condition on Global Session Buffer

Pi-hole FTL is the core engine of the Pi-hole network-level advertisement and tracker blocker. Prior to version 6.6.1, Pi-hole FTL contains a race condition vulnerability in the HTTP session management subsystem, introduced with the v6.0 rewrite of the embedded CivetWeb-based web server. This iss...

8.8CVSS5.4AI score0.0023EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/10 10:11 p.m.29 views

CVE-2026-44693 Pi-hole FTL: Unauthenticated Session Hijacking via Race Condition on Global Session Buffer

Pi-hole FTL is the core engine of the Pi-hole network-level advertisement and tracker blocker. Prior to version 6.6.1, Pi-hole FTL contains a race condition vulnerability in the HTTP session management subsystem, introduced with the v6.0 rewrite of the embedded CivetWeb-based web server. This iss...

8.8CVSS0.0023EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/10 9:3 p.m.9 views

CVE-2026-49843

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, modverto's JSON-RPC handler bound the connection to the client-supplied sessid on the fir...

5.3CVSS5.4AI score0.00284EPSS
Exploits0References1
Rows per page
Query Builder