Lucene search
K

1280 matches found

Nuclei
Nuclei
added 8 hours ago157 views

Navidrome <=0.54.5 - Authentication Bypass in Subsonic API

Navidrome is an open source web-based music collection server and streamer. Starting in version 0.52.0 and prior to version 0.54.5, in certain Subsonic API endpoints, a flaw in the authentication check process allows an attacker to specify any arbitrary username that does not exist on the system,...

6.9CVSS6.2AI score0.00936EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 4 days ago7 views

PT-2026-57270

Name of the Vulnerable Software and Affected Versions Snipe-IT versions prior to 8.6.2 Description An issue exists in the IT asset and license management system where the endpoints 'PATCH /api/v1/maintenances/maintenance id' and 'PUT /api/v1/maintenances/maintenance id' fail to re-authorize asset...

7.7CVSS6.1AI score0.00218EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.6 views

PT-2026-56030

Name of the Vulnerable Software and Affected Versions FOSSBilling versions prior to 0.8.0 Description An unauthenticated mass assignment issue exists in the client self-registration endpoint. This allows a visitor to assign themselves to an arbitrary client group during the sign-up process. Since...

6.9CVSS6.1AI score0.00298EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.9 views

PT-2026-55959

Name of the Vulnerable Software and Affected Versions OP-TEE versions 3.10.0 through 4.10.x Description OP-TEE is a Trusted Execution Environment TEE designed as a companion to a non-secure Linux kernel running on Arm Cortex-A cores using TrustZone technology. An unbounded recursion can cause the...

3.3CVSS6.1AI score0.00105EPSS
Exploits0References3
OSV
OSV
added 2026/07/05 3:40 a.m.5 views

ROOT-OS-DEBIAN-11-CVE-2024-44934 CVE-2024-44934 in rootio-linux - Patched by Root

Root has patched CVE-2024-44934 in the rootio-linux package for Root:Debian:11. Multiple fixed versions available...

7.8CVSS7AI score0.00217EPSS
Exploits0
EUVD
EUVD
added 2026/06/29 4:30 p.m.7 views

EUVD-2026-40150

A vulnerability was identified in seladb PcapPlusPlus 25.05. This affects the function pcpp::TelnetLayer::getSubCommand of the file Packet++/src/TelnetLayer.cpp of the component Telnet Subnegotiation Packet Handler. The manipulation leads to heap-based buffer overflow. The attack can be initiated...

6.3CVSS5.8AI score0.0056EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-44663

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenEXR is the reference implementation and specification for the EXR image format, widely used in the motion picture industry. In versions 3.4.0 through 3.4.11...

7.1CVSS5.9AI score0.00262EPSS
Exploits2References4
Vulnrichment
Vulnrichment
added 2026/06/12 8:24 p.m.9 views

CVE-2026-44785 Discourse: Hidden reply-to post raw can be disclosed through AI explain prompts

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, the AI "explain" helper only checks cansee? on the post being explained, not its replytopost, so any authenticated user wi...

4.3CVSS5.2AI score0.00189EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.25 views

PT-2026-47625

Name of the Vulnerable Software and Affected Versions Puma versions prior to 7.2.1 Puma versions prior to 8.0.2 Description When PROXY protocol v1 support is enabled, the server reads incoming bytes into an internal buffer and waits for a carriage return and line feed CRLF to identify a PROXY v1...

7.5CVSS5.6AI score0.0007EPSS
Exploits0References6
The Hacker News
The Hacker News
added 2026/06/04 4:55 p.m.18 views

Cisco Patches CVE-2026-20230 in Unified CM as Exploit Code Goes Public

Cisco has patched a bug in Unified Communications Manager that lets an unauthenticated attacker on the network write files to the box and, from there, climb to root. It is tracked as CVE-2026-20230, and proof-of-concept exploit code is already public. Cisco's PSIRT says it has not seen the flaw...

8.6CVSS6.2AI score0.41694EPSS
Exploits3
EUVD
EUVD
added 2026/06/02 3:29 p.m.12 views

EUVD-2026-33961

Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to version 2.10.4, a vulnerability exists in the user registration and login mechanisms due to inconsistent handling of username case sensitivity, leading to a targeted Denial of Service DoS and complete account...

2.7CVSS5.7AI score0.00236EPSS
Exploits0References2
OPENSUSE Linux
OPENSUSE Linux
added 2026/05/28 12:0 a.m.17 views

Security update for trivy (important)

openSUSE security update: security update for trivy ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20809-1 Rating: important References: bsc1255366 bsc1258094 bsc1258513 bsc1260193 bsc1260971 bsc1261052 bsc1262389 bsc1262893 bsc1264873...

8.7CVSS6.8AI score0.01557EPSS
Exploits1References9
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in c-ares

c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service attacks. When a target resolver sends a query, the attacker creates a malformed UDP packet with a length of 0 and sends it back to the target resolver. The target resolver misinterprets this 0-length field as an...

7.5CVSS6.3AI score0.01577EPSS
Exploits0References2
OSV
OSV
added 2026/05/13 5:54 p.m.5 views

CVE-2026-42581 Netty: HTTP/1.0 TE+CL Coexistence Bypasses Smuggling Sanitization

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, HttpObjectDecoder strips a conflicting Content-Length header when a request carries both Transfer-Encoding: chunked and Content-Length, but only for HTTP/1.1 messages. The guard is absen...

5.8CVSS6.9AI score0.00607EPSS
Exploits1References12
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.15 views

PT-2026-40807

MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, MISP Collections did not enforce RFC 4122 UUID validation on the uuid field. As a result, a user able to create or modify Collection records could submit malformed UUID values, potentially causing integrity issues o...

5.3CVSS5.9AI score0.00178EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/11 9:31 p.m.16 views

EUVD-2026-29284

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An app may be able to cause a denial-of-service...

5.8AI score0.00378EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/05/11 8:26 p.m.14 views

CVE-2026-41517

Emlog is an open source website building system. Prior to version 2.6.11, insecure plugin upload functionality allows attackers to upload and execute arbitrary PHP code, leading to complete server compromise and persistent backdoor installation. This issue has been patched in version 2.6.11...

6AI score0.00276EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/09 4:10 a.m.17 views

CVE-2026-42310 Pillow: PDF Parsing Trailer Infinite Loop (DoS)

Pillow is a Python imaging library. From version 4.2.0 to before version 12.2.0, an attacker can supply a malicious PDF that causes the process to hang indefinitely, consuming 100% CPU and making the application unresponsive. This issue has been patched in version 12.2.0...

5.1CVSS5.7AI score0.00126EPSS
Exploits0References4
OSV
OSV
added 2026/05/08 9:46 p.m.2 views

CVE-2026-41486 Ray: Remote Code Execution via Parquet Arrow Extension Type Deserialization

Ray is an AI compute engine. From version 2.54.0 to before version 2.55.0, Ray Data registers custom Arrow extension types ray.data.arrowtensor, ray.data.arrowtensorv2, ray.data.arrowvariableshapedtensor globally in PyArrow. When PyArrow reads a Parquet file containing one of these extension type...

8.9CVSS6.5AI score0.00473EPSS
Exploits0References6
EUVD
EUVD
added 2026/05/08 3:31 p.m.8 views

EUVD-2025-209744

Due to multiple time-of-check time-of-use race conditions in the resource count check and increment logic, as well as missing validations, users of the platform are able to exceed the allocation limits configured for their accounts/domains. This can be used by an attacker to degrade the...

6.5CVSS5.7AI score0.00433EPSS
Exploits0References2
Rows per page
Query Builder