Lucene search
K

11712 matches found

EUVD
EUVD
added 2 days ago7 views

EUVD-2026-42139

internal-sftp in sshd in OpenSSH before 10.4 recognizes only the first 9 command-line arguments, which can be important if a later command-line argument would have helped to ensure the intended security properties of an SFTP connection...

4.2CVSS6AI score0.00158EPSS
Exploits0References3
Cvelist
Cvelist
added 2 days ago63 views

CVE-2026-59997

internal-sftp in sshd in OpenSSH before 10.4 recognizes only the first 9 command-line arguments, which can be important if a later command-line argument would have helped to ensure the intended security properties of an SFTP connection...

4.2CVSS0.00158EPSS
Exploits0References3
EUVD
EUVD
added 2 days ago7 views

EUVD-2026-42138

scp in OpenSSH before 10.4 may place a file in the parent directory of an intended directory when the copy occurs between two remote destinations...

4.2CVSS6AI score0.00202EPSS
Exploits0References3
EUVD
EUVD
added 2 days ago7 views

EUVD-2026-42137

sftp in OpenSSH before 10.4 does not properly constrain the location of downloaded files when "sftp server:/path ." is used with an attacker-controlled server...

4.2CVSS6AI score0.00202EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2 days ago9 views

Palo Alto Networks PAN-OS 10.2.x / 11.1.x / 11.2.x / 12.1.x Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is a vulnerable version of 10.2.x, 11.1.x, 11.2.x, or 12.1.x. It is, therefore, affected by a vulnerability. Multiple denial of service vulnerabilities in Palo Alto Networks PAN-OS software allow an unauthenticated attacker with...

8.7CVSS6AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2 days ago4 views

Palo Alto Networks PAN-OS 10.2.x / 11.1.x / 11.2.x / 12.1.x Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is a vulnerable version of 10.2.x, 11.1.x, 11.2.x, or 12.1.x. It is, therefore, affected by a vulnerability. A server-side request forgery SSRF vulnerability in Palo Alto Networks PAN-OS software enables an authenticated...

7CVSS6.1AI score
Exploits0References2
Cvelist
Cvelist
added 3 days ago28 views

CVE-2026-50530 DataEase: Token with Overly Broad Privileges in Share Mode: Access to Unshared Datasets

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, a share mode chart data interface only validates that sceneId matches the resourceId in the link token and fails to validate whether tableId and field IDs in the request body belong to the shared resource, allowing...

7.1CVSS0.00238EPSS
Exploits0References3
Cvelist
Cvelist
added 3 days ago31 views

CVE-2026-50529 DataEase: Link Token Leakage Prior to Share Password/Ticket Validation

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, the /de2api/share/proxyInfo share interface generates and returns X-DE-LINK-TOKEN before validating the share password or ticket, allowing unauthenticated attackers who know a protected share UUID to obtain a valid...

8.7CVSS0.00285EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 3 days ago4 views

Important: Red Hat Security Advisory: 389-ds-base security update

An update for 389-ds-base is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

8.8CVSS6.2AI score0.0067EPSS
Exploits0References3
OSV
OSV
added 3 days ago4 views

PYSEC-2026-774 Apache Airflow Google Provider Improper Input Validation vulnerability

Improper Input Validation vulnerability in the Apache Airflow Google Provider. This issue affects Apache Airflow Google Provider versions before 8.10.0...

7.5CVSS5.9AI score0.01826EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 3 days ago5 views

CVE-2026-26053

An Incorrect Privilege Assignment CWE-266 vulnerability in the Command Centre Server allows an authenticated operator with limited privileges to perform some operations that they would not normally be authorized to perform. Version of Command Centre affected: 9.50 prior to vEL9.50.1587MR1, 9.40...

5.3CVSS5.9AI score0.00153EPSS
Exploits0References2Affected Software1
CVE
CVE
added 4 days ago12 views

CVE-2025-53831

DrawIO for ownCloud is affected by a Stored XSS in older builds. The vulnerability stems from improper neutralization of user-supplied input during web page generation, enabling stored XSS when attackers have access to the DrawIO app. Affected range includes DrawIO for ownCloud < 1.0.2 (corres...

8.2CVSS5.9AI score0.00164EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 4 days ago6 views

CVE-2025-53829

ownCloud is a file storage, synchronization, and sharing application. In ownCloud 10 prior to version 10.15.3, an attacker with administrative privileges can exploit a path traversal vulnerability in the system to execute arbitrary code. Upgrade ownCloud 10 to version 10.15.3 or later to receive ...

8CVSS6.2AI score0.00335EPSS
Exploits0References2Affected Software1
CVE
CVE
added 4 days ago14 views

CVE-2025-53827

ownCloud Core Updater on versions prior to 10.15.3 exposes a dangerous method/function. Attackers with administrative privileges may leverage it to execute arbitrary code. The issue is fixed in 10.15.3 (CVSSv3.1: 9.1, CRITICAL; network, high impact on confidentiality, integrity, and availability).

9.1CVSS6.1AI score0.00342EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago44 views

CVE-2025-53827 ownCloud Core: Updater has an exposed dangerous method or function

ownCloud Core is the server-side component of the file storage, synchronization, and sharing application ownCloud Classic. In versions prior to 10.15.3, the Updater on ownCloud 10 before 10.15.3 has an exposed dangerous method or function. Attackers with administrative privileges may leverage...

9.1CVSS0.00342EPSS
Exploits0References1
OSV
OSV
added 4 days ago3 views

BIT-MASTODON-2026-46348 Mastodon: SSRF Bypass via IPv6 Unspecified Address (::)

Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.10, 4.4.17, and 4.3.23, the list of disallowed IP address ranges was lacking an IP address range that can be used to reach local IP addresses. An attacker can use an IP address in the affected range to make...

8.7CVSS6AI score0.00337EPSS
Exploits0References2
OSV
OSV
added 5 days ago5 views

RLSA-2026:33092 Moderate: glibc security, bug fix, and enhancement update

The glibc packages provide the standard C libraries libc, POSIX thread libraries libpthread, standard math libraries libm, and the name service cache daemon nscd used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fixes: glibc:...

5CVSS6AI score0.00451EPSS
Exploits1References2
Rockylinux
Rockylinux
added 5 days ago5 views

galera and mariadb11.8 security, bug fix, and enhancement update

An update is available for mariadb11.8, galera. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list MariaDB is a community developed fork from MySQL - a multi-user,...

10CVSS6.5AI score0.00998EPSS
Exploits0
OSV
OSV
added 5 days ago4 views

RLSA-2026:33482 Important: mariadb:10.11 security, bug fix, and enhancement update

MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Security Fixes: mariadb: MariaDB Server: Arbitrary code execution via wsrepnotifycmd CVE-2026-49261 Bug Fixes and Enhancements: Rocky Linux9tracker Rebase Galera to 26.4.27 MariaDB:10.11 JIRA:Rocky...

9.9CVSS6.4AI score0.00998EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 5 days ago7 views

RockyLinux 10 : galera and mariadb11.8 (RLSA-2026:33412)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:33412 advisory. mariadb: MariaDB Server: Arbitrary code execution via wsrepnotifycmd CVE-2026-49261 Bug Fixes and Enhancements: Rebase MariaDB 11.8 to 11.8.8 in Rocky...

10CVSS6.5AI score0.00998EPSS
Exploits0References19
Rows per page
Query Builder