Lucene search
K

102 matches found

Nuclei
Nuclei
added 5 days ago9 views

Kentico Xperience 13 CMS - Staging Service Authentication Bypass (WT-2025-0006)

An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server component password handling for the server defined None type. Authentication bypass allows an attacker to control administrative objects.This issue affects Xperience through...

9.8CVSS6.1AI score0.92161EPSS
Exploits1References4
EUVD
EUVD
added 6 days ago6 views

EUVD-2026-39183

NSD from version 4.13.0 has a heap use-after-free bug in logging errors on TLS connections, causing a crash of the server process, which can be triggered trivially by sending a DNS query over a DoT connection, and closing the connection without reading the response...

8.7CVSS5.8AI score0.00274EPSS
Exploits0References2
OSV
OSV
added 6 days ago2 views

UBUNTU-CVE-2026-12245

NSD from version 4.13.0 has a heap use-after-free bug in logging errors on TLS connections, causing a crash of the server process, which can be triggered trivially by sending a DNS query over a DoT connection, and closing the connection without reading the response...

8.7CVSS5.8AI score0.00274EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-54911

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Prior to 5.13.0, ujson.dumps or ujson.dump or ujson.encode have a...

6.5CVSS5.9AI score0.00272EPSS
Exploits0References3
OSV
OSV
added 2026/06/22 9:16 p.m.3 views

DEBIAN-CVE-2026-54530

pypdf is a free and open-source pure-python PDF library. Prior to 6.13.0, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires extracting the text in layout mode. This vulnerability is fixed in 6.13.0...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References1
OSV
OSV
added 2026/06/22 9:16 p.m.3 views

UBUNTU-CVE-2026-54531

pypdf is a free and open-source pure-python PDF library. Prior to 6.13.0, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires merging a file with outlines into a writer. This vulnerability is fixed in 6.13.0...

6.9CVSS5.8AI score0.00123EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/22 8:26 p.m.23 views

CVE-2026-54531 pypdf: Possible infinite loop when processing outlines/bookmarks in writer

pypdf is a free and open-source pure-python PDF library. Prior to 6.13.0, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires merging a file with outlines into a writer. This vulnerability is fixed in 6.13.0...

6.9CVSS0.00123EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/06/22 8:25 p.m.6 views

CVE-2026-54530

pypdf is a free and open-source pure-python PDF library. Prior to 6.13.0, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires extracting the text in layout mode. This vulnerability is fixed in 6.13.0...

6.9CVSS5.8AI score0.00123EPSS
Exploits0
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: The calltrace warning in amddrmbuddyfini has been fixed. The following call trace was observed when the amdgpu driver was removed. This issue arises because the BOs allocated for psp are not freed until the driver is...

5.5CVSS6.2AI score0.00143EPSS
Exploits0References2
Chainguard
Chainguard
added 2026/06/16 8:22 p.m.9 views

CVE-2026-54273 vulnerabilities

Vulnerabilities for packages: dask-kubernetes-fips, py3-vllm-cuda-13.0, apache-beam-python-3.11-sdk, awx, tritonserver-backend-vllm-cuda-12.9, request-1276, py3-vllm-cuda-12.4, mlflow-fips, authentik, py3.13-scanner-test-libraries-aiohttp, mlflow, text-generation-inference,...

8.7CVSS5.8AI score0.00279EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2026/06/16 2:5 p.m.18 views

pypdf: Possible infinite loop when retrieving fonts for layout-mode text extraction

Impact An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires extracting the text in layout mode. Patches This has been fixed in pypdf==6.13.0. Workarounds If you cannot upgrade yet, consider applying the changes from PR 3830...

6.9CVSS5.2AI score0.00123EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/06/10 10:15 p.m.12 views

EUVD-2026-36196

Yamcs is a mission control framework. Prior to versions 5.13.0 and 5.12.7, an LDAP injection vulnerability exists in org.yamcs.security.LdapAuthModule when constructing search filters. The username parameter is inserted directly into the LDAP filter without proper RFC 4515 escaping. Versions 5.13...

4.3CVSS5.4AI score0.01027EPSS
Exploits3References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:33 p.m.9 views

CVE-2026-27644

Traccar is an open source GPS tracking system. In versions between 6.11.1 and 6.13.0, the CSV export functionality writes position data, including user-controlled device and computed attributes, to CSV output without proper escaping. An attacker can inject spreadsheet formulas through exported...

6.5CVSS5.6AI score0.00228EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/02 6:20 p.m.11 views

EUVD-2025-210043

A privilege escalation vulnerability exists in PlayStation 4 firmware versions 13.00 through 13.02. The BD-J Blu-ray Disc Java sandbox can be escaped through a malformed JAR file...

5.8AI score0.00085EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/02 6:20 p.m.7 views

CVE-2025-64390

A privilege escalation vulnerability exists in PlayStation 4 firmware versions 13.00 through 13.02. The BD-J Blu-ray Disc Java sandbox can be escaped through a malformed JAR file...

5.8AI score0.00085EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.9 views

Sony PlayStation 4 安全漏洞

The Sony PlayStation 4 is a home video game console developed by the Japanese company Sony. There were security vulnerabilities in the versions 13.00 to 13.02 of the Sony PlayStation 4. These vulnerabilities stemmed from the BD-J sandbox feature, which could allow an abnormal JAR file to escape,...

7.4CVSS5.4AI score0.00085EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/01 5:42 p.m.32 views

CVE-2026-22872 Capsule TenantResource RawItems Cluster-Scoped Resource Creation Vulnerability

Capsule is a multi-tenancy and policy-based framework for Kubernetes. The Capsule Controller runs with cluster-admin privileges. Although the TenantResource RawItems processing logic forcibly sets the namespace, this is ineffective for cluster-scoped resources. Prior to version 0.13.0, tenant...

8.2CVSS0.0043EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-48524

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient.getsigningkey forces a fresh HTTP request to the JWKS endpoint for every JWT wi...

3.7CVSS5.5AI score0.00222EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/28 3:11 p.m.6 views

CVE-2026-48525

PyJWT is a JSON Web Token implementation in Python. From 2.8.0 to 2.12.1, when verifying detached JWS tokens using the unencoded-payload option "b64": false, RFC 7797, PyJWT performs Base64URL decoding of the compact-serialization payload segment before enforcing the detached-payload rules. For...

5.3CVSS5.8AI score0.00288EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/05/14 12:24 p.m.11 views

CVE-2026-6008

CVE-2026-6008 describes an authorization bypass/IDOR in DijiDemi (Im Park Information Technology, Electronics, Press, Publishing and Advertising, Education Ltd. Co.). Affected versions are v4.5.12.1 before v4.5.13.0. Root cause: user‑controlled key enables privilege escalation. Impact includes hi...

6.8CVSS5.8AI score0.00219EPSS
Exploits0References1
Rows per page
Query Builder