Lucene search
K

12642 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:42 p.m.9 views

CVE-2025-36180

IBM watsonx.data 2.2 through 2.3 IBM Lakehouse does not properly restrict communication between pods which could allow an attacker to transfer data between pods without restrictions...

7.5CVSS5.4AI score0.00186EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:42 p.m.8 views

CVE-2025-36145

IBM watsonx.data 2.2 through 2.3.1 IBM Lakehouse does not properly restrict inbound and outbound connections which could allow an attacker to transfer or modify files without restrictions...

5.4CVSS5.5AI score0.00166EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:38 p.m.10 views

CVE-2026-34288

Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware component: Core. The supported version that is affected is 12.2.1.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Identity Manager...

5.9CVSS7.4AI score0.00261EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:34 p.m.9 views

CVE-2026-9035

IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a potential arbitrary file read in the asperahttpd component. An authenticated user may be ab...

6.5CVSS5.7AI score0.00325EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.10 views

CVE-2026-44456

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.16, bodyLimit does not reliably enforce maxSize for requests without a usable Content-Length e.g. Transfer-Encoding: chunked. Oversized requests can reach handlers and return 200 instead of 413. Th...

6.5CVSS5.5AI score0.00219EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:20 p.m.10 views

CVE-2026-41235

Froxlor is open source server administration software. Version 2.3.6 lets administrators configure system.availableshells as the approved shell list that customers may assign to FTP users. However, the server-side FTP account handlers do not enforce that whitelist when processing add or edit...

9.4CVSS5.5AI score0.00227EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:20 p.m.8 views

CVE-2026-41180

PsiTransfer is an open source, self-hosted file sharing solution. Prior to version 2.4.3, the upload PATCH flow under /files/:uploadId validates the mounted request path using the still-encoded req.path, but the downstream tus handler later writes using the decoded req.params.uploadId. In...

7.5CVSS5.5AI score0.00307EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:14 p.m.12 views

CVE-2026-37537

collin80/Open-SAE-J1939 thru commit 744024d4306bc387857dfce439558336806acb06 2023-03-08 contains an integer underflow leading to out-of-bounds write in Transport Protocol Data Transfer handling. At line 23: uint8t index = data0 - 1. When data0 sequence number from CAN frame is 0, index underflows...

8.1CVSS5.7AI score0.0022EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:11 p.m.8 views

CVE-2026-8175

IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a buffer overflow in the asperahttpd component. This vulnerability could be exploited to caus...

9.8CVSS6.2AI score0.0058EPSS
Exploits0References1
OSV
OSV
added 2026/06/05 3:48 p.m.9 views

OESA-2026-2570 gvfs security update

Gvfs is a userspace virtual filesystem implementation for GIO a library available in GLib. It comes with a set of backends, including trash support, SFTP, SMB, HTTP, DAV, and many others. Gvfs also contains modules for GIO that implement volume monitors and persistent metadata storage. Security...

4.3CVSS8.4AI score0.0036EPSS
Exploits2References2
OSV
OSV
added 2026/06/05 10:55 a.m.10 views

BIT-PYTHON-MIN-2026-8328 FTP PASV SSRF, ftpcp() does not use actual peer address, trusts server-supplied PASV host address

The ftpcp function in Lib/ftplib.py was not updated when CVE-2021-4189 was fixed. While makepasv was patched to replace server-supplied PASV host addresses with the actual peer address getpeername0, ftpcp still calls parse227 directly and passes the raw attacker-controllable IP address and port t...

5.9CVSS5.8AI score0.00401EPSS
Exploits0References9
OSV
OSV
added 2026/06/05 10:55 a.m.8 views

BIT-PYTHON-2026-8328 FTP PASV SSRF, ftpcp() does not use actual peer address, trusts server-supplied PASV host address

The ftpcp function in Lib/ftplib.py was not updated when CVE-2021-4189 was fixed. While makepasv was patched to replace server-supplied PASV host addresses with the actual peer address getpeername0, ftpcp still calls parse227 directly and passes the raw attacker-controllable IP address and port t...

5.9CVSS5.8AI score0.00401EPSS
Exploits0References9
OSV
OSV
added 2026/06/05 10:47 a.m.6 views

BIT-LIBPYTHON-2026-8328 FTP PASV SSRF, ftpcp() does not use actual peer address, trusts server-supplied PASV host address

The ftpcp function in Lib/ftplib.py was not updated when CVE-2021-4189 was fixed. While makepasv was patched to replace server-supplied PASV host addresses with the actual peer address getpeername0, ftpcp still calls parse227 directly and passes the raw attacker-controllable IP address and port t...

5.9CVSS5.8AI score0.00401EPSS
Exploits0References9
Fedora
Fedora
added 2026/06/05 4:10 a.m.15 views

[SECURITY] Fedora 43 Update: libre-4.8.1-1.fc43

Libre is a generic library for real-time communications with async I/O support. Features are a SIP stack RFC 3261, SDP, RTP and RTCP, SRTP and SRTCP Secure RTP, DNS client, STUN/TURN/ICE stack, BFCP, HTTP stack with client/server, Websockets, Jitter buffer, async I/O poll, epoll, select, kqueue,...

5.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 12:10 a.m.9 views

CVE-2026-8888

Version 3.0.7 of the Securly Chrome Extension downloads config.json over HTTP and compiles server-provided patterns as JavaScript regular expressions via new RegExp without complexity validation. An on-path attacker can inject specific patterns to cause catastrophic backtracking, resulting in...

7.5CVSS5.8AI score0.00432EPSS
Exploits0References1
OSV
OSV
added 2026/06/04 11:17 p.m.2 views

DEBIAN-CVE-2026-11161

Inappropriate implementation in DataTransfer in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

4.3CVSS5.5AI score0.00152EPSS
Exploits0References1
NVD
NVD
added 2026/06/04 11:17 p.m.7 views

CVE-2026-11161

Inappropriate implementation in DataTransfer in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

4.3CVSS0.00152EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/04 11:5 p.m.6 views

CVE-2026-11161

Inappropriate implementation in DataTransfer in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00152EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/06/04 11:5 p.m.19 views

CVE-2026-11161

CVE-2026-11161 affects Google Chrome due to an inappropriate implementation in DataTransfer. A crafted HTML page can leak cross-origin data, as described for Chrome versions prior to 149.0.7827.53. The described impact is a cross-origin data leak with Medium severity. The fix is to update to Chro...

4.3CVSS5.8AI score0.00152EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/04 11:5 p.m.29 views

CVE-2026-11161

Inappropriate implementation in DataTransfer in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

0.00152EPSS
Exploits0References2
Rows per page
Query Builder