Lucene search
K

12642 matches found

CVE
CVE
added 2026/06/04 11:5 p.m.20 views

CVE-2026-11161

CVE-2026-11161 affects Google Chrome due to an inappropriate implementation in DataTransfer. A crafted HTML page can leak cross-origin data, as described for Chrome versions prior to 149.0.7827.53. The described impact is a cross-origin data leak with Medium severity. The fix is to update to Chro...

4.3CVSS5.8AI score0.00152EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/06/04 8:16 p.m.6 views

Missing Cryptographic Step

Overview Affected versions of this package are vulnerable to Missing Cryptographic Step due to the lack of enforcement for receiving a cryptographically-signed final chunk before the termination of the outer HTTP body. An attacker can cause undetected truncation of chunked messages by forwarding...

8.7CVSS5.4AI score0.00167EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/04 7:44 p.m.5 views

CVE-2026-21404

NAVTOR NavBox through version 4.16.1.20 contains hard-coded credentials within its Windows Communication Foundation SOAP implementation. If the SOAP functionality is enabled, a local attacker can extract credentials to bypass the intended transfer workflow. Successful authentication against the...

6.3CVSS5.8AI score0.00122EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/04 7:44 p.m.8 views

EUVD-2026-34321

NAVTOR NavBox through version 4.16.1.20 contains hard-coded credentials within its Windows Communication Foundation SOAP implementation. If the SOAP functionality is enabled, a local attacker can extract credentials to bypass the intended transfer workflow. Successful authentication against the...

6.3CVSS5.8AI score0.00122EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/04 7:44 p.m.26 views

CVE-2026-21404 NAVTOR NavBox Use of Hard-coded Credentials

NAVTOR NavBox through version 4.16.1.20 contains hard-coded credentials within its Windows Communication Foundation SOAP implementation. If the SOAP functionality is enabled, a local attacker can extract credentials to bypass the intended transfer workflow. Successful authentication against the...

6.3CVSS0.00122EPSS
Exploits0References2
CVE
CVE
added 2026/06/04 5:50 p.m.15 views

CVE-2026-41235

CVE-2026-41235 affects Froxlor 2.3.6 where system.available_shells is used to present allowed shells but not enforced by server-side Ftps::add/ Ftps::update. An authenticated customer with shell delegation can submit an arbitrary shell (e.g., /bin/bash); with nssextrausers integration this shell ...

9.4CVSS5.9AI score0.00227EPSS
Exploits0References2
OSV
OSV
added 2026/06/04 12:10 p.m.6 views

SUSE-SU-2026:22068-1 Security update for openvswitch

This update for openvswitch fixes the following issue - CVE-2026-34956: Invalid memory access in conntrack FTP alg bsc1261273...

5.9CVSS5.2AI score0.00405EPSS
Exploits0References3
NVD
NVD
added 2026/06/04 9:16 a.m.8 views

CVE-2026-3820

There is a vulnerability in the Supermicro BMC SMTP service at Supermicro AS-2115HS-TNR. An attacker may obtain administrator privileges and inject specially crafted characters into the SMTP service configuration. This may cause the underlying system to execute unintended commands during process...

7.2CVSS0.0037EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 8:7 a.m.9 views

EUVD-2026-34226

There is a vulnerability in the Supermicro BMC SMTP service at Supermicro AS-2115HS-TNR. An attacker may obtain administrator privileges and inject specially crafted characters into the SMTP service configuration. This may cause the underlying system to execute unintended commands during process...

7.2CVSS6.2AI score0.0037EPSS
Exploits0References1
Fedora
Fedora
added 2026/06/04 1:36 a.m.14 views

[SECURITY] Fedora 43 Update: libsoup3-3.6.6-3.fc43

Libsoup is an HTTP library implementation in C. It was originally part of a SOAP Simple Object Access Protocol implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. libsoup uses the Glib main loop and is designed to work well with GTK applications...

8.2CVSS5.8AI score0.00254EPSS
Exploits1
Packet Storm News
Packet Storm News
added 2026/06/04 12:0 a.m.74 views

Membrane: A Self-Evolving Contrastive Safety Memory for LLM Agent Defense

Despite advances in safety alignment, large language models remain vulnerable to continuously evolving jailbreaks. Existing fine-tuned safety classifiers cannot adapt to these evolving attacks, while adaptive memory-based guardrails tend to over-refuse benign queries that resemble stored attacks...

5.5AI score
Exploits0
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.7 views

Froxlor 安全漏洞

Froxlor is a set of lightweight server management software developed by the Froxlor team. Version 2.3.6 of Froxlor contains a security vulnerability. This vulnerability stems from the fact that the FTP account processing program does not enforce a shell whitelist, which may allow arbitrary shell...

9.4CVSS5.4AI score0.00227EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.6 views

quic-go 安全漏洞

Quic-go is a implementation of the QUIC protocol and RFC 9000 protocol in Go, developed by Lucas Clemente. Versions of quic-go prior to 0.59.1 contained security vulnerabilities. These vulnerabilities stemmed from the lack of size constraints on the decoded trailer fields in the HTTP/3...

7.5CVSS5.3AI score0.00279EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/03 8:59 p.m.21 views

quic-go: HTTP/3 QPACK Trailer Expansion Memory Exhaustion

Summary An attacker can cause excessive memory allocation in quic-go's HTTP/3 client and server implementations by sending a QPACK-encoded HEADERS frame that decodes into a large trailer field section with many unique field names and/or large values. The implementation builds an http.Header for t...

7.5CVSS6.8AI score0.00279EPSS
Exploits0References7Affected Software1
Ubuntu
Ubuntu
added 2026/06/03 7:11 a.m.14 views

USN-8375-1: nginx vulnerabilities

It was discovered that the nginx ngxmailsmtpmodule module incorrectly handled certain memory operations when doing SMTP authentication. This could possibly result in sensitive information being sent to the authentication server. CVE-2025-53859 It was discovered that nginx incorrectly handled...

9.2CVSS7.7AI score0.61469EPSS
Exploits43
OSV
OSV
added 2026/06/03 7:11 a.m.9 views

USN-8375-1 nginx vulnerabilities

It was discovered that the nginx ngxmailsmtpmodule module incorrectly handled certain memory operations when doing SMTP authentication. This could possibly result in sensitive information being sent to the authentication server. CVE-2025-53859 It was discovered that nginx incorrectly handled...

9.2CVSS6AI score0.61469EPSS
Exploits43References13
Tenable Nessus
Tenable Nessus
added 2026/06/03 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-46057

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - landlock: Fix LOGSUBDOMAINSOFF inheritance across fork hookcredtransfer only copies the Landlock security blob when the source credential has a domain. This is...

3.3CVSS5.9AI score0.00118EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/03 12:0 a.m.14 views

Cisco Finesse 安全漏洞

Cisco Finesse is a call center management software developed by the American company Cisco. There is a security vulnerability in Cisco Finesse, which stems from insufficient validation of HTTP request inputs provided to users. This vulnerability could allow unauthorized remote attackers to load...

6.1CVSS5.4AI score0.0018EPSS
Exploits0References1
OSV
OSV
added 2026/06/02 2:15 p.m.9 views

EEF-CVE-2026-49754 HTTP/2 CONTINUATION flood in Mint client via unbounded header-block accumulation

Summary Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint Mint allows attacker-controlled HTTP/2 servers to exhaust memory in a Mint client HTTP/2 CONTINUATION flood. When Mint's HTTP/2 receive path observes a HEADERS frame without the ENDHEADERS flag, the unparsed...

8.2CVSS5.9AI score0.00384EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/02 2:1 p.m.15 views

CVE-2026-10622

Improper Authentication in REST API in Collibra Agent, allows a remote unauthenticated attacker to access privileged functionality via exposed '/rest/ endpoints...

5.8AI score0.00442EPSS
Exploits0References3Affected Software2
Rows per page
Query Builder