Lucene search
K

220 matches found

NVD
NVD
added 4 days ago8 views

CVE-2026-59897

Hono is a Web application framework that provides support for any JavaScript runtime. From 4.3.3 before 4.12.27, the AWS API Gateway v1 adapter can drop a distinct repeated request header value because it de-duplicates values using a substring comparison instead of an exact match, so middleware o...

5.3CVSS0.00126EPSS
Exploits0References3
NVD
NVD
added 4 days ago8 views

CVE-2026-59896

Hono is a Web application framework that provides support for any JavaScript runtime. From 4.11.8 before 4.12.27, hono/jsx did not isolate context values per request during server-side rendering, allowing createContext, useContext, jsxRenderer, or useRequestContext data from a different in-flight...

6.5CVSS0.00191EPSS
Exploits0References3
Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-36028

A protection mechanism failure in the Code 27 Companion Hub allows an attacker with physical access to completely bypass kiosk restrictions via a factory reset...

0.00237EPSS
Exploits0References3
Rockylinux
Rockylinux
added 2026/07/05 12:5 p.m.7 views

galera and mariadb11.8 security, bug fix, and enhancement update

An update is available for mariadb11.8, galera. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list MariaDB is a community developed fork from MySQL - a multi-user,...

10CVSS6.5AI score0.00998EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/07/04 12:0 a.m.7 views

Fedora 43 : freerdp (2026-78a12ffec8)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-78a12ffec8 advisory. Update to 3.27.1 It fixes CVE-2026-55191, CVE-2026-55192, CVE-2026-55193, CVE-2026-55194, CVE-2026-55648 and CVE-2026-55827. Tenable has extracted t...

7.5CVSS6AI score0.00452EPSS
Exploits0References7
OSV
OSV
added 2026/07/03 1:33 p.m.3 views

MINI-P288-GWW4-5M27

Bulletin has no description...

6.1CVSS5.9AI score0.00188EPSS
Exploits0
Chainguard
Chainguard
added 2026/07/01 2:16 p.m.4 views

GHSA-27MG-GQCR-W5X5 vulnerabilities

Vulnerabilities for packages: chromium...

5.8AI score
Exploits0
OSV
OSV
added 2026/06/30 12:2 p.m.7 views

RLSA-2026:33464 Important: mariadb:10.11 security, bug fix, and enhancement update

MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Security Fixes: mariadb: MariaDB Server: Arbitrary code execution via wsrepnotifycmd CVE-2026-49261 Bug Fixes and Enhancements: Rocky Linux8tracker Rebase Galera to 26.4.27 MariaDB:10.11 JIRA:Rocky...

9CVSS6.3AI score0.00998EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/30 9:18 a.m.12 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.20.27 security and extras update

Red Hat OpenShift Container Platform release 4.20.27 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.20. Red Hat Product Security has rated this update as having a security impact of...

8.7CVSS5.9AI score0.00656EPSS
Exploits0References2
NVD
NVD
added 2026/06/29 4:16 p.m.10 views

CVE-2026-13742

Honeywell IQ MultiAccess, all versions prior to and including version 28, contain an improper digital signature verification vulnerability. An attacker could potentially exploit this vulnerability, leading to the replacement of downloaded file with a malicious one. Honeywell also recommends...

5.8CVSS0.00083EPSS
Exploits0References1
OSV
OSV
added 2026/06/25 11:52 a.m.3 views

SUSE-SU-2026:22365-1 Security update for openCryptoki

This update for openCryptoki fixes the following issues Upgrade openCryptoki to version 3.27 jscPED-14609: Add base support for PKCS11 v3.2. Add support for PKCS11 v3.2 CVerifySignatureInit|Update|Final. Add support for PKCS11 v3.2 CEncapsulateKey/CDecapsulateKey. Soft/ICA/CCA/EP11: Add support f...

6.8CVSS5.8AI score0.00237EPSS
Exploits2References5
Patchstack
Patchstack
added 2026/06/19 2:21 p.m.6 views

NPM: undici vulnerable to HTTP header injection via Set-Cookie percent-decoding

NPM: undici vulnerable to HTTP header injection via Set-Cookie percent-decoding vulnerability discovered by ? in WordPress Npm undici versions 6.27.0...

5.9CVSS5.8AI score0.00257EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/06/18 4:16 p.m.10 views

CVE-2025-52465

GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.26.4 and 2.27.3, a vulnerability exists that allows an authenticated administrator with access to GeoServer's security system to pass arbitrary file names to the Master Password Dump web pa...

7.2CVSS0.00353EPSS
Exploits0References4
NVD
NVD
added 2026/06/18 4:16 p.m.13 views

CVE-2025-27511

GeoServer is an open source server that allows users to share and edit geospatial data. Prior to version 2.27.0 of the GeoServer DB2 DataStore Extension, an administrator can perform a JNDI attack through specially crafted DB2 jdbc url leading to to Remote Code Execution RCE. Version 2.27.0 fixes...

7.2CVSS0.00582EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/17 9:50 a.m.28 views

CVE-2025-59563 WordPress Sonaar theme <= 4.27.4 - Privilege Escalation vulnerability

Subscriber Privilege Escalation in Sonaar = 4.27.4 versions...

8.8CVSS0.00378EPSS
Exploits0References1
OSV
OSV
added 2026/06/16 3:1 p.m.8 views

MINI-MCP2-RJ27-37X4

Bulletin has no description...

2.5CVSS5.1AI score0.00231EPSS
Exploits1
EUVD
EUVD
added 2026/06/15 8:18 p.m.12 views

EUVD-2026-36832

Unauthenticated Sensitive Data Exposure in Bookly = 27.4 versions...

7.5CVSS5.2AI score0.00294EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/13 11:25 a.m.10 views

CVE-2026-5513 Online Scheduling and Appointment Booking System – Bookly <= 27.2 - Unauthenticated Stored Cross-Site Scripting via 'bookly-customer-full-name' Cookie

The Online Scheduling and Appointment Booking System – Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'bookly-customer-full-name' cookie in versions up to, and including, 27.2 due to insufficient input sanitization and output escaping. This makes it possible for...

7.2CVSS5.5AI score0.00312EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.18 views

PT-2026-48892

Name of the Vulnerable Software and Affected Versions OpenTelemetry-cpp versions prior to 1.27.0 Description The OTLP HTTP exporters for traces, metrics, and logs read the complete HTTP response into an in-memory vector of bytes without implementing a size limit. This can lead to memory exhaustio...

5.3CVSS5.9AI score0.00206EPSS
Exploits0References6
CBLMariner
CBLMariner
added 2026/06/10 2:46 a.m.11 views

CVE-2026-39833 affecting package docker-compose for versions less than 2.27.0-13

CVE-2026-39833 affecting package docker-compose for versions less than 2.27.0-13. A patched version of the package is available...

9.1CVSS5.4AI score0.0036EPSS
Exploits0
Rows per page
Query Builder