Lucene search
K

4795 matches found

Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.18 views

PT-2026-49957

Name of the Vulnerable Software and Affected Versions PeopleSoft Enterprise CS Student Financials version 9.2.38 Description An issue in the PeopleSoft Enterprise CS Student Financials product allows a low privileged attacker with network access via HTTP to compromise the system. Successful...

8.5CVSS5.9AI score0.00375EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.17 views

PT-2026-49947

Name of the Vulnerable Software and Affected Versions Oracle VM VirtualBox version 7.2.8 Description An issue exists in the VMSVGA device component of Oracle VM VirtualBox. A high-privileged attacker with logon access to the infrastructure where the software executes can compromise the system. Th...

3.2CVSS5.8AI score0.00162EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.19 views

PT-2026-49944

Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware component: Authentication Engine. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

6.1CVSS5.2AI score0.00245EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.19 views

PT-2026-49837

Name of the Vulnerable Software and Affected Versions Oracle Fusion Middleware WebLogic Server versions 14.1.2.0.0 Oracle Fusion Middleware WebLogic Server versions 15.1.1.0.0 Description An issue exists in the Console component of the WebLogic Server. A low privileged attacker with network acces...

8.7CVSS5.9AI score0.00326EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.16 views

PT-2026-49847

Name of the Vulnerable Software and Affected Versions PeopleSoft Enterprise PT PeopleTools versions 8.61 PeopleSoft Enterprise PT PeopleTools versions 8.62 Description An issue in the Weblogic component allows an unauthenticated attacker with network access via HTTP to compromise the system...

8.7CVSS5.9AI score0.0034EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.18 views

PT-2026-49941

Name of the Vulnerable Software and Affected Versions Oracle WebCenter Content version 14.1.2.0.0 Description An issue in the Content Server component of Oracle Fusion Middleware allows a low privileged attacker with network access via HTTP to compromise the system. The attack requires human...

8.7CVSS5.9AI score0.00326EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.16 views

PT-2026-49824

Name of the Vulnerable Software and Affected Versions Devolutions Server version 2026.2.5 Description Improper access control in the social login connection endpoint allows an authenticated vault member to enumerate social login entry metadata to which they are not authorized by using a crafted A...

4.3CVSS5.8AI score0.0018EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2026/06/15 12:0 a.m.2 views

The vulnerability of the CreateSaverWindow() function in the Wayland protocol implementation for X.Org XWaylan, as well as in the X Window System Server implementation, allows a intruder to gain unauthorized access to protected information.

The vulnerability of the CreateSaverWindow function in the Wayland protocol implementation for X.Org XWaylan, as well as in the X Window System X.Org Server implementation, is related to the possibility of using memory after it is freed. Exploiting this vulnerability could allow a malicious actor...

5.5CVSS6AI score0.00141EPSS
Exploits0References7Affected Software3
BDU FSTEC
BDU FSTEC
added 2026/06/15 12:0 a.m.5 views

The vulnerability of the __glXDisp_ChangeDrawableAttributes() function in the Wayland protocol implementation for X.Org XWaylan, as well as in the X.Org Server implementation of the X Window System, allows a malicious actor to gain unauthorized access to protected information.

The vulnerability of the glXDispChangeDrawableAttributes function in the Wayland protocol implementation for X.Org XWaylan, as well as in the X.Org Server implementation of the X Window System, is related to reading data beyond the permitted range of memory. Exploiting this vulnerability could...

5.5CVSS5.8AI score0.00132EPSS
Exploits0References7Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/12 7:35 a.m.9 views

Security Bulletin: IBM Event Streams is affected by multiple vulnerabilities in Java SE (CVE-2026-21945, CVE-2026-21932, CVE-2026-21933).

Summary IBM Event Streams is affected by multiple vulnerabilities in Java SE. These vulnerabilities could allow a remote attacker to cause a denial of service condition, bypass security restrictions, or perform unauthorized operations on data processed by affected Java components. Vulnerability...

7.5CVSS5.4AI score0.00864EPSS
Exploits1Affected Software1
CVE
CVE
added 2026/06/11 7:31 a.m.30 views

CVE-2026-53901

CVE-2026-53901 affects Cerebrate, before v1.37, where the generic CRUD add path allowed mass assignment of attacker-controlled identifiers. The add() handler attempted to strip an id from $params prior to __massageInput() normalization, but a supplied id could still be present in the normalized i...

8.7CVSS5.5AI score0.00312EPSS
Exploits0References1
CVE
CVE
added 2026/06/10 2:0 p.m.22 views

CVE-2026-45550

Roxy-WI exposes an IDOR on PUT /smon/check in versions ≤ 8.2.6.4. The flaw gates only on roxywi_common.check_user_group_for_flask(), validating the caller has some group rather than that the target check_id belongs to it. Downstream update_smon, update_smonHttp, update_smonTcp, update_smonPing, a...

9.1CVSS5.8AI score0.00196EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 8:59 a.m.12 views

CVE-2026-26236

A missing authorization vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to access unauthorized data or perform unauthorized actions. We have already fixed the vulnerability in the following version: QuMagie 2.9.0 and later...

8.7CVSS5.5AI score0.00322EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.20 views

PT-2026-48371

Name of the Vulnerable Software and Affected Versions QuMagie versions prior to 2.9.0 Description A missing authorization issue allows remote attackers to access unauthorized data or perform unauthorized actions. Recommendations Update to version 2.9.0 or later...

8.7CVSS5.3AI score0.00322EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.20 views

QNAP qumagie 信息泄露漏洞

QNAP Systems QuMagie is a QTS photo management application developed by QNAP Systems. There is a security vulnerability in QNAP Systems QuMagie, which stems from lack of authorization. This vulnerability may allow remote attackers to access unauthorized data or perform unauthorized operations. Th...

8.7CVSS5.9AI score0.00322EPSS
Exploits0References1
HPE Security Bulletins
HPE Security Bulletins
added 2026/06/10 12:0 a.m.4 views

HPESBNW05061 rev.1 - HPE Telco Suite, Multiple Vulnerabilities

Potential Security Impact: Remote: Access Restriction Bypass, Cross-Site Scripting XSS, Directory Traversal, Unauthorized Data Modification SUPPORTED SOFTWARE VERSIONS: ONLY impacted versions are listed. HPE Telco Integrated Subscriber Data Management - Authentication Server Function AUSF 7.0.x,...

7.5CVSS6.6AI score0.0064EPSS
Exploits1
OSV
OSV
added 2026/06/09 8:29 p.m.11 views

MAL-2026-5467 Malicious code in getd-handler-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 83398d27bb84d47296f796b4b2e6e9b5a0efc474add2e57592455e7d5d54eab5 On npm install, postinstall.js collects the installer's hostname, username, platform, current working directory, and CI-related environment variables...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 5:16 p.m.14 views

Malicious code in ac_semantic-ui_ts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f8b97f7d3e69494d0415e13aec8d9d51ce1f5912d8c1de45a1e563e2d1b01d3d package.json declares a postinstall hook that runs canary.js, which issues an HTTP GET to bare IP 157.230.17.236 on port 80 with query parameters...

5.4AI score
Exploits0References1
CVE
CVE
added 2026/06/09 9:28 a.m.27 views

CVE-2026-4058

The CVE-2026-4058 entry concerns the WordPress plugin “User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration”. A missing capability check in user_subscription_cancel() across all versions up to 4.3.2 allows authenticated users with Subscriber-level ac...

4.3CVSS5.5AI score0.00153EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/09 4:6 a.m.18 views

EUVD-2026-35347

A missing authorization vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to access unauthorized data or perform unauthorized actions. We have already fixed the vulnerability in the following version: QuMagie 2.9.0 and later...

8.7CVSS5.5AI score0.00322EPSS
Exploits0References1
Rows per page
Query Builder