Lucene search
+L

4262 matches found

Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.6 views

PT-2026-56667

Name of the Vulnerable Software and Affected Versions Drupal Clean RESTful versions . Description A security issue exists in Drupal Clean RESTful. Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability...

6.1AI score0.00392EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.9 views

PT-2026-56666

Name of the Vulnerable Software and Affected Versions Drupal Raw Formatter Meta Tag Formatter affected versions not specified Description A security issue exists in the Drupal Raw Formatter Meta Tag Formatter module. Recommendations At the moment, there is no information about a newer version tha...

6.1AI score0.00414EPSS
Exploits0References4
OSV
OSV
added 2026/07/07 2:34 p.m.4 views

PYSEC-2026-1843 pyspider Cross-site Scripting vulnerability

pyspider through 0.3.10 allows /update XSS. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

6.1CVSS5.9AI score0.00403EPSS
Exploits0References6
OSV
OSV
added 2026/07/07 10:17 a.m.3 views

PYSEC-2026-1017 TensorFlow vulnerable to `CHECK` fail in `Save` and `SaveSlices`

Impact If Save or SaveSlices is run over tensors of an unsupported dtype, it results in a CHECK fail that can be used to trigger a denial of service attack. python import tensorflow as tf filename = tf.constant"" tensornames = tf.constant"" Save data = tf.casttf.random.uniformshape=1,...

5.9CVSS6.9AI score0.00396EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/07/03 8:54 a.m.9 views

CVE-2026-4321

Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in Raera - Ankara Web Design and Digital Advertising Agency Destekz allows SQL Injection. This issue affects Destekz: through 02062026. NOTE: The vendor was contacted and it was learned that the produ...

9.8CVSS6AI score0.00266EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.13 views

PT-2026-55521

Name of the Vulnerable Software and Affected Versions Destekz versions through 02062026 Description Improper neutralization of input during web page generation allows Reflected Cross-Site Scripting XSS, a flaw where malicious scripts are reflected off a web application to the victim's browser...

6.1CVSS5.9AI score0.00149EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.11 views

PT-2026-55520

Name of the Vulnerable Software and Affected Versions Destekz versions through 02062026 Description An SQL injection issue exists where user input is passed into database queries without proper sanitization. This allows a remote, unauthenticated attacker to inject arbitrary SQL commands over the...

9.8CVSS6.1AI score0.00266EPSS
Exploits0References8
NVD
NVD
added 2026/07/01 8:16 a.m.9 views

CVE-2026-10540

The Control-M/Enterprise Manager uses weak protections for stored hashes of account passwords, potentially allowing offline password recovery attacks if credential data is obtained by an attacker. This vulnerability affects Control-M/Enterprise Manager unsupported versions 9.0.20.x and potentiall...

5.6CVSS0.00078EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 7:55 a.m.29 views

CVE-2026-10539

The vulnerability CVE-2026-10539 affects Control-M/Server versions 9.0.20.x through 9.0.21.200 (and potentially earlier unsupported versions). It is caused by insufficient filtering/sanitization of user-supplied input in a Control-M/Server communication command, which could allow an unauthenticat...

9.5CVSS5.9AI score0.00235EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 7:52 a.m.21 views

CVE-2026-10540

CVE-2026-10540 affects Control-M/Enterprise Manager (unsupported versions 9.0.20.x and potentially earlier). The vulnerability stems from weak protections for stored password hashes, potentially allowing offline password recovery if credential data is obtained. The CVSS metrics indicate a Local a...

5.6CVSS5.8AI score0.00078EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/01 7:52 a.m.9 views

CVE-2026-10540

The Control-M/Enterprise Manager uses weak protections for stored hashes of account passwords, potentially allowing offline password recovery attacks if credential data is obtained by an attacker. This vulnerability affects Control-M/Enterprise Manager unsupported versions 9.0.20.x and potentiall...

5.6CVSS5.8AI score0.00078EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/07/01 7:52 a.m.9 views

EUVD-2026-40933

The Control-M/Enterprise Manager uses weak protections for stored hashes of account passwords, potentially allowing offline password recovery attacks if credential data is obtained by an attacker. This vulnerability affects Control-M/Enterprise Manager unsupported versions 9.0.20.x and potentiall...

5.6CVSS5.8AI score0.00078EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/01 7:52 a.m.40 views

CVE-2026-10540 Weak password hash protection in Control-M/Entreprise Manager

The Control-M/Enterprise Manager uses weak protections for stored hashes of account passwords, potentially allowing offline password recovery attacks if credential data is obtained by an attacker. This vulnerability affects Control-M/Enterprise Manager unsupported versions 9.0.20.x and potentiall...

5.6CVSS0.00078EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/30 11:36 a.m.33 views

CVE-2026-8402 SQLi in Exagate's SYSGUARD 6001

Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in Eksagate Electronic Engineering and Computer Industry Trade Inc. SYSGUARD 6001 allows Blind SQL Injection. This issue affects SYSGUARD 6001: from 2.0.2 before 6.1.16.0. NOTE: The vendor was...

9.8CVSS0.00321EPSS
Exploits0References1
OSV
OSV
added 2026/06/30 11:7 a.m.3 views

SUSE-SU-2026:22454-1 Security update for dnsmasq

This update for dnsmasq fixes the following issues Update to 2.93: - CVE-2026-12725: heap buffer overflow in logquery when logging unsupported DS/DNSKEY replies bsc1268764...

7.5CVSS6.2AI score0.00754EPSS
Exploits1References5
Snyk
Snyk
added 2026/06/29 10:23 p.m.12 views

Improper Authorization

Overview org.apache.tomcat:tomcat-catalina is a Tomcat Servlet Engine Core Classes and Standard implementations. Affected versions of this package are vulnerable to Improper Authorization due to the improper enforcement of security constraints in the default servlet when certain HTTP methods or...

6.5CVSS5.8AI score0.0041EPSS
Exploits0References2
CVE
CVE
added 2026/06/29 1:15 a.m.14 views

CVE-2026-13522

Investintech SlimPDFReader up to version 2.0.14 is affected by an out-of-bounds read in SlimPDFReader.exe (PDF File Handler). The vulnerable component is the function Investintech::PCV::TeighaDo+0x25cde0 inside SlimPDFReader.exe. A manipulation can trigger the out-of-bounds read, and the issue ca...

5.3CVSS5.5AI score0.00293EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/29 1:15 a.m.41 views

CVE-2026-13522 Investintech SlimPDFReader PDF File SlimPDFReader.exe TeighaDo+0x25cde0 out-of-bounds

A security flaw has been discovered in Investintech SlimPDFReader up to 2.0.14. Affected by this issue is the function SlimPDFReader!Investintech::PCV::TeighaDo+0x25cde0 of the file SlimPDFReader.exe of the component PDF File Handler. Performing a manipulation results in out-of-bounds read. It is...

5.3CVSS0.00293EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/26 3:50 p.m.9 views

CVE-2026-53038

A flaw was found in the Linux kernel's Integrity Measurement Architecture IMA subsystem. When handling unsupported Trusted Platform Module TPM hash algorithms, the imafs component incorrectly accesses a hash algorithm name array, leading to a read out-of-bounds. This vulnerability could allow a...

5.5CVSS5.7AI score0.00122EPSS
Exploits0References4
OSV
OSV
added 2026/06/26 3:27 p.m.4 views

DRUPAL-CONTRIB-2026-064

The Tealium iQ Tag Management module provides Drupal integration with Tealium iQ. tealiumiq stores some data as PHP-serialized strings. In some situations, malicious data can be written directly to the field. This can lead to an Object Injection vulnerability when the data are unserialized. This...

8.1CVSS5.8AI score0.00423EPSS
Exploits0References1
Rows per page
Query Builder