Lucene search
+L

1921 matches found

Amazon
Amazon
added 2026/04/14 12:0 a.m.14 views

Medium: amazon-ecr-credential-helper

Issue Overview: url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which t...

7.5CVSS5.9AI score0.00728EPSS
Exploits0
ICS
ICS
added 2026/04/14 12:0 a.m.13 views

Siemens SCALANCE

SUMMARY SCALANCE W-700 IEEE 802.11n family before V6.6.0 are affected by multiple vulnerabilities. Siemens has released a new version for SCALANCE W-700 IEEE 802.11n family and recommends to update to the latest version. 2. GENERAL RECOMMENDATIONS As a general security measure, Siemens strongly...

9.1CVSS7.3AI score0.01373EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 2026/04/12 1:0 a.m.4 views

CVE-2026-6108 1Panel-dev MaxKB Model Context Protocol Node base_mcp_node.py execute os command injection

A vulnerability was found in 1Panel-dev MaxKB up to 2.6.1. The affected element is the function execute of the file apps/application/flow/stepnode/mcpnode/impl/basemcpnode.py of the component Model Context Protocol Node. Performing a manipulation results in os command injection. The attack is...

6.5CVSS6.3AI score0.0132EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/08 12:0 a.m.4 views

SUSE SLES12 Security Update : python-PyJWT (SUSE-SU-2026:1199-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1199-1 advisory. - CVE-2026-32597: Fixed unknown crit header extensions accepts bsc1259616. Tenable has extracted the preceding description block directly fr...

7.5CVSS6AI score0.00269EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/03/29 12:0 a.m.5 views

Debian dla-4514 : gir1.2-gst-plugins-base-1.0 - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4514 advisory. - ----------------------------------------------------------------------- Debian LTS Advisory DLA-4514-1 [email protected] https://www.debian.org/lts/security/...

7.8CVSS6.3AI score0.00867EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/28 12:0 a.m.7 views

PT-2026-28729

Name of the Vulnerable Software and Affected Versions elecV2 versions up to 3.8.3 Description A flaw exists in elecV2, specifically within the Endpoint component. Manipulation of the filename argument in a function related to the /logs file can lead to cross-site scripting. This issue is...

5.3CVSS5.1AI score0.00263EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2026/03/27 3:16 p.m.4 views

CVE-2026-27876

A chained attack via SQL Expressions and a Grafana Enterprise plugin can lead to a remote arbitrary code execution impact RCE. This is enabled by a feature in Grafana OSS, so all users are always recommended to update to avoid future attack vectors going this path. Only instances with the...

9.1CVSS6.7AI score0.01929EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.6 views

PT-2026-28545

Name of the Vulnerable Software and Affected Versions Gematik Authenticator versions 4.12.0 through 4.15.9 Description The Gematik Authenticator, used for secure user authentication in digital health applications, has a flaw on Mac OS systems. Opening a specially crafted file can lead to remote...

7.8CVSS6.1AI score0.00282EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/24 9:30 a.m.17 views

EUVD-2026-14786

Apache Artemis before version 2.52.0 is affected by an authentication bypass flaw which allows reading all messages exchanged via the broker and injection of new message CVE-2026-27446 https://www.cve.org/CVERecord . Since KNIME Business Hub uses Apache Artemis it is also affected by the issue...

9.8CVSS5.9AI score0.10629EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/24 8:15 a.m.7 views

CVE-2026-4649

Apache Artemis before version 2.52.0 is affected by an authentication bypass flaw which allows reading all messages exchanged via the broker and injection of new message CVE-2026-27446 https://www.cve.org/CVERecord . Since KNIME Business Hub uses Apache Artemis it is also affected by the issue...

9.8CVSS5.9AI score0.10629EPSS
Exploits1References2Affected Software1
ICS
ICS
added 2026/03/10 12:0 a.m.6 views

Siemens SICAM SIAPP SDK

SUMMARY The SICAM SIAPP SDK contains multiple vulnerabilities that could allow an attacker to disrupt the customer-developed SIAPP or its simulation environment. Potential impacts include denial of service within the SIAPP, corruption of SIAPP data, or exploit the simulation environment. These...

6.5AI score
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2026/03/10 12:0 a.m.8 views

Zoom Workplace VDI Client < 6.4.17 Vulnerability (ZSB-26005)

The version of Zoom Workplace VDI Client installed on the remote host is prior to 6.4.17. It is, therefore, affected by a vulnerability as referenced in the ZSB-26005 advisory. - External Control of File Name or Path in the Mail feature of Zoom Workplace for Windows before 6.6.0 may allow an...

9.8CVSS5.9AI score0.00328EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.7 views

PT-2026-20292

Name of the Vulnerable Software and Affected Versions Rent Fetch plugin for WordPress versions up to and including 0.32.4 Description The Rent Fetch plugin for WordPress is susceptible to Stored Cross-Site Scripting through the keyword parameter. This is due to inadequate input sanitization and...

7.2CVSS5.7AI score0.00313EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/02/17 12:0 a.m.12 views

PT-2026-20265

Name of the Vulnerable Software and Affected Versions Datart version 1.0.0-rc.3 Description An issue exists that allows attackers to execute arbitrary code through the url parameter within the JDBC configuration. The affected component is the JDBC configuration. Recommendations Update to a newer...

8.8CVSS5.9AI score0.00478EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/02/10 12:0 a.m.15 views

PT-2026-7291

Name of the Vulnerable Software and Affected Versions Intel Ethernet Controller E810 firmware versions prior to 1.7.8.x Description An out-of-bounds write issue exists in the firmware of some Intel Ethernet Controller E810 devices. A local attacker with privileged user access and low complexity...

6.7CVSS5.4AI score0.00113EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/10 12:0 a.m.12 views

PT-2026-7302

Name of the Vulnerable Software and Affected Versions Intel Ethernet Network Adapter E810 versions prior to cvl fw 1.7.6, cpk 1.3.7 Description An out-of-bounds read issue exists in the firmware of certain Intel Ethernet Network Adapter E810 devices. A network-based attacker with authenticated...

6.5CVSS5.3AI score0.0024EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/08 12:0 a.m.9 views

PT-2026-6938

Name of the Vulnerable Software and Affected Versions UTT HiPER 810 version 1.7.4-141218 Description A flaw exists in the rehttpd component of UTT HiPER 810. Specifically, the sub 4407D4 function within the /goform/formReleaseConnect file is susceptible to command injection. Manipulating the Isp...

8.6CVSS5.7AI score0.04239EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2026/02/07 12:0 a.m.9 views

PT-2026-6895

Name of the Vulnerable Software and Affected Versions MP-Ukagaka plugin for WordPress versions through 1.5.2 Description The MP-Ukagaka plugin for WordPress is susceptible to Reflected Cross-Site Scripting due to inadequate input sanitization and output escaping. This allows unauthenticated...

6.1CVSS5.6AI score0.00264EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/02/07 12:0 a.m.10 views

PT-2026-6909

Name of the Vulnerable Software and Affected Versions PHPGurukul Beauty Parlour Management System version 1.1 Description A flaw exists in PHPGurukul Beauty Parlour Management System that allows for SQL injection. This issue is located in the /admin/accepted-appointment.php file. Manipulation of...

7.5CVSS5.5AI score0.00381EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/02/05 12:0 a.m.6 views

PT-2026-6557

Name of the Vulnerable Software and Affected Versions IBM webMethods Integration Server versions 10.15 through IS 10.15 Core Fix2411.1 to IS 11.1 Core Fix8 Description IBM webMethods Integration Server may reveal sensitive user information within its server responses. Recommendations Update to a...

6.5CVSS5.4AI score0.00323EPSS
Exploits0References5
Rows per page
Query Builder