Lucene search
K

983 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/21 12:0 a.m.4 views

CVE-2026-31014

Dovestones Softwares AD Self Update 4.0.0.5 is vulnerable to Cross Site Request Forgery CSRF. The affected endpoint processes state-changing requests without requiring a CSRF token or equivalent protection. The endpoint accepts application/x-www-form-urlencoded requests, and an originally...

5.7AI score0.001EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/04/20 12:0 a.m.5 views

Fedora 43 : xorg-x11-server-Xwayland (2026-beff97a194)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-beff97a194 advisory. Update to xwayland 24.1.10, CVE fix for: CVE-2026-33999, CVE-2026-34000, CVE-2026-34001, CVE-2026-34002, CVE-2026-34003 Tenable has extracted the...

9.1CVSS5.9AI score0.00489EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/04/16 12:0 a.m.9 views

Security Updates for Windows Defender (April 2026)

The Antimalware Platform version of Microsoft Windows Defender installed on the remote Windows host is prior to 4.18.26030.3011. It is, therefore, affected by a privilege escalation vulnerability: - Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to...

7.8CVSS6.4AI score0.06749EPSS
Exploits3References2
Tenable Nessus
Tenable Nessus
added 2026/04/15 12:0 a.m.6 views

Fedora 43 : webkitgtk (2026-431948187d)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-431948187d advisory. Update to 2.52.1. Notable changes from 2.50 to 2.52: Make text look like in other browsers by blending in linear color space. Improved rendering...

8.8CVSS7AI score0.00961EPSS
Exploits2References19
Tenable Nessus
Tenable Nessus
added 2026/04/14 12:0 a.m.6 views

Fedora 43 : flatpak (2026-5286084b44)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-5286084b44 advisory. Update to 1.16.6 Fixes for CVE-2026-34078, CVE-2026-34079, GHSA-2fxp-43j9-pwvc and GHSA-89xm-3m96-w3jg Tenable has extracted the preceding descripti...

10CVSS7.3AI score0.0168EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/10 5:22 p.m.4 views

Aiven Operator has cross-namespace secret exfiltration via ClickhouseUser connInfoSecretSource

Impact A developer with create permission on ClickhouseUser CRDs in their own namespace can exfiltrate secrets from any other namespace — production database credentials, API keys, service tokens — with a single kubectl apply. The operator reads the victim's secret using its ClusterRole and write...

6.8CVSS5.8AI score0.00394EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/06 12:0 a.m.10 views

PT-2026-33203

Name of the Vulnerable Software and Affected Versions Scribunto versions 1.45.0 through 1.45.1 Description A security issue exists in the Wikimedia Foundation Scribunto software. Recommendations Update to version 1.45.2...

2.3CVSS5.8AI score0.00228EPSS
Exploits0References7
OpenVAS
OpenVAS
added 2026/04/02 12:0 a.m.8 views

Joomla! Access Control Vulnerability (20260301)

Joomla! is prone to an access control vulnerability. Note: This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

7.3CVSS5.7AI score0.00249EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/03/30 12:0 a.m.2 views

Fedora 43 : mingw-expat (2026-e70c1919fe)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-e70c1919fe advisory. Update to 2.7.5. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...

5.5CVSS6AI score0.00216EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/29 12:0 a.m.7 views

PT-2026-28448

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.11 Description The software contains a session sandbox escape issue within the session status tool. This allows sandboxed subagents to access session state belonging to parent or sibling sessions. An attacker...

9.2CVSS6AI score0.00101EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/27 8:25 p.m.2 views

CVE-2026-33875

Gematik Authenticator securely authenticates users for login to digital health applications. Versions prior to 4.16.0 are vulnerable to authentication flow hijacking, potentially allowing attackers to authenticate with the identities of victim users who click on a malicious deep link. Update...

9.3CVSS5.9AI score0.00265EPSS
Exploits0References2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/27 8:3 a.m.6 views

Security Bulletin: IBM Maximo Application Suite - Predict Component was using vulnerable library flask-3.1.2 which is vulnerable to CVE-2026-27205

Summary IBM Maximo Application Suite - Predict Component was using vulnerable library flask-3.1.2-py3-none-any.whl which is vulnerable to CVE-2026-27205. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-27205 DESCRIPTION: Flask is a web server...

4.3CVSS5.8AI score0.00374EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.9 views

PT-2026-28548

Name of the Vulnerable Software and Affected Versions Windmill versions prior to 1.664.0 Description Windmill, a developer platform for internal code including APIs, background jobs, workflows, and UIs, is affected by a code injection issue. Workspace environment variable values are interpolated...

8.6CVSS6AI score0.00378EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.7 views

PT-2026-28618

Name of the Vulnerable Software and Affected Versions TigerVNC versions prior to 1.16.2 Description The software contains a flaw in the Image.cxx file within the x0vncserver component. Incorrect permissions allow other users to potentially observe or manipulate the screen content, or cause the...

9.8CVSS5.9AI score0.00247EPSS
Exploits0References58
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.22 views

PT-2026-28574

Name of the Vulnerable Software and Affected Versions Happy DOM versions 15.10.0 through 20.8.7 Description Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. Versions 15.10.0 through 20.8.7 contain a code injection issue in the ECMAScriptModuleCompile...

8.8CVSS6.1AI score0.00788EPSS
Exploits1References12
Tenable Nessus
Tenable Nessus
added 2026/03/25 12:0 a.m.3 views

Fedora 44 : containernetworking-plugins (2026-d6b4b4df31)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-d6b4b4df31 advisory. - Update to release v1.9.1 - Resolves: rhbz2448053, rhbz2423997, rhbz2424031 - Upstream fixes Tenable has extracted the preceding description block...

7.5CVSS7.4AI score0.00523EPSS
Exploits1References2
Nvidia
Nvidia
added 2026/03/24 12:0 a.m.7 views

Security Bulletin: NVIDIA Model Optimizer - March 2026

NVIDIA has released a software update for NVIDIA® Model Optimizer. To protect your system, clone or update this software to ModelOpt 0.41.0 Release or later from NVIDIA Github. Go to NVIDIA Product Security. Details The following table summarizes the potential vulnerabilities that this security...

7.8CVSS5.9AI score0.0021EPSS
Exploits0Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/23 8:43 p.m.5 views

Indico discloses local files resulting in Remote Code Execution through LaTeX injection

!NOTE If server-side LaTeX rendering is not in use ie XELATEXPATH was not set in indico.conf, this vulnerability does not apply. Impact Due to vulnerabilities in TeXLive and obscure LaTeX syntax that allowed circumventing Indico's LaTeX sanitizer, it is possible to use specially-crafted LaTeX...

8.8CVSS6AI score0.00782EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2026/03/19 12:44 p.m.5 views

GHSA-Q382-VC8Q-7JHJ Improper handling of null Unicode character when parsing JSON in github.com/modelcontextprotocol/go-sdk

The Go SDK recently transitioned to the segmentio/encoding library for JSON parsing in version 1.3.1. While this change addressed both case-insensitivity and ASCII folding issues, the new parser implemented aggressive key matching that treated keys with null Unicode characters appended at the end...

8.2CVSS5.8AI score
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/03/15 12:0 a.m.4 views

Fedora 43 : python3.11 (2026-29658d2f4b)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-29658d2f4b advisory. Update to 3.11.15 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested...

6CVSS6.5AI score0.0055EPSS
Exploits0References5
Rows per page
Query Builder