Lucene search
K

1630 matches found

EUVD
EUVD
added 2026/04/09 9:31 p.m.4 views

EUVD-2026-21053

Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve component of Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.40 through 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 o...

5.8AI score0.00461EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/09 9:31 p.m.16 views

Apache Tomcat: CLIENT_CERT authentication does not fail as expected

CLIENTCERT authentication does not fail as expected for some scenarios when soft fail is disabled and FFM is used in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M14 through 11.0.20, from 10.1.22 through 10.1.53, from 9.0.92 through 9.0.116. Users are recommended to upgrade to...

6.5CVSS5.8AI score0.00469EPSS
Exploits0References10Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/09 7:36 p.m.2 views

CVE-2026-34487 Apache Tomcat: Cloud membership for clustering component exposed the Kubernetes bearer token

Insertion of Sensitive Information into Log File vulnerability in the cloud membership for clustering component of Apache Tomcat exposed the Kubernetes bearer token. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.13 through 9.0.116. User...

5.8AI score0.00447EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/04/08 7:14 p.m.7 views

io.quarkiverse.docling:quarkus-docling (>=0.0.1 <=0.0.4), io.quarkiverse.docling:quarkus-docling-deployment (>=0.0.1 <=0.0.4) +112 more potentially affected by CVE-2026-40180 via io.quarkiverse.openapi.generator:quarkus-openapi-generator (>=0.1.0 <=2.16.0-lts)

io.quarkiverse.openapi.generator:quarkus-openapi-generator MAVEN version =0.1.0, =0.0.1, =0.0.1, =0.1.0, =2.10.0, =0.4.0, =2.10.0, =2.16.0-lts - org.apache.kie.sonataflow:sonataflow-addons-quarkus-camel =10.2.0 - org.apache.kie.sonataflow:sonataflow-addons-quarkus-camel-deployment =10.2.0 -...

8.7CVSS5.4AI score0.00387EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/04/05 12:0 a.m.5 views

PT-2026-30510

Missing Authentication for Critical Function vulnerability in Honeywell Handheld Scanners allows Authentication Abuse.This issue affects Handheld Scanners: from C1 BaseIngenic x1000 before GK000432BAA, from D1 BaseIngenic x1600 before HE000085BAA, from A1/B1 BaseIMX25 before BK000763BAA BK000765B...

8.1CVSS6AI score0.00453EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/02 9:0 p.m.13 views

External Control of System or Configuration Setting

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to External Control of System or Configuration Setting via the handling of the .env configuration file, which allows the override of the OPENCLAWBUNDLEDHOOKSDIR environment variable. An...

8.5CVSS6.3AI score0.00133EPSS
Exploits0References2
Debian
Debian
added 2026/04/01 10:46 a.m.11 views

[SECURITY] [DLA 4520-1] python-tornado security update

Debian LTS Advisory DLA-4520-1 [email protected] https://www.debian.org/lts/security/ Daniel Leidert April 01, 2026 https://wiki.debian.org/LTS Package : python-tornado Version : 6.1.0-1+deb11u4 CVE ID : CVE-2026-31958 Debian Bug : 1130507 1132367 Tornado is a scalable, non-blocking...

8.7CVSS5.7AI score0.00375EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/04/01 12:0 a.m.7 views

RHEL 9 : OpenShift Container Platform 4.19.27 (RHSA-2026:5876)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:5876 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...

10CVSS6.8AI score0.00765EPSS
Exploits1References7
OSV
OSV
added 2026/03/27 6:6 p.m.3 views

GHSA-3C7F-5HGJ-H279 n8n has XSS in Chat Trigger Node through Custom CSS

Impact An authenticated user with permission to create or modify workflows could inject malicious JavaScript into the Custom CSS field of the Chat Trigger node. Due to a misconfiguration in the sanitize-html library, the sanitization could be bypassed, resulting in stored XSS on the public chat...

5.4CVSS5.8AI score0.00177EPSS
Exploits0References2
Amazon
Amazon
added 2026/03/27 12:0 a.m.8 views

Important: tomcat9

Issue Overview: mproper Input Validation vulnerability. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0-M1 through 9.0.112. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through...

9.1CVSS6.9AI score0.00498EPSS
Exploits0
NVD
NVD
added 2026/03/26 6:16 p.m.6 views

CVE-2026-33495

ORY Oathkeeper is an Identity & Access Proxy IAP and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. Ory Oathkeeper is often deployed behind other components like CDNs, WAFs, or reverse proxies. Depending on the setup, another component might forward the...

6.5CVSS0.00233EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/26 3:15 p.m.4 views

CVE-2026-4168

A vulnerability was identified in Tecnick TCExam 16.5.0. This impacts an unknown function of the file /admin/code/tceeditgroup.php of the component Group Handler. Such manipulation of the argument Name leads to cross site scripting. The attack may be launched remotely. The exploit is publicly...

4.8CVSS4AI score0.00273EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/03/26 12:0 a.m.5 views

RHEL 8 / 9 : OpenShift Container Platform 4.14.63 (RHSA-2026:5086)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:5086 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private clo...

4.3CVSS7.2AI score0.00419EPSS
Exploits0References5
CVE
CVE
added 2026/03/25 9:44 p.m.9 views

CVE-2026-4823

CVE-2026-4823 concerns Enter Software Iperius Backup (≤ 8.7.3). The issue affects an unspecified function in the NTLM2 Handler component, enabling an information disclosure under local execution. The attack surface is limited to local access, with high attack complexity and a low overall risk sco...

2.5CVSS5.1AI score0.00131EPSS
Exploits0References5
EUVD
EUVD
added 2026/03/25 9:8 p.m.4 views

EUVD-2026-15943

n8n is Vulnerable to Credential Theft via Name-Based Resolution and Permission Checker Bypass in Community Edition...

8.5CVSS5.8AI score0.00392EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/25 9:8 p.m.8 views

n8n is Vulnerable to Credential Theft via Name-Based Resolution and Permission Checker Bypass in Community Edition

Impact An authenticated user with the global:member role could exploit chained authorization flaws in n8n's credential pipeline to steal plaintext secrets from generic HTTP credentials httpBasicAuth, httpHeaderAuth, httpQueryAuth belonging to other users on the same instance. The attack abuses a...

8.5CVSS6AI score0.00392EPSS
Exploits0References3Affected Software1
SUSE CVE
SUSE CVE
added 2026/03/25 12:26 a.m.5 views

SUSE CVE-2026-27896

The Go MCP SDK used Go's standard encoding/json.Unmarshal for JSON-RPC and MCP protocol message parsing in versions prior to 1.3.1. Go's standard library performs case-insensitive matching of JSON keys to struct field tags - a field tagged json:"method" would also match "Method", "METHOD", etc...

7CVSS5.8AI score0.00255EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.9 views

PT-2026-28078

n8n is an open source workflow automation platform. Prior to versions 2.4.0 and 1.121.0, when LDAP authentication is enabled, n8n automatically linked an LDAP identity to an existing local account if the LDAP email attribute matched the local account's email. An authenticated LDAP user who could...

8.8CVSS5.8AI score0.0032EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.6 views

PT-2026-28082

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.23 n8n versions prior to 2.6.4 Description An authenticated user lacking the necessary permissions could access secrets stored in connected vaults by referencing them by name when saving credentials. This bypasses t...

7.3CVSS5.8AI score0.0026EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.5 views

PT-2026-28072

n8n is an open source workflow automation platform. Prior to versions 1.123.22, 2.9.3, and 2.10.1, an authenticated user with permission to create or modify workflows could use the JavaScript Task Runner to allocate uninitialized memory buffers. Uninitialized buffers may contain residual data fro...

7.1CVSS5.8AI score0.00262EPSS
Exploits0References4
Rows per page
Query Builder