Lucene search
K

1265 matches found

ATTACKERKB
ATTACKERKB
added yesterday4 views

CVE-2026-49434

Improper Input Validation vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. An attacker that has access to publish or modify entries in LDAP that match the configured searchBase and searchFilter can instantiate denied transports inside the broker JVM. This can be used...

7.5CVSS5.7AI score
Exploits0References2Affected Software3
Cvelist
Cvelist
added yesterday6 views

CVE-2026-50750 Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All: Pre-authentication OpenWire DoS following fix for CVE-2026-49270

Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. Following the fix for CVE-2026-49270 an unauthenticated attacker can now cause broker OOM by sending an repeated BrokerInfo commands without sending a ConnectionInfo, until the broke...

Exploits0References1
OSV
OSV
added 2 days ago4 views

DEBIAN-CVE-2026-55276

Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat meant that special roles and empty authorisation constraints were not included when the effective web.xml was logged. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...

9.1CVSS5.7AI score0.00174EPSS
Exploits0References1
OSV
OSV
added 2 days ago3 views

DEBIAN-CVE-2026-55956

Improper Authorization vulnerability in Apache Tomcat leads to security constraints specified for the default servlet ignoring any method or method omission configured as part of the constraint. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...

6.5CVSS5.7AI score0.00165EPSS
Exploits0References1
Nuclei
Nuclei
added 2 days ago14 views

Adminer 4.6.2 - 5.4.1 Unauthenticated Persistent DoS

Adminer = 5.4.1 contains a denial of service caused by lack of origin validation in version check endpoint, letting attackers trigger server errors via crafted POST requests, exploit requires no special privileges. id: CVE-2026-25892 info: name: Adminer 4.6.2 - 5.4.1 Unauthenticated Persistent Do...

7.5CVSS5.8AI score0.01586EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 3 days ago8 views

Fedora 43 : dotnet9.0 (2026-2954cd11bd)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-2954cd11bd advisory. Update to .NET SDK 9.0.118 and Runtime 9.0.17 Fixes: CVE-2026-45490,CVE-2026-45491,CVE-2026-45591 Release Notes: - SDK:...

7.8CVSS7.2AI score0.0243EPSS
Exploits0References4
EUVD
EUVD
added 5 days ago5 views

EUVD-2026-39627

The Apache Airflow FTP provider's FTPSHook.getconn created an ftplib.FTPTLS connection but never called protp, so although the control channel was TLS-protected the data channel was transmitted in cleartext. Any deployment using FTPSHook or FTPSFileTransmitOperator to move files over FTPS exposed...

7.5CVSS5.8AI score0.00264EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 6 days ago7 views

Critical: Red Hat Security Advisory: OpenShift Container Platform 4.12.92 bug fix and security update

Red Hat OpenShift Container Platform release 4.12.92 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a...

9.8CVSS6.1AI score0.00563EPSS
Exploits1References5
Snyk
Snyk
added 2026/06/19 8:47 p.m.8 views

Wrap-around Error

Overview Affected versions of this package are vulnerable to Wrap-around Error in ReentrantReadWriteLock that causes incorrect write locks. An attacker can cause a thread to incorrectly obtain a write lock without exclusivity by repeatedly acquiring the read lock 32,768 times, which overflows the...

5.5CVSS5.9AI score0.00106EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/19 7:21 p.m.5 views

Symlink Attack

Overview py7zr is a Pure python 7-zip library Affected versions of this package are vulnerable to Symlink Attack in the extractall method. An attacker can overwrite arbitrary files on the host system by crafting malicious archives containing symbolic link chains that escape the intended extractio...

8.6CVSS6.3AI score0.00404EPSS
Exploits0References2
NVD
NVD
added 2026/06/19 2:16 p.m.9 views

CVE-2026-47339

Incorrect Authorization vulnerability in Apache APISIX. An attacker can capitalise on authz-casdoor plugin under default configuration to authenticate themselves with credentials from a different source. This issue affects Apache APISIX: from 2.14.1 through 3.16.0. Users are recommended to upgrad...

8.1CVSS0.00285EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/19 1:7 p.m.27 views

CVE-2026-39999 Apache APISIX: JWT Algorithm Confusion allows authentication bypass

Authentication Bypass by Spoofing vulnerability in Apache APISIX. The attacker can completely bypass authentication capitalising on certain configurations of jwt-auth plugin. This issue affects Apache APISIX: from v2.2 through v3.16.0. Users are recommended to upgrade to version v3.17.0, which...

7CVSS0.00386EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.12 views

Astra Linux – Vulnerability in Tomcat9

The issue involves a vulnerability in the generation of error messages containing sensitive information in Apache Tomcat. This issue affects Apache Tomcat versions starting from 8.5.7 through 8.5.63, and from 9.0.0-M11 through 9.0.43. Other, end-of-life versions may also be affected. It is...

5.3CVSS7.1AI score0.14286EPSS
Exploits3References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Tomcat9

The “Allocation of Resources Without Limits or Throttling” vulnerability in Apache Tomcat exists. This issue affects Apache Tomcat versions from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, and from 9.0.0.M1 through 9.0.105. The following versions were already at the end of their...

7.5CVSS6.7AI score0.53228EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Tomcat9

A Session Fixation vulnerability exists in Apache Tomcat through the rewrite valve. This issue affects Apache Tomcat: versions from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, and from 9.0.0.M1 through 9.0.105. Older, end-of-life versions may also be affected. Users are recommended ...

6.5CVSS5.3AI score0.00775EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in abseil

There exists a heap buffer overflow vulnerability in Abseil-cpp. The constructor methods reserve and rehash, which are used to manage the size of the container’s backing store, do not impose an upper limit on the size of these methods’ arguments. As a result, a caller could pass a very large size...

9.8CVSS6.4AI score0.00563EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/18 6:35 p.m.7 views

Unsafe Dependency Resolution

Overview @theia/ai-ide is an AI IDE Agents Extension Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the processing of workspace file and directory names in the AI chat. An attacker can cause the agent to execute attacker-controlled instructions by introducing...

8.8CVSS6.2AI score0.00272EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/18 6:35 p.m.4 views

Unsafe Dependency Resolution

Overview @theia/ai-editor is a Theia - AI Editor Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the processing of workspace file and directory names in the AI chat. An attacker can cause the agent to execute attacker-controlled instructions by introducing...

8.8CVSS6.2AI score0.00272EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/18 2:28 p.m.9 views

EUVD-2026-37752

undici WebSocket client vulnerable to denial of service via cumulative fragment bypass...

7.5CVSS5.8AI score0.00426EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/17 6:22 p.m.7 views

Allocation of Resources Without Limits or Throttling

Overview undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the handling of WebSocket message fragments. An attacker can cause unbounded memory growth and exhaust system...

8.7CVSS5.9AI score0.0057EPSS
Exploits0References2
Rows per page
Query Builder