Lucene search
K

1615 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/05/07 2:0 p.m.7 views

Security Bulletin: IBM Maximo Scheduler Optimizer uses flask-3.1.2-py3-none-any.whl which is vulnerable to CVE-2026-27205

Summary IBM Maximo Scheduler Optimizer uses flask-3.1.2-py3-none-any.whl which is vulnerable to CVE-2026-27205. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2026-27205 DESCRIPTION: Flask is a web server gateway interface WSGI web...

4.3CVSS5.8AI score0.00374EPSS
Exploits0Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/07 2:38 a.m.13 views

Talos Linux has a local privilege escalation from untrusted workloads

Summary A vulnerability in the Linux kernel's algifaead subsystem CVE-2026-31431, "copy.fail" allows an unprivileged container workload to corrupt arbitrary file page-cache pages via the AFALG crypto interface and splice. On Talos Linux, this vulnerability can be chained into a complete node...

7.8CVSS8AI score0.96775EPSS
Exploits228References6Affected Software1
vulnersOsv
vulnersOsv
added 2026/05/06 7:32 p.m.7 views

@cedarjs/api-server (>=1.0.0-canary.12863 <=9.0.0-canary.1784), @cedarjs/cli (>=1.0.0-canary.12863 <=9.0.0-canary.1784) +12 more potentially affected by CVE-2026-23870 via react-server-dom-webpack (>=19.2.1 <=19.2.4)

react-server-dom-webpack NPM version =19.2.1, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =3.0.0-canary.13429, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863,...

7.5CVSS5.8AI score0.01533EPSS
Exploits1
Cvelist
Cvelist
added 2026/05/06 6:0 p.m.30 views

CVE-2026-8031 PicoTronica e-Clinic Healthcare System ECHS API Endpoint patient-records missing authentication

A vulnerability was detected in PicoTronica e-Clinic Healthcare System ECHS 5.7. The affected element is an unknown function of the file /cdemos/echs/api/v2/patient-records of the component API Endpoint. The manipulation results in missing authentication. The attack can be executed remotely. The...

6.9CVSS0.00394EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/06 3:32 p.m.8 views

EUVD-2026-27832

A vulnerability was detected in FlowiseAI Flowise up to 3.0.12. This affects the function verify of the file packages/server/src/enterprise/services/account.service.ts of the component Endpoint. Performing a manipulation results in information disclosure. Remote exploitation of the attack is...

6.3CVSS5.2AI score0.00401EPSS
Exploits1References5
CVE
CVE
added 2026/05/06 1:45 p.m.14 views

CVE-2026-8027

Technical details for CVE-2026-8027 are not publicly available in the provided documents. Monitor for updates.

5.3CVSS5.6AI score0.00293EPSS
Exploits1References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.5 views

Debian dla-4566 : openjdk-11-dbg - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4566 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4566-1 [email protected]...

7.5CVSS5.9AI score0.00702EPSS
Exploits0References16
RedhatCVE
RedhatCVE
added 2026/05/04 8:21 p.m.7 views

CVE-2026-7603

A vulnerability was determined in JeecgBoot up to 3.9.1. Affected by this issue is the function checkPathTraversalBatch of the file FileDownloadUtils.jav of the component LoadFile Endpoint. This manipulation of the argument files causes server-side request forgery. It is possible to initiate the...

6.5CVSS6.2AI score0.00268EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/04 8:21 p.m.6 views

CVE-2026-7602

A vulnerability was found in JeecgBoot up to 3.9.1. Affected by this vulnerability is an unknown functionality of the file /sys/fillRule/edit of the component FillRuleUtil Component. The manipulation of the argument ruleClass results in improper authorization. The attack may be performed from...

6.5CVSS6.1AI score0.00209EPSS
Exploits0References1
CVE
CVE
added 2026/05/04 5:30 a.m.18 views

CVE-2026-7736

The vulnerability CVE-2026-7736 affects osrg GoBGP up to version 4.3.0, specifically the parseRibEntry function in pkg/packet/mrt/mrt.go. The technical issue is an integer underflow triggered by manipulation, with remote exploit potential. A fix is available in GoBGP 4.4.0 (commit 76d911046344a39...

7.5CVSS6.9AI score0.00454EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/04 3:31 a.m.11 views

Prefect SSRF Bypass via DNS Rebinding in validate_restricted_url

A vulnerability has been found in PrefectHQ prefect up to 3.6.28.dev1. Affected by this vulnerability is the function validaterestrictedurl of the component Webhook/Notification. The manipulation leads to time-of-check time-of-use. It is possible to initiate the attack remotely. The attack is...

5CVSS5.1AI score0.0025EPSS
Exploits0References11Affected Software1
EUVD
EUVD
added 2026/05/04 2:45 a.m.14 views

EUVD-2026-26879

A vulnerability has been found in PrefectHQ prefect up to 3.6.28.dev1. Affected by this vulnerability is the function validaterestrictedurl of the component Webhook/Notification. The manipulation leads to time-of-check time-of-use. It is possible to initiate the attack remotely. The attack is...

5CVSS5.1AI score0.0025EPSS
Exploits0References9
EUVD
EUVD
added 2026/05/03 4:45 p.m.35 views

EUVD-2026-26842

A vulnerability has been found in AV Stumpfl Pixera Two Media Server up to 25.1 R2. The affected element is an unknown function of the component Service Port 1338. Such manipulation leads to path traversal. The exploit has been disclosed to the public and may be used. Upgrading to version 25.2 R3...

5.3CVSS5.2AI score0.00381EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/03 7:30 a.m.41 views

CVE-2026-7686 eyeo Adblock Plus Legacy Premium Activation premium.preload.js postMessage access control

A vulnerability was found in eyeo Adblock Plus up to 4.36.2 on Chrome. Affected by this vulnerability is the function postMessage of the file premium.preload.js of the component Legacy Premium Activation. Performing a manipulation results in improper access controls. Remote exploitation of the...

6.9CVSS0.00297EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/03 12:0 a.m.10 views

PT-2026-36689

A vulnerability was found in eyeo Adblock Plus up to 4.36.2 on Chrome. Affected by this vulnerability is the function postMessage of the file premium.preload.js of the component Legacy Premium Activation. Performing a manipulation results in improper access controls. Remote exploitation of the...

6.9CVSS5.7AI score0.00297EPSS
Exploits0References6
NVD
NVD
added 2026/05/02 7:16 a.m.3 views

CVE-2026-7605

A security flaw has been discovered in JeecgBoot up to 3.9.1. This vulnerability affects the function CommonController.uploadImgByHttp/HttpFileToMultipartFileUtil.httpFileToMultipartFile/HttpFileToMultipartFileUtil.downloadImageData of the file CommonController.java of the component...

6.5CVSS0.00214EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/05/02 6:15 a.m.4 views

CVE-2026-7605

A security flaw has been discovered in JeecgBoot up to 3.9.1. This vulnerability affects the function CommonController.uploadImgByHttp/HttpFileToMultipartFileUtil.httpFileToMultipartFile/HttpFileToMultipartFileUtil.downloadImageData of the file CommonController.java of the component...

6.5CVSS6.3AI score0.00214EPSS
Exploits0References6
EUVD
EUVD
added 2026/05/02 6:15 a.m.4 views

EUVD-2026-26753

A security flaw has been discovered in JeecgBoot up to 3.9.1. This vulnerability affects the function CommonController.uploadImgByHttp/HttpFileToMultipartFileUtil.httpFileToMultipartFile/HttpFileToMultipartFileUtil.downloadImageData of the file CommonController.java of the component...

6.5CVSS5.5AI score0.00214EPSS
Exploits0References6
EUVD
EUVD
added 2026/05/02 4:45 a.m.5 views

EUVD-2026-26739

A vulnerability was identified in JeecgBoot up to 3.9.1. This affects the function OpenApiController.add/OpenApiController.call of the file OpenApiController.java of the component OpenApi Service. Such manipulation of the argument originUrl database leads to server-side request forgery. It is...

6.5CVSS6.3AI score0.00214EPSS
Exploits0References6
CVE
CVE
added 2026/05/02 4:45 a.m.14 views

CVE-2026-7604

JeecgBoot up to 3.9.1 is affected by a server-side request forgery in the OpenApi Service, specifically through OpenApiController.add/OpenApiController.call in OpenApiController.java. The vulnerability arises from manipulating the originUrl in the database, enabling remote exploitation. An exploi...

6.5CVSS6.3AI score0.00214EPSS
Exploits0References6
Rows per page
Query Builder