Lucene search
K

4453 matches found

Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.17 views

PT-2026-49529

Name of the Vulnerable Software and Affected Versions i18next-http-middleware versions prior to 3.9.7 i18next-fs-backend versions 2.6.5 and earlier Description The missingKeyHandler in i18next-http-middleware fails to reject dotted variants of restricted keys, such as proto .polluted, while only...

9.1CVSS5.3AI score0.00419EPSS
Exploits0References9
OSV
OSV
added 2026/06/13 8:44 a.m.10 views

BIT-MARIADB-MIN-2026-49261 MariaDB server has unsafe parameter handling in `wsrep_notify_cmd`

MariaDB server is a community developed fork of MySQL server. Versions 10.6.1 through 10.6.26, 10.11.1 through 10.11.17, 11.4.1 through 11.4.11, 11.8.1 through 11.8.7, and 12.3.1 with wsrepnotifycmd enabled would execute shell commands embedded in the name of the joiner node. This is fixed in...

10CVSS5.5AI score0.00998EPSS
Exploits0References13
Snyk
Snyk
added 2026/06/13 6:7 a.m.3 views

Credential Exposure

Overview Affected versions of this package are vulnerable to Credential Exposure in jsonnetfetcher.go‎ that may expose the Kubernetes service account token of the Grafana Operator manager to users with sufficient privileges to create Dashboard or LibraryPanel resources. This token can be used to...

8.8CVSS5.8AI score0.00361EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/12 11:8 p.m.7 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via the native command handling process. An attacker can gain unauthorized access to privileged operations by sending crafted commands that bypass the configured...

8.8CVSS5.9AI score0.00267EPSS
Exploits0References2
Debian
Debian
added 2026/06/12 6:50 p.m.7 views

[SECURITY] [DSA 6343-1] librabbitmq security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6343-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 12, 2026 https://www.debian.org/security/faq -...

5.8AI score
Exploits0
Atlassian
Atlassian
added 2026/06/12 1:31 p.m.7 views

Information Disclosure org.apache.tomcat:tomcat-catalina Dependency in Jira Software Data Center

This High severity Information Disclosure vulnerability was introduced in versions 9.12.1, 9.15.2, 9.16.0, 9.17.0, 10.0.1, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, 10.7.1, 11.0.0, 11.1.0, 11.2.0, and 11.3.0 of Jira Software Data Center. This Information Disclosure vulnerability, with a CVS...

7.5CVSS5.2AI score0.00447EPSS
Exploits0
OSV
OSV
added 2026/06/12 12:26 p.m.11 views

OESA-2026-2662 ffmpeg security update

FFmpeg is a complete and free Internet live audio and video broadcasting solution for Linux/Unix. It also includes a digital VCR. It can encode in real time in many formats including MPEG1 audio and video, MPEG4, h263, ac3, asf, avi, real, mjpeg, and flash. Security Fixes: When calculating the...

8.7CVSS5.7AI score0.00172EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/12 11:10 a.m.7 views

Authentication Bypass by Alternate Name

Overview org.apache.cxf:cxf-rt-rs-security-oauth2 is a services framework. Affected versions of this package are vulnerable to Authentication Bypass by Alternate Name via the JwtAccessTokenValidator class. An attacker can gain unauthorized access to protected resources by replaying a JWT access...

9.1CVSS5.3AI score0.00418EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/12 9:2 a.m.29 views

CVE-2026-50633 Apache CXF: JNDI Injection vulnerability in DispatchMDBMessageListenerImpl

A JNDI Injection vulnerability has been discovered in Apache CXF's JCA integration module, which can allow for code execution, if an attacker is able to manipulate the JCA deployment descriptor ra.xml or runtime activation parameters. Users are recommended to upgrade to versions 4.2.2 or 4.1.7,...

0.00782EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/11 9:13 p.m.4 views

Incorrect Privilege Assignment

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Privilege Assignment due to the incorrect assignment of owner-scoped MCP loopback authority to hook-triggered agent processes. An attacker can perform unauthorized privileged...

8.7CVSS5.9AI score0.00281EPSS
Exploits0References2
Atlassian
Atlassian
added 2026/06/11 5:30 p.m.12 views

SSRF (Server-Side Request Forgery) axios Dependency in Bamboo Data Center

This High severity SSRF Server-Side Request Forgery vulnerability was introduced in versions 10.0.0, 10.1.0, 10.2.0, 11.0.0, 12.0.0, and 12.1.0 of Bamboo Data Center. This SSRF Server-Side Request Forgery vulnerability, with a CVSS Score of 8.6 and a CVSS Vector of...

8.6CVSS5.3AI score0.00921EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.6 views

Debian dsa-6339 : libinput-bin - security update

The remote Debian 12 / 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6339 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6339-1 [email protected] https://www.debian.org/security/...

9.8CVSS5.3AI score0.00498EPSS
Exploits0References5
NVD
NVD
added 2026/06/10 11:16 p.m.8 views

CVE-2026-42305

Dulwich is a pure-Python implementation of the Git file formats and protocols. Versions starting with 0.10.0 and prior to 1.2.5 have an arbitrary file write leading to remote code execution when cloning or checking out a malicious Git repository on Windows. Dulwich's path-element validator accept...

8.8CVSS0.00635EPSS
Exploits0References4
NVD
NVD
added 2026/06/10 11:16 p.m.10 views

CVE-2026-42558

Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to 4.4.2, a vulnerability chain consisting of Stored XSS and Iframe Sandbox escape in the Xibo CMS allows users with DataSet permissions to use the Data Connector...

7.6CVSS0.0011EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/10 11:12 p.m.9 views

Uncontrolled Recursion

Overview Magick.NET-Q16-HDRI-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

6.8CVSS5.3AI score0.00107EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/10 11:12 p.m.6 views

Heap-based Buffer Overflow

Overview Magick.NET-Q8-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package ar...

8.3CVSS5.5AI score0.00227EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/10 11:12 p.m.5 views

Heap-based Buffer Overflow

Overview Magick.NET-Q16-HDRI-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

8.3CVSS5.5AI score0.00227EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/10 11:12 p.m.9 views

Heap-based Buffer Overflow

Overview Magick.NET-Q8-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

8.3CVSS5.5AI score0.00227EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/10 11:12 p.m.7 views

Allocation of Resources Without Limits or Throttling

Overview Magick.NET-Q8-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

8.7CVSS5.3AI score0.00346EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/10 11:12 p.m.6 views

Allocation of Resources Without Limits or Throttling

Overview Magick.NET-Q16-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...

8.7CVSS5.3AI score0.00346EPSS
Exploits0References2
Rows per page
Query Builder