Lucene search
K

3524 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2 hours ago5 views

Security Bulletin: IBM SPSS Modeler is affected by multiple vulnerabilities in DataView

Summary IBM SPSS Modeler is affected by multiple vulnerabilities in DataView. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2023-44981 DESCRIPTION: Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer...

9.1CVSS7.5AI score0.02667EPSS
Exploits2Affected Software1
Nuclei
Nuclei
added 14 hours ago32 views

Zhiyuan OA Platform - Arbitrary File Upload

An arbitrary file upload vulnerability exists in the Zhiyuan OA platform 5.0, 5.1 - 5.6sp1, 6.0 - 6.1sp2, 7.0, 7.0sp1 - 7.1, 7.1sp1, and 8.0 - 8.0sp2 via the wpsAssistServlet interface. The realFileType and fileId parameters are improperly validated during multipart file uploads, allowing...

10CVSS6.5AI score0.1438EPSS
Exploits3References2
CVE
CVE
added 6 days ago36 views

CVE-2026-54782

CVE-2026-54782 affects CoreWCF (CoreWCF.Primitives and related token validation path) where SAML 1.1/2.0 token validation fails to resolve the issuer signing key when IdentityConfiguration is used with federated bindings, allowing unauthenticated impersonation. Affected versions: prior to 1.8.1 a...

10CVSS6AI score0.00246EPSS
Exploits0References6
OSV
OSV
added 2026/07/06 3:23 p.m.8 views

BIT-LIBPYTHON-2026-1502 HTTP client proxy tunnel headers not validated for CR/LF

CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host...

5.7CVSS5.7AI score0.00562EPSS
Exploits0References11
OSV
OSV
added 2026/07/06 8:3 a.m.4 views

PYSEC-2026-952 Incomplete validation in signal ops leads to crashes in TensorFlow

Impact The tf.compat.v1.signal.rfft2d and tf.compat.v1.signal.rfft3d lack input validation and under certain condition can result in crashes due to CHECK-failures. Patches We have patched the issue in GitHub commit 0a8a781e597b18ead006d19b7d23d0a369e9ad73 merging GitHub PR 55274. The fix will be...

5.5CVSS6.1AI score0.0031EPSS
Exploits1References12
CVE
CVE
added 2026/07/01 10:21 p.m.36 views

CVE-2026-14411

CVE-2026-14411 describes insufficient validation of untrusted input in ANGLE used by Google Chrome, prior to build 150.0.7871.46. The issue may allow a remote attacker to cause a sandbox escape via a crafted HTML page. Documented impact is a high-severity, likely remote threat affecting ANGLE int...

9.6CVSS5.8AI score0.00253EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/07/01 12:34 a.m.5 views

EUVD-2026-40742

Insufficient validation of untrusted input in Device Trust in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.00253EPSS
Exploits0References3
NVD
NVD
added 2026/06/30 11:17 p.m.6 views

CVE-2026-13999

Insufficient validation of untrusted input in Extensions in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. Chromium security severity: Medium...

4.3CVSS0.00176EPSS
Exploits0References2
NVD
NVD
added 2026/06/30 11:16 p.m.6 views

CVE-2026-13816

Insufficient validation of untrusted input in File Input in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

6.5CVSS0.00299EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/30 10:39 p.m.24 views

CVE-2026-14136

Insufficient validation of untrusted input in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

0.00179EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/30 10:39 p.m.26 views

CVE-2026-14083

Insufficient validation of untrusted input in HTML in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Low...

0.00182EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/30 10:38 p.m.28 views

CVE-2026-13955

Insufficient validation of untrusted input in CustomTabs in Google Chrome on Android prior to 150.0.7871.47 allowed a local attacker to perform UI spoofing via a malicious file. Chromium security severity: Medium...

0.00111EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.6 views

PT-2026-54203

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description Insufficient validation of untrusted input in the Network component allows a remote attacker who has compromised the renderer process to bypass navigation restrictions by using a crafte...

9.8CVSS6AI score0.00413EPSS
Exploits0References445
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/29 1:4 p.m.8 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses cryptography-46.0.5-cp311-abi3-manylinux_2_34_x86_64.whl which is vulnerable to CVE-2026-34073, CVE-2026-39892

Summary IBM Maximo Application Suite - Visual Inspection component uses cryptography-46.0.5-cp311-abi3-manylinux234x8664.whl which is vulnerable to CVE-2026-34073, CVE-2026-39892, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details...

9.8CVSS6.2AI score0.00652EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/06/26 12:5 p.m.9 views

RLSA-2026:29195 Important: buildah security update

The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a...

7.5CVSS7.3AI score0.00728EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.8 views

RockyLinux 9 : runc (RLSA-2026:29702)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:29702 advisory. net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient...

7.5CVSS5.9AI score0.00728EPSS
Exploits0References7
NVD
NVD
added 2026/06/25 2:16 p.m.5 views

CVE-2026-46734

Dell Display and Peripheral Manager DDPM Mac, versions prior to 2.3, contain an Improper Certificate Validation vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Protection mechanism bypass...

7.8CVSS0.00064EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 2:8 p.m.23 views

CVE-2026-57536

CVE-2026-57536 affects the pretix-mollie payment integration, where payment status responses are not properly validated. An attacker could reuse a successful payment status from one payment and apply it to a different payment, potentially gaining access to multiple valid tickets with a single pay...

6.3CVSS5.9AI score0.00257EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/06/25 12:59 p.m.8 views

CVE-2026-42388

Incomplete validation of the SOA record present in a catalog zone might lead to a crash...

5.9CVSS5.8AI score0.004EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.7 views

PT-2026-52146

Name of the Vulnerable Software and Affected Versions Quest NetVault Backup affected versions not specified Description A flaw in the processing of NVBURASDevice JSON-RPC messages allows remote attackers to execute arbitrary code in the context of NETWORK SERVICE. The issue stems from insufficien...

8.8CVSS7.6AI score0.00689EPSS
Exploits0References8
Rows per page
Query Builder