Lucene search
K

4639 matches found

CVE
CVE
added 2026/07/01 7:55 a.m.25 views

CVE-2026-10539

The vulnerability CVE-2026-10539 affects Control-M/Server versions 9.0.20.x through 9.0.21.200 (and potentially earlier unsupported versions). It is caused by insufficient filtering/sanitization of user-supplied input in a Control-M/Server communication command, which could allow an unauthenticat...

9.5CVSS5.9AI score0.00235EPSS
Exploits0References1
OSV
OSV
added 2026/06/30 11:39 p.m.2 views

BIT-GHOST-2026-53945 Ghost: Server-side request forgery via DNS rebinding in external request handling

Ghost is a Node.js content management system. From 6.0.9 until 6.21.1, Ghost’s private-IP check for outbound HTTP requests could be bypassed via DNS rebinding, allowing an attacker to coerce the Ghost server into reaching hosts on internal networks through features that issue external fetches. Th...

4CVSS5.8AI score0.0014EPSS
Exploits0References2
CVE
CVE
added 2026/06/30 10:5 p.m.15 views

CVE-2026-54696

CVE-2026-54696 affects the Ruby JSON gem, specifically versions 2.9.0 through 2.19.8. The issue is a heap buffer overflow that occurs when the JSON generator handles an oversized streamed object written via JSON.dump(obj, io) or JSON::State#generate(obj, io). If a streamed object contains an atta...

3.7CVSS6AI score0.00301EPSS
Exploits0References2
NVD
NVD
added 2026/06/30 8:17 p.m.5 views

CVE-2026-7874

IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow disclosure of all stored credentials due to the use of a weak and reversible key derivation mechanism for encryption at rest...

9.1CVSS0.00164EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/30 7:53 p.m.38 views

CVE-2026-10560 Unauthenticated Access to Private Flow Build Events and Cancellation in Langflow OSS

IBM Langflow OSS 1.0.0 through 1.9.6 contains a missing authentication vulnerability in /api/v1/buildpublictmp/ endpoints that allows an unauthenticated attacker to read build event data or cancel jobs using a valid job identifier, resulting in information disclosure and denial of service...

8.2CVSS0.00272EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/30 7:43 p.m.39 views

CVE-2026-11806 IBM WebSphere Application Server Liberty is affected by a an arbitrary file read vulnerability

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 is affected by an arbitrary file read vulnerability with the restConnector-2.0 feature enabled...

7.2CVSS0.00472EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/30 7:43 p.m.6 views

EUVD-2026-40394

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 is affected by an arbitrary file read vulnerability with the restConnector-2.0 feature enabled...

7.2CVSS5.9AI score0.00472EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/30 7:15 p.m.6 views

EUVD-2026-40383

IBM Langflow OSS 1.0.0 through 1.10.0 could allow arbitrary code execution due to improper validation of flow nodes with missing or empty component type fields...

9.8CVSS6.4AI score0.00357EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 7:14 p.m.20 views

CVE-2026-7871

CVE-2026-7871 affects IBM Langflow OSS 1.0.0–1.10.0. A deserialization flaw in the Redis cache backend allows attackers with Redis access to execute arbitrary code with full application privileges, compromising secrets, data, and system integrity. IBM notes the issue arises from unsafe deserializ...

9.8CVSS6.1AI score0.00386EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/30 7:11 p.m.7 views

EUVD-2026-40380

IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow disclosure of all stored credentials due to the use of a weak and reversible key derivation mechanism for encryption at rest...

9.1CVSS5.8AI score0.00164EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/30 5:20 p.m.4 views

Security Bulletin: IBM WebSphere eXtreme Scale's OQL is affected by remote code execution

Summary IBM WebSphere eXtremes Scale's OQL is affected by remote code execution CVE-2026-13772 Vulnerability Details CVEID:CVE-2026-13772 DESCRIPTION: WebSphere eXtreme Scale's Object Query Language engine resolves attacker-supplied class names via Class.forName and invokes their constructors wit...

9.9CVSS6.6AI score0.00283EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.9 views

PT-2026-53948

Name of the Vulnerable Software and Affected Versions IBM Langflow OSS versions 1.0.0 through 1.10.0 Description Users with access to Redis can execute arbitrary code with full application privileges. This allows for the compromise of all secrets, data, and system integrity. Recommendations At th...

9.8CVSS6.1AI score0.00386EPSS
Exploits0References3
NVD
NVD
added 2026/06/29 11:16 p.m.11 views

CVE-2026-8023

Zephyr's HTTP server subsys/net/lib/http provides a static-filesystem resource type HTTPRESOURCETYPESTATICFS, available when CONFIGFILESYSTEM is enabled that serves files from a configured root directory. Before this fix, both the HTTP/1 and HTTP/2 front-ends placed the raw, attacker-controlled...

7.5CVSS0.00912EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/29 8:13 p.m.7 views

Security Bulletin: Flow Validation Bypass via Empty Component Type Field

Summary A vulnerability in flow validation logic allowed attackers to bypass custom component restrictions by submitting flow nodes with empty or missing type fields. When custom components were disabled, the validator silently skipped nodes lacking a type value instead of blocking them, enabling...

9.8CVSS6.4AI score0.00357EPSS
Exploits0Affected Software1
CVE
CVE
added 2026/06/29 2:4 p.m.44 views

CVE-2026-55607

CVE-2026-55607 affects Claude Code 2.1.38–2.1.163; worktree handling allowed creation of ".git" worktrees and navigation outside the sandbox, enabling git directory confusion. Exploit via symlink manipulation and git fsmonitor during worktree operations could overwrite home-dir files (e.g., .zshe...

8.8CVSS6.3AI score0.00765EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.9 views

PT-2026-53745

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M1 through 11.0.22 Apache Tomcat versions 10.1.0-M1 through 10.1.55 Apache Tomcat versions 9.0.0.M1 through 9.0.118 Apache Tomcat versions 8.5.0 through 8.5.100 Apache Tomcat versions 7.0.0 through 7.0.109...

6.5CVSS5.8AI score0.0041EPSS
Exploits0References29
Tenable Nessus
Tenable Nessus
added 2026/06/27 12:0 a.m.9 views

EulerOS 2.0 SP15 : python-pillow (EulerOS-SA-2026-2461)

According to the versions of the python-pillow packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Pillow is a Python imaging library. Versions 10.3.0 through 12.1.1 did not limit the amount of GZIP- compressed data read when decoding a...

8.7CVSS7.2AI score0.00671EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/26 9:53 p.m.15 views

EUVD-2026-31686

Hackney has an infinite loop on non-token byte at start of an Alt-Svc entry...

8.7CVSS5.8AI score0.00703EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.16 views

Curl 8.18.0 < 8.21.0 QUIC Zero-Length UDP Datagrams DoS

The version of curl installed on the remote host is 8.18.0 prior to 8.21.0. It is, therefore, affected by a denial of service vulnerability: - An issue in curl's QUIC UDP receive function allows a malicious HTTP/3 server to trigger a remote denial of service by continuously streaming empty...

7.5CVSS6.3AI score0.0101EPSS
Exploits1References2
OSV
OSV
added 2026/06/25 5:17 p.m.3 views

ALPINE-CVE-2026-56123

socat versions 1.8.0.0 through 1.8.1.1 contain a heap-based buffer overflow vulnerability that allows a malicious SOCKS5 proxy server to overwrite adjacent heap memory by exploiting a sign-extension flaw in the DOMAINNAME reply parser. During connection setup, the domain name length byte is read...

9.8CVSS6AI score0.00308EPSS
Exploits0References1
Rows per page
Query Builder