Lucene search
+L

54 matches found

RedHat Linux
RedHat Linux
added 2026/07/08 9:17 p.m.11 views

Important: Red Hat Security Advisory: Red Hat Advanced Cluster Management for Kubernetes v2.14.3 security update

Red Hat Advanced Cluster Management for Kubernetes 2.14 General Availability release images, which add new features and enhancements, bug fixes, and updated container images. Red Hat Advanced Cluster Management for Kubernetes 2.14 images Red Hat Advanced Cluster Management for Kubernetes provides...

10CVSS7AI score0.025EPSS
Exploits27References42
Cvelist
Cvelist
added 2026/07/08 8:16 p.m.34 views

CVE-2026-58211 NATS Server: `no_auth_user` pre-CONNECT fast path bypasses user connection restrictions

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, a client could be registered as the configured noauthuser through a parser path used when the first client operation was not CONNECT, bypassing user-level connection...

5.4CVSS0.00292EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.12 views

PT-2026-56537

Name of the Vulnerable Software and Affected Versions NATS Server versions prior to 2.14.0 NATS Server versions prior to 2.12.7 NATS Server versions prior to 2.11.16 Description An authenticated user with subscription deny permissions can bypass a plain subject deny rule by utilizing a queue...

6.5CVSS6.1AI score0.00463EPSS
Exploits0References13
OSV
OSV
added 2026/07/07 3:26 p.m.7 views

GO-2026-5869 Rancher has over-inclusive team membership expansion in GitHub App authentication provider in github.com/rancher/rancher

Rancher has over-inclusive team membership expansion in GitHub App authentication provider in github.com/rancher/rancher. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive...

8.8CVSS5.9AI score0.0037EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2026/06/23 9:0 p.m.8 views

CVE-2026-50193

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.13.0 until 2.14.0, a potential Denial-of-Service exists when attacker sends deeply nested JSON if and only if the service reads deeply nested 1000s of levels JSON as JsonNode...

7.5CVSS5.8AI score0.00616EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.20 views

PT-2026-51594

Name of the Vulnerable Software and Affected Versions jackson-databind versions 2.13.0 through 2.13.x Description A potential Denial-of-Service exists when a service reads deeply nested JSON thousands of levels as a JsonNode using the readTree function of ObjectMapper and subsequently writes that...

7.5CVSS5.9AI score0.00616EPSS
Exploits1References12
Patchstack
Patchstack
added 2026/06/15 5:18 p.m.12 views

NPM: launch-editor: NTLMv2 hash disclosure via UNC path handling on Windows

NPM: launch-editor: NTLMv2 hash disclosure via UNC path handling on Windows vulnerability discovered by ? in WordPress Npm launch-editor versions = 2.14.0...

5.5CVSS5.8AI score0.00322EPSS
Exploits0References2Affected Software1
SUSE CVE
SUSE CVE
added 2026/05/21 2:29 a.m.14 views

SUSE CVE-2026-33637

Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Versions 2.0.0 through 2.14.1 still allow protocol-relative host override when the request target is passed as a URI object rather than a String to Faraday::Connectionbuildexclusiveurl. This...

5.7AI score0.00272EPSS
Exploits1References3
OSV
OSV
added 2026/05/19 7:16 p.m.7 views

DEBIAN-CVE-2026-33637

Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Versions 2.0.0 through 2.14.1 still allow protocol-relative host override when the request target is passed as a URI object rather than a String to Faraday::Connectionbuildexclusiveurl. This...

6.5CVSS5.7AI score0.00272EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/19 5:44 p.m.7 views

CVE-2026-33637 Faraday: Protocol-relative URI objects still bypass host scoping (possible incomplete fix for GHSA-33mh-2634-fwr2)

Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Versions 2.0.0 through 2.14.1 still allow protocol-relative host override when the request target is passed as a URI object rather than a String to Faraday::Connectionbuildexclusiveurl. This...

5.7AI score0.00272EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/05/12 2:21 p.m.9 views

CVE-2026-42641

Server-Side Request Forgery SSRF vulnerability in ILLID Share This Image share-this-image allows Server Side Request Forgery.This issue affects Share This Image: from n/a through = 2.14...

5.4CVSS5.8AI score0.00141EPSS
Exploits0References1
OSV
OSV
added 2026/05/08 5:47 a.m.10 views

BIT-JRE-2026-23865

An integer overflow in the ttvarloaditemvariationstore function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. This issue is fixed in version 2.14.2...

5.3CVSS7.3AI score0.00141EPSS
Exploits0References5
OSV
OSV
added 2026/04/29 9:23 p.m.50 views

GHSA-537J-GQPC-P7FQ n8n Vulnerable to XSS via MCP OAuth client

Impact An unauthenticated attacker could register a malicious MCP OAuth client with a crafted clientname. If a victim user authorized the OAuth consent dialog and a second user subsequently revoked that access, a toast notification would render the injected script. Clicking the link would execute...

8.8CVSS6AI score0.00332EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/29 10:40 a.m.5 views

EUVD-2026-26212

Server-Side Request Forgery SSRF vulnerability in ILLID Share This Image share-this-image allows Server Side Request Forgery.This issue affects Share This Image: from n/a through = 2.14...

5.4CVSS5.1AI score0.00141EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/29 10:40 a.m.4 views

CVE-2026-42641

Server-Side Request Forgery SSRF vulnerability in ILLID Share This Image share-this-image allows Server Side Request Forgery.This issue affects Share This Image: from n/a through = 2.14...

5.4CVSS5.1AI score0.00141EPSS
Exploits0References2
Fedora
Fedora
added 2026/04/25 1:56 a.m.9 views

[SECURITY] Fedora 44 Update: freetype-2.14.3-1.fc44

The FreeType engine is a free and portable font rendering engine, developed to provide advanced font support for a variety of platforms and environments. FreeType is a library which can open and manages font files as well as efficiently load, hint and render individual glyphs. FreeType is not a...

5.3AI score
Exploits0
OSV
OSV
added 2026/04/01 9:37 a.m.4 views

CLEANSTART-2026-PE63912 Security fixes for CVE-2021-3538, CVE-2025-29923, CVE-2025-53547, CVE-2025-55198, CVE-2025-55199, CVE-2025-68121, CVE-2026-24051, CVE-2026-25679, CVE-2026-27139, CVE-2026-27141, CVE-2026-27142, CVE-2026-33186, ghsa-557j-xg8c-q2mm, ghsa-9h84-qmv7-982p, ghsa-f6x5-jh6r-wrfv, ghsa-f9f8-9pmf-xv68, ghsa-j5w8-q4qc-rx2x applied in versions: 2.14.2-r0, 2.14.2-r1, 2.15.0-r0, 2.15.0-r1

Multiple security vulnerabilities affect the harbor package. These issues are resolved in later releases. See references for individual vulnerability details...

10CVSS6.9AI score0.02307EPSS
Exploits3References30
Vulnrichment
Vulnrichment
added 2026/02/19 10:49 p.m.3 views

CVE-2026-26324 OpenClaw has a SSRF guard bypass via full-form IPv4-mapped IPv6 (loopback / metadata reachable)

OpenClaw is a personal AI assistant. Prior to version 2026.2.14, OpenClaw's SSRF protection could be bypassed using full-form IPv4-mapped IPv6 literals such as 0:0:0:0:0:ffff:7f00:1 which is 127.0.0.1. This could allow requests that should be blocked loopback / private network / link-local metada...

7.5CVSS5.5AI score0.00391EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/19 10:49 p.m.6 views

CVE-2026-26324

OpenClaw is a personal AI assistant. Prior to version 2026.2.14, OpenClaw's SSRF protection could be bypassed using full-form IPv4-mapped IPv6 literals such as 0:0:0:0:0:ffff:7f00:1 which is 127.0.0.1. This could allow requests that should be blocked loopback / private network / link-local metada...

7.5CVSS5.5AI score0.00391EPSS
Exploits0References4Affected Software1
Debian CVE
Debian CVE
added 2026/02/09 8:30 p.m.11 views

CVE-2026-25765

Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Prior to 2.14.1, Faraday's buildexclusiveurl method in lib/faraday/connection.rb uses Ruby's URImerge to combine the connection's base URL with a user-supplied path. Per RFC 3986,...

5.8CVSS5.6AI score0.00351EPSS
Exploits0
Rows per page
Query Builder