Lucene search
+L

5050 matches found

CVE
CVE
added 5 days ago11 views

CVE-2026-12707

CVE-2026-12707 affects Cloudflare quiche. After QUIC handshakes, an attacker can trigger unbounded queuing of PathEvent::ReusedSourceConnectionId during rapid source address migration, causing memory resource exhaustion. Affected component is quiche’s PathEvents collection (path_event_next() drai...

7.5CVSS6.1AI score0.00252EPSS
Exploits0References1
OSV
OSV
added 5 days ago4 views

SUSE-SU-2026:2976-1 Security update for afterburn

This update for afterburn fixes the following issues Update to version 5.10.0.git73.b97f772. Security issues fixed: - CVE-2026-41676: openssl: Deriver:derive and PkeyCtxRef:derive can overflow short buffers on OpenSSL 1.1.1 bsc1270175. - CVE-2026-41677: openssl: out-of-bounds read in PEM password...

9.3CVSS6.2AI score0.00559EPSS
Exploits1References19
CVE
CVE
added 6 days ago23 views

CVE-2026-58065

The CVE affects the Apache Airflow Git provider when performing git-over-SSH operations with StrictHostKeyChecking=no, which disables SSH host-key verification and enables MITM risk between an Airflow worker and the Git server. Deployments that clone over SSH using a deploy key or involve the Git...

8.1CVSS6.1AI score0.00461EPSS
Exploits0References3Affected Software1
RedHat Linux
RedHat Linux
added 6 days ago6 views

Important: Red Hat Security Advisory: go-toolset:rhel8 security, bug fix, and enhancement update

An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.6CVSS6.2AI score0.00939EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 6 days ago5 views

CVE-2026-53538

A flaw was found in Python-Multipart, a tool used for processing web form data. A remote attacker could exploit a vulnerability where the software incorrectly interprets certain characters as separators in web form data. This difference in interpretation compared to standard web practices allows ...

4.8CVSS6.1AI score0.00176EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 6 days ago10 views

PT-2026-57680

Authenticated SSRF in Gravitino JobManager allows server-side HTTP requests to internal network and cloud metadata endpoints via unvalidated job template URIs. A vulnerability in Apache Gravitino. This issue affects Apache Gravitino: from 1.0.0 through 1.2.1. Users are recommended to upgrade to...

6.5CVSS6.1AI score0.00502EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 6 days ago4 views

RHEL 8 : go-toolset:rhel8 (RHSA-2026:38995)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:38995 advisory. Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes:...

9.6CVSS5.9AI score0.00939EPSS
Exploits0References9
NVD
NVD
added 2026/07/12 9:16 a.m.7 views

CVE-2026-15488

A vulnerability was determined in hcr707305003 shiroiAdmin 1.1/1.3. Affected is the function FileController::upload of the file app/common/controller/FileController.php. Executing a manipulation of the argument File can lead to unrestricted upload. The attack may be launched remotely. The exploit...

7.5CVSS0.00291EPSS
Exploits0References7
EUVD
EUVD
added 2026/07/12 8:45 a.m.6 views

EUVD-2026-43210

A vulnerability was determined in hcr707305003 shiroiAdmin 1.1/1.3. Affected is the function FileController::upload of the file app/common/controller/FileController.php. Executing a manipulation of the argument File can lead to unrestricted upload. The attack may be launched remotely. The exploit...

7.5CVSS6.7AI score0.00291EPSS
Exploits0References7
CVE
CVE
added 2026/07/12 8:45 a.m.16 views

CVE-2026-15488

The CVE affects hcr707305003 shiroiAdmin versions 1.1/1.3 where FileController.php (FileController::upload) can be manipulated to trigger an unrestricted file upload. This could be exploited remotely. A public exploit exists. Upgrade to version 1.4 to address the issue (patch 3ecde28ea8a20a3840db...

7.5CVSS6.7AI score0.00291EPSS
Exploits0References7
OPENSUSE Linux
OPENSUSE Linux
added 2026/07/12 12:0 a.m.5 views

Security update for perl-CGI-Session (moderate)

openSUSE Security Update: Security update for perl-CGI-Session Announcement ID: openSUSE-SU-2026:0240-1 Rating: moderate References: 1269983 Cross-References: CVE-2026-56016 Affected Products: openSUSE Backports SLE-15-SP7 An update that fixes one vulnerability is now available. Description: This...

5.9CVSS5.3AI score0.00322EPSS
Exploits0References1
Snyk
Snyk
added 2026/07/10 8:32 p.m.5 views

Missing Authorization

Overview github.com/zitadel/zitadel/internal/api/oidc is a package for identity infrastructure Affected versions of this package are vulnerable to Missing Authorization in the OAuth2 Token Exchange process. An attacker can gain elevated permissions by exchanging a low-privilege token for higher...

8.6CVSS6.1AI score0.00231EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/10 8:31 p.m.7 views

Authorization Bypass Through User-Controlled Key

Overview snipe/snipe-it is an asset management system built on Laravel. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the assetid field in the API update process. An attacker can gain unauthorized access to assets outside their company...

7.7CVSS6.1AI score0.00218EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/10 7:16 a.m.6 views

CVE-2026-40452

Incorrect Authorization, Improper Access Control vulnerability in Apache IoTDB. Authorization bypass in /rest/v2/fastLastQuery exposes last-value data to unauthorized authenticated users. This issue affects Apache IoTDB: from 1.3.5 before 1.3.8, from 2.0.5 before 2.0.10. Users are recommended to...

7.5CVSS6.1AI score0.00256EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/07/10 7:15 a.m.31 views

CVE-2026-40009 Apache IoTDB: Authenticated users can escalate to full tree-path access by renaming themselves to __internal_auditor

Improper Privilege Management, Improper Access Control vulnerability in Apache IoTDB. Authenticated users can escalate to full tree-path access by renaming themselves to internalauditor. This issue affects Apache IoTDB: from 2.0.8 before 2.0.10. Users are recommended to upgrade to version 2.0.10,...

0.00209EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/10 7:12 a.m.10 views

EUVD-2026-42835

Uncontrolled Recursion, Uncontrolled Resource Consumption vulnerability in Apache IoTDB. When pipeairgapreceiverenabled=true, the IoTDB AirGap receiver's readLength method calls itself recursively each time it recognises the E-language prefix in socket data, with no depth limit. An unauthenticate...

7.5CVSS6.1AI score0.00278EPSS
Exploits0References1
OSV
OSV
added 2026/07/10 4:0 a.m.4 views

CVE-2026-15330 zhayujie CowAgent Vision Tool vision.py _download_to_data_url server-side request forgery

A vulnerability was determined in zhayujie CowAgent up to 2.1.1. Impacted is the function buildimagecontent/downloadtodataurl of the file agent/tools/vision/vision.py of the component Vision Tool. Executing a manipulation of the argument image can lead to server-side request forgery. The attack c...

6.9CVSS6.5AI score0.00352EPSS
Exploits0References11
Snyk
Snyk
added 2026/07/08 10:39 p.m.5 views

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview yt-dlp is an A youtube-dl fork with additional features and patches Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via improper validation of input in the --write-link, --write-url-link,...

9CVSS6.3AI score0.0064EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/08 10:39 p.m.5 views

Improper Authorization

Overview github.com/nats-io/nats-server/v2/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Improper Authorization via the queue subscription process. An attacker can gain unauthorized...

7.1CVSS6.1AI score0.00463EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/08 10:39 p.m.4 views

NULL Pointer Dereference

Overview github.com/nats-io/nats-server/v2/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to NULL Pointer Dereference via the leafnode handshake process. An attacker can cause the serve...

8.7CVSS6.1AI score0.00732EPSS
Exploits0References2
Rows per page
Query Builder