Lucene search
+L

157 matches found

Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.15 views

PT-2026-32439

Occasional URL redirection to untrusted Site 'Open Redirect' vulnerability in Apache Tomcat via the LoadBalancerDrainingValve. This issue affects Apache Tomcat: from 11.0.0 through 11.0.18, from 10.1.0 through 10.1.52, from 9.0.0 through 9.0.115, from 8.5.30 through 8.5.100. Other, unsupported...

6.1CVSS5.8AI score0.00526EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/04/09 9:31 p.m.9 views

Apache Tomcat Missing Encryption of Sensitive Data vulnerability

Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor. This issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the...

7.5CVSS5.8AI score0.21691EPSS
Exploits6References12Affected Software2
Snyk
Snyk
added 2026/04/07 4:13 p.m.2 views

Missing Authorization

Overview Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Affected versions of this package are vulnerable to Missing Authorization in the admin changelist forms using ModelAdmin.listeditable. An attacker can gain unauthorized access to...

5.3CVSS5.9AI score0.00294EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.6 views

PT-2026-30827

Name of the Vulnerable Software and Affected Versions Apache Kafka versions 3.9.1 and earlier, 4.0.1 and earlier, and 4.1.1 and earlier Description A race condition in the Apache Kafka Java producer client’s buffer pool management can cause messages to be silently delivered to incorrect topics...

8.7CVSS5.8AI score0.00328EPSS
Exploits0References81
ATTACKERKB
ATTACKERKB
added 2026/04/02 3:55 p.m.4 views

CVE-2025-65114

Apache Traffic Server allows request smuggling if chunked messages are malformed. This issue affects Apache Traffic Server: from 9.0.0 through 9.2.12, from 10.0.0 through 10.1.1. Users are recommended to upgrade to version 9.2.13 or 10.1.2, which fix the issue...

5.8AI score0.00428EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/04/01 10:7 a.m.5 views

CLEANSTART-2026-FQ05951 Security fixes for CVE-2025-0913, CVE-2025-15558, CVE-2025-4673, CVE-2025-47907, CVE-2025-58181, CVE-2025-62156, CVE-2025-62157, CVE-2026-24051, CVE-2026-25934, CVE-2026-27141, ghsa-2x5j-vhc8-9cwm, ghsa-37cx-329c-33x3, ghsa-c2hv-4pfj-mm2r, ghsa-cfpf-hrx2-8rv6, ghsa-p436-gjf2-799p, ghsa-p84v-gxvw-73pf applied in versions: 3.6.13-r0, 3.6.15-r1, 3.6.18-r0, 3.6.19-r0, 3.6.19-r1, 3.7.0-r0, 3.7.3-r0

Multiple security vulnerabilities affect the argo-workflows-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

8.8CVSS6.8AI score0.0058EPSS
Exploits1References27
Snyk
Snyk
added 2026/03/11 4:38 a.m.3 views

Incorrect Authorization

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Incorrect Authorization. Adobe Vulnerability Report:This vulnerability could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass...

8.7CVSS5.8AI score0.0056EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/11 4:38 a.m.3 views

Incorrect Authorization

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Incorrect Authorization. Adobe Vulnerability Report:This vulnerability could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass...

4.7CVSS5.8AI score0.00211EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/24 12:0 a.m.14 views

PT-2026-21791

Name of the Vulnerable Software and Affected Versions Mautic versions prior to 4.4.19 Mautic versions prior to 5.2.10 Mautic versions prior to 6.0.8 Mautic versions prior to 7.0.1 Description A SQL injection issue exists in the API endpoint used for retrieving contact activities. The vulnerabilit...

8.8CVSS5.7AI score0.00289EPSS
Exploits0References14
RedhatCVE
RedhatCVE
added 2026/02/23 1:32 p.m.7 views

CVE-2025-65995

When a DAG failed during parsing, Airflow’s error-reporting in the UI could include the full kwargs passed to the operators. If those kwargs contained sensitive values such as secrets, they might be exposed in the UI tracebacks to authenticated users who had permission to view that DAG. The issue...

6.5CVSS5.2AI score0.00801EPSS
Exploits0References1
SUSE Linux
SUSE Linux
added 2026/02/04 12:46 p.m.4 views

Security update for rekor

This update for rekor fixes the following issues: Security fixes: CVE-2025-58058: Fixed github.com/ulikunitz/xz leaks memory bsc1248910 CVE-2025-29923: Fixed potential out of order responses when CLIENT SETINFO times out during connection establishment bsc1241153 Other fixes: Update to version...

6.9CVSS6AI score0.00694EPSS
Exploits0References10
Snyk
Snyk
added 2026/02/03 11:48 a.m.5 views

Open Redirect

Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Open Redirect via insufficient validation of redirect parameters in the OAuth login flow. An attacker can redirect authenticated users to malicious sites by crafting a specially designed URL...

6.1CVSS5.5AI score0.00226EPSS
Exploits0References2
SUSE Linux
SUSE Linux
added 2026/01/21 9:32 a.m.3 views

Security update for postgresql17, postgresql18

This update for postgresql17, postgresql18 fixes the following issues: Changes in postgresql18: Fix build with uring for post SLE15 code streams. Update to 18.1: https://www.postgresql.org/about/news/p-3171/ https://www.postgresql.org/docs/release/18.1/ bsc1253332, CVE-2025-12817: Missing check f...

8.8CVSS5.8AI score0.00332EPSS
Exploits0References8
OSV
OSV
added 2026/01/15 9:23 a.m.4 views

SUSE-SU-2026:20357-1 Security update for elemental-toolkit, elemental-operator

This update for elemental-toolkit, elemental-operator fixes the following issues: elemental-operator: - Update to v1.7.4: Bump github.com/rancher-sandbox/go-tpm and its dependencies This bump includes few CVE fixes: bsc1241826 CVE-2025-22872 bsc1241857 CVE-2025-22872 bsc1251511 CVE-2025-47911...

7.5CVSS6.8AI score0.00632EPSS
Exploits2References14
Atlassian
Atlassian
added 2026/01/14 6:28 p.m.19 views

File Inclusion tar-fs Dependency in Confluence Data Center and Server

This High severity File Inclusion vulnerability known as CVE-2025-59343 was introduced in version 7.19 of Confluence Data Center and Server. This File Inclusion vulnerability, with a CVSS Score of 8.7 and a CVSS Vector of CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N allows an...

8.7CVSS5.6AI score0.00516EPSS
Exploits0
NVD
NVD
added 2026/01/14 12:16 p.m.6 views

CVE-2025-66169

Cypher Injection vulnerability in Apache Camel camel-neo4j component. This issue affects Apache Camel: from 4.10.0 before 4.10.8, from 4.14.0 before 4.14.3, from 4.15.0 before 4.17.0 Users are recommended to upgrade to version 4.10.8 for 4.10.x LTS and 4.14.3 for 4.14.x LTS and 4.17.0...

5.3CVSS0.00613EPSS
Exploits0References2
OSV
OSV
added 2026/01/14 11:45 a.m.6 views

CVE-2025-66169 Apache Camel Neo4j: Cypher injection vulnerability in Camel-Neo4j component

Cypher Injection vulnerability in Apache Camel camel-neo4j component. This issue affects Apache Camel: from 4.10.0 before 4.10.8, from 4.14.0 before 4.14.3, from 4.15.0 before 4.17.0 Users are recommended to upgrade to version 4.10.8 for 4.10.x LTS and 4.14.3 for 4.14.x LTS and 4.17.0...

5.3CVSS5.9AI score0.00613EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/01/10 12:0 a.m.10 views

PT-2026-2216

Name of the Vulnerable Software and Affected Versions Ghost versions 5.105.0 through 5.130.5 Ghost versions 6.0.0 through 6.10.3 Description Ghost is a Node.js content management system. A flaw in Ghost’s 2FA mechanism permits staff users to bypass email 2FA. The issue affects the two-factor...

8.1CVSS6.6AI score0.00367EPSS
Exploits0References11
CVE
CVE
added 2026/01/02 8:32 a.m.19 views

CVE-2025-15437

LigeroSmart (up to 6.1.24) has a cross-site scripting vulnerability in the Environment Variable Handler, triggered by manipulation of the REQUEST_URI argument. The attack can be initiated remotely and an exploit has been publicly disclosed. Remediation: upgrade to LigeroSmart 6.1.26 or 6.3; patch...

5.4CVSS3.5AI score0.00242EPSS
Exploits1References8Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/17 8:7 a.m.6 views

CVE-2025-68113

ALTCHA is privacy-first software for captcha and bot protection. A cryptographic semantic binding flaw in ALTCHA libraries allows challenge payload splicing, which may enable replay attacks. The HMAC signature does not unambiguously bind challenge parameters to the nonce, allowing an attacker to...

6.5CVSS6.7AI score0.00272EPSS
Exploits0References1
Rows per page
Query Builder