Lucene search
+L

8099 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.8 views

RHEL 8 : ruby:2.5 (RHSA-2026:33514)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:33514 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...

7.6CVSS5.8AI score0.00813EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/29 2:40 p.m.16 views

Important: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 3.1.10

Red Hat OpenShift Service Mesh 3.1.10 This update has a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. Red Hat OpenShift Service Mesh...

7.5CVSS6.8AI score0.00813EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/29 1:36 p.m.9 views

EUVD-2026-40112

Unauthenticated Insecure Direct Object References IDOR in Colissimo Officiel : Méthodes de livraison pour WooCommerce = 2.9.0 versions...

6.5CVSS5.8AI score0.00258EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/29 1:36 p.m.8 views

EUVD-2026-40103

Subscriber Broken Access Control in Wallet System for WooCommerce = 2.7.6 versions...

7.1CVSS5.8AI score0.00256EPSS
Exploits0References1
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-434 Remote unauthenticated attackers able to upload files in Onionshare

OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to upload files on a non-public node when using the --receive functionality...

9.8CVSS7.2AI score0.0232EPSS
Exploits1References7
OSV
OSV
added 2026/06/29 11:50 a.m.8 views

PYSEC-2026-515 Ray Path Traversal vulnerability

LFI in Ray's log API endpoint allows attackers to read any file on the server without authentication. The issue is fixed in version 2.8.1+. Ray maintainers response can be found here:...

9.3CVSS7AI score0.81512EPSS
Exploits22References7
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-261 NASA AIT-Core vulnerable to remote code execution

An issue in the API wait function of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary code via supplying a crafted string...

9.2CVSS6.1AI score0.00428EPSS
Exploits1References6
NVD
NVD
added 2026/06/29 9:16 a.m.12 views

CVE-2026-13546

A vulnerability was found in Feehi CMS up to 2.1.1. This vulnerability affects unknown code of the file /api/articles of the component REST API Endpoint. Performing a manipulation results in missing authentication. The attack may be initiated remotely. The exploit has been made public and could b...

7.5CVSS0.00383EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/29 7:15 a.m.7 views

CVE-2026-13546

A vulnerability was found in Feehi CMS up to 2.1.1. This vulnerability affects unknown code of the file /api/articles of the component REST API Endpoint. Performing a manipulation results in missing authentication. The attack may be initiated remotely. The exploit has been made public and could b...

7.5CVSS5.5AI score0.00383EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/29 6:45 a.m.8 views

CVE-2026-13544

A flaw has been found in Feehi CMS up to 2.1.1. Affected by this issue is some unknown functionality of the file /api/users of the component API. This manipulation causes improper access controls. The attack can be initiated remotely. The exploit has been published and may be used. The project wa...

6.5CVSS6.2AI score0.00214EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2026/06/29 6:45 a.m.40 views

CVE-2026-13544 Feehi CMS API users access control

A flaw has been found in Feehi CMS up to 2.1.1. Affected by this issue is some unknown functionality of the file /api/users of the component API. This manipulation causes improper access controls. The attack can be initiated remotely. The exploit has been published and may be used. The project wa...

6.5CVSS0.00214EPSS
Exploits0References8
OSV
OSV
added 2026/06/29 5:40 a.m.5 views

BIT-ENVOY-2026-47692 Envoy: PROXY Protocol v2 header generator emits "skipped" TLVs, causing 65 KB attacker-controlled spillover into the upstream application stream

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, PROXY Protocol v2 header generator emits TLVs beyond the maximum length of 65535 bytes, causing a mismatch between bytes written and the length field in th...

4.8CVSS5.8AI score0.00218EPSS
Exploits0References2
Amazon
Amazon
added 2026/06/29 12:0 a.m.10 views

Medium: ecs-init

Issue Overview: Denial of Service due to Panic in AWS SDK for Go v2 SDK EventStream Decoder Affected Packages: ecs-init Note: This advisory is applicable to Amazon Linux 2 - Ecs Extra. Visit this page to learn more about Amazon Linux 2 AL2 Extras and this FAQ section for the difference between AL...

5.8AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2026/06/29 12:0 a.m.11 views

The vulnerabilities of the ngx_http_proxy_v2_module and ngx_http_grpc_module modules in NGINX Plus and NGINX Open Source web servers allow attackers to execute arbitrary code or cause service interruptions.

The vulnerability of the ngxhttpproxyv2module and ngxhttpgrpcmodule modules in NGINX Plus and NGINX Open Source web servers stems from the execution of operations outside of the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause service...

8.1CVSS6.8AI score0.03552EPSS
Exploits1References3Affected Software11
NVD
NVD
added 2026/06/28 12:17 p.m.10 views

CVE-2026-13489

A weakness has been identified in 78 xiaozhi-esp32 up to 2.2.6. Affected by this issue is the function ParseMessage of the file main/mcpserver.cc of the component MCP Response Handler. This manipulation causes improper synchronization. Remote exploitation of the attack is possible. The attack's...

3.1CVSS0.00228EPSS
Exploits0References7
NVD
NVD
added 2026/06/28 12:17 p.m.11 views

CVE-2026-13491

A vulnerability was detected in 78 xiaozhi-esp32 up to 2.2.6. This vulnerability affects the function Application::GetInstance of the file main/protocols/mqttprotocol.cc of the component MQTT Goodbye Handler. Performing a manipulation of the argument sessionid results in denial of service. The...

6.3CVSS0.00411EPSS
Exploits0References8
CVE
CVE
added 2026/06/28 10:45 a.m.16 views

CVE-2026-13489

The CVE-2026-13489 entry describes a vulnerability in 78 xiaozhi-esp32

3.1CVSS5.1AI score0.00228EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/28 12:0 a.m.15 views

PT-2026-53102

Name of the Vulnerable Software and Affected Versions xiaozhi-esp32 versions prior to 2.2.7 Description A weakness in the MCP Response Handler component allows for improper synchronization. This issue occurs within the ParseMessage function located in the main/mcp server.cc file. Remote...

3.1CVSS5.7AI score0.00228EPSS
Exploits0References12
Fedora
Fedora
added 2026/06/27 12:56 a.m.6 views

[SECURITY] Fedora 43 Update: util-linux-2.41.5-1.fc43

The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function. Among others, util-linux contains the fdisk configuration tool and the login program...

5.8AI score
Exploits0
EUVD
EUVD
added 2026/06/26 11:0 p.m.14 views

EUVD-2026-36599

Nezha Monitoring: Authenticated users can claim the dashboard Host through NAT and preempt all dashboard routing...

6.5CVSS5.8AI score0.00282EPSS
Exploits0References2
Rows per page
Query Builder