Lucene search
K

19064 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/06/23 5:57 p.m.3 views

Security Bulletin:IBM HTTP Server shipped with IBM OpenPages is vulnerable to multiple vulnerabilities

Summary IBM HTTP Server used by IBM WebSphere Application Server, that is shipped as a supporting program of IBM OpenPages. Information about multiple vulnerabilities affecting IBM HTTP Server has been published in a security bulletin. These products have addressed the applicable CVEs. For a...

9.8CVSS6.8AI score0.00488EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/23 4:5 p.m.3 views

Security Bulletin: Multiple Vulnerabilities have been identified in IBM WebSphere Application Server and WebSphere Application Server Liberty shipped with IBM WebSphere Remote Server

Summary IBM WebSphere Application Server and WebSphere Application Server Liberty is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM WebSphere Application Server and WebSphere Application Server Liberty have been published in a security bulletin...

9.8CVSS5.8AI score0.00409EPSS
Exploits0Affected Software1
Nuclei
Nuclei
added 2026/06/23 5:8 a.m.16 views

Blueimp jQuery-File-Upload v9.22.0 - Unrestricted File Upload

Blueimp jQuery-File-Upload v9.22.0 contains an unauthenticated arbitrary file upload caused by insufficient validation in the upload component, letting remote attackers upload malicious files, exploit requires no authentication. id: CVE-2018-9206 info: name: Blueimp jQuery-File-Upload v9.22.0 -...

9.8CVSS7.5AI score0.97107EPSS
Exploits15References4
CVE
CVE
added 2026/06/23 12:53 a.m.42 views

CVE-2026-11833

CVE-2026-11833 affects FAST/TOOLS (RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) from R9.01 to R10.04 and CI Server (all packages) from R1.01 to R1.04. The web server may return a response containing CI Server setting information, which could be exploited by an attacker for other attacks. The CVSS4 scor...

8.2CVSS5.7AI score0.00217EPSS
Exploits0References1
OSV
OSV
added 2026/06/23 12:0 a.m.3 views

ALSA-2026:28212 Important: nginx:1.24 security update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: nginx: ngxhttprewritemodule: code execution and denial of service CVE-2026-9256 For more details about the security issues, including the impac...

9.2CVSS6.3AI score0.04261EPSS
Exploits3References4
NVD
NVD
added 2026/06/22 11:16 p.m.9 views

CVE-2026-48746

vLLM is an inference and serving engine for large language models LLMs. From 0.3.0 until 0.22.0, a vulnerability in ASGI web servers and starlette's trust on those web servers enables an authentication bypass of the OpenAI API AuthenticationMiddleware. It allows to use the API without providing t...

9.1CVSS0.01014EPSS
Exploits0References10
Cvelist
Cvelist
added 2026/06/22 9:57 p.m.73 views

CVE-2026-48746 vLLM: OpenAI auth bypass

vLLM is an inference and serving engine for large language models LLMs. From 0.3.0 until 0.22.0, a vulnerability in ASGI web servers and starlette's trust on those web servers enables an authentication bypass of the OpenAI API AuthenticationMiddleware. It allows to use the API without providing t...

9.1CVSS0.01014EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/22 9:57 p.m.3 views

CVE-2026-48746 vLLM: OpenAI auth bypass

vLLM is an inference and serving engine for large language models LLMs. From 0.3.0 until 0.22.0, a vulnerability in ASGI web servers and starlette's trust on those web servers enables an authentication bypass of the OpenAI API AuthenticationMiddleware. It allows to use the API without providing t...

9.1CVSS5.9AI score0.01014EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/22 3:18 p.m.9 views

Important: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.62 SP4 security update

Red Hat JBoss Core Services Apache HTTP Server 2.4.62 Service Pack 4 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.8CVSS6.5AI score0.11471EPSS
Exploits9References12
RedHat Linux
RedHat Linux
added 2026/06/22 3:13 p.m.6 views

httpd: mod_proxy_ajp: off-by-one out-of-bounds reads in AJP getter functions

A flaw was found in the modproxyajp module of httpd. When processing AJP Apache JServ Protocol messages, the AJP getter functions attempt to read data beyond the allocated buffer size, allowing an attacker or a malformed request to cause an out-of-bounds read. This issue leads to a denial of...

5.3CVSS6AI score0.00393EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/22 3:13 p.m.7 views

Apache HTTP Server: mod_proxy_ajp: Apache HTTP Server mod_proxy_ajp: Arbitrary code execution via heap-based buffer overflow

A flaw was found in modproxyajp of Apache HTTP Server. This heap-based buffer overflow vulnerability allows a remote attacker, by connecting to a malicious AJP Apache JServ Protocol server, to send a specially crafted message. This message can cause modproxyajp to write attacker-controlled data...

9.8CVSS6.8AI score0.01325EPSS
Exploits0References5
OSV
OSV
added 2026/06/22 2:28 p.m.2 views

SUSE-SU-2026:22319-1 Security update for dnsdist

This update for dnsdist fixes the following issues - CVE-2026-0396: crafted DNS queries can allow to inject HTML content bsc1261236. - CVE-2026-0397: CORS misconfiguration can lead to information disclosure bsc1261237. - CVE-2026-24028: crafted DNS response packet can lead to an out-of-bounds rea...

9.1CVSS5.8AI score0.01073EPSS
Exploits0References37
Cvelist
Cvelist
added 2026/06/22 2:16 p.m.33 views

CVE-2026-8858 WebSphere Application Server is Affected By Denial of Service, HTTP Request Smuggling, and Remote Code Execution Vulnerabilities in IBM WebSphere Application Server Liberty [, , , , ]

IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to remote code execution and denial of service in the WebSphere Web Server Plug-in component. This vulnerability can be exploited when an attacker impersonates the application server and sends crafted...

7.5CVSS0.0026EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/22 2:16 p.m.7 views

EUVD-2026-38284

IBM i 7.6, 7.5, 7.4, and 7.3, IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to remote code execution and denial of service in the WebSphere Web Server Plug-in component. This vulnerability can be exploited when an attacker impersonates the applicatio...

7.5CVSS6.5AI score0.0026EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/19 2:16 p.m.27 views

CVE-2016-20086 Vembu StoreGrid 4.0 Unquoted Service Path Privilege Escalation

Vembu StoreGrid 4.0 contains an unquoted service path vulnerability in the RemoteBackup and RemoteBackupwebServer services that allows local attackers to escalate privileges. Attackers can place a malicious executable in the unquoted path and restart the service to execute code with LocalSystem...

8.5CVSS0.00114EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in Apache2

Apache HTTP Server 2.4.52 and earlier fail to close inbound connections when errors occur during the discarding of the request body, exposing the server to HTTP Request Smuggling attacks...

9.8CVSS7.1AI score0.28189EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.9 views

Astra Linux – Vulnerability in JRuby

In Ruby, WEBrick::HTTPAuth::DigestAuth from versions 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 causes a denial-of-service attack due to a regular expression issue related to looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth to the internet or a trusted...

7.8CVSS6.8AI score0.05128EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.16 views

Astra Linux – Vulnerability in mod-wsgi

A vulnerability was discovered in modwsgi. The X-Client-IP header is not removed from a request sent from a trusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application. The condition necessary to remove the X-Client-IP header is missing...

7.5CVSS6.8AI score0.0069EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2026/06/19 1:52 a.m.9 views

SUSE CVE-2026-42530

NGINX Open Source has a vulnerability in the ngxhttpv3module module. When NGINX Open Source is configured to use the HTTP/3 QUIC module, a remote unauthenticated attacker along with conditions beyond their control can use a specially crafted HTTP/3 session to reopen a QPACK encoder stream. This m...

8.1CVSS6.3AI score0.03225EPSS
Exploits3References3
OSV
OSV
added 2026/06/19 12:0 a.m.4 views

UBUNTU-CVE-2026-42055

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the proxyhttpversion to 2 or grpcpass directives are used to proxy HTTP/2 traffic, the ignoreinvalidheaders directive is set to off, and the...

9.2CVSS6.5AI score0.02838EPSS
Exploits1References4
Rows per page
Query Builder