Lucene search
K

3317 matches found

NVD
NVD
added 2026/04/22 12:16 a.m.6 views

CVE-2026-41126

BigBlueButton is an open-source virtual classroom. Versions prior to 3.0.24 have an Open Redirect through bigbluebutton/api/join via get-parameter "logoutURL." Version 3.0.24 has adjusted the handling of requests with incorrect checksum so that the default logoutURL is used. No known workarounds...

4.3CVSS0.00231EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.10 views

PT-2026-34554

Impact HistoryTreeProof::verify panics on a malformed proof where history.len != positions.len due to assert eq!history.len, positions.len. The proof object is derived from untrusted p2p responses ResponseTransactionsProof.proof and is therefore attacker-controlled at the network boundary until...

3.1CVSS5.8AI score0.00318EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.12 views

PT-2026-34543

nimiq-libp2p is a Nimiq network implementation based on libp2p. Prior to version 1.3.0, MessageCodec::read request and read response call read to end on inbound substreams, so a remote peer can send only a partial frame and keep the substream open. because Behaviour::new also sets with max...

5.3CVSS5.8AI score0.00297EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/04/21 11:24 p.m.3 views

CVE-2026-41127

BigBlueButton is an open-source virtual classroom. Versions prior to 3.0.24 have a missing authorization that allows viewers to inject/overwrite captions Version 3.0.24 tightened the permissions on who is able to submit captions. No known workarounds are available...

6.5CVSS5.8AI score0.00178EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/04/21 11:24 p.m.7 views

EUVD-2026-24565

BigBlueButton is an open-source virtual classroom. Versions prior to 3.0.24 have a missing authorization that allows viewers to inject/overwrite captions Version 3.0.24 tightened the permissions on who is able to submit captions. No known workarounds are available...

6.5CVSS5.8AI score0.00178EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/21 11:22 p.m.4 views

CVE-2026-41126 BigBlueButton has Open Redirect through bigbluebutton/api/join via get-parameter "logoutURL"

BigBlueButton is an open-source virtual classroom. Versions prior to 3.0.24 have an Open Redirect through bigbluebutton/api/join via get-parameter "logoutURL." Version 3.0.24 has adjusted the handling of requests with incorrect checksum so that the default logoutURL is used. No known workarounds...

4.3CVSS5.8AI score0.00231EPSS
Exploits0References1
NVD
NVD
added 2026/04/21 8:17 p.m.7 views

CVE-2026-41320

Frappe HR is an open-source human resources management solution HRMS. Prior to versions 15.54.0 and 14.38.1, a specially crafted request made to a certain endpoint could result in SQL injection, allowing an attacker to extract information they wouldn't otherwise be able to. Versions 15.54.0 and...

6.5CVSS0.0022EPSS
Exploits0References1
CVE
CVE
added 2026/04/21 7:34 p.m.9 views

CVE-2026-41320

Frappe HR (open-source HRMS) has a SQL injection vulnerability affecting versions prior to 15.54.0 and 14.38.1, exploitable via a specially crafted request to a specific endpoint. The root cause is improper input handling leading to information disclosure. A fix is included in versions 15.54.0 an...

6.5CVSS5.8AI score0.0022EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/04/21 7:32 p.m.9 views

CVE-2026-40889

CVE-2026-40889 concerns Frappe HR (HRMS) and describes an Improper Access Control on Files . Before versions 15.58.2 and 16.4.2 , authenticated users could access files they should not be able to view by abusing a vulnerable API endpoint. The affected line items indicate that the vulnerability re...

6.5CVSS5.8AI score0.00231EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.9 views

PT-2026-34217

Name of the Vulnerable Software and Affected Versions BigBlueButton versions prior to 3.0.24 Description An open redirect exists in the 'bigbluebutton/api/join' endpoint through the logoutURL parameter. This occurs when requests with incorrect checksums are handled improperly, allowing a redirect...

4.3CVSS5.3AI score0.00231EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.4 views

PT-2026-34218

Name of the Vulnerable Software and Affected Versions BigBlueButton versions prior to 3.0.24 Description A missing authorization allows viewers to inject or overwrite captions. Recommendations Update to version 3.0.24...

6.5CVSS5.1AI score0.00178EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/17 12:0 a.m.14 views

PT-2026-33539

Name of the Vulnerable Software and Affected Versions libgphoto2 versions prior to 2.5.34 Description An out of bound read occurs in the ptp unpack EOS FocusInfoEx function when processing input from untrusted USB devices, which can lead to a crash of the library. Recommendations Update to a...

6.1CVSS5.8AI score0.00218EPSS
Exploits0References34
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/16 1:14 p.m.11 views

Security Bulletin: IBM SOAR QRadar Plugin App is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM SOAR QRadar Plugin App has addressed the applicable CVEs with an update. Vulnerability Details CVEID:CVE-2026-24049 DESCRIPTION: wheel is a command line tool...

7.1CVSS6.3AI score0.00311EPSS
Exploits2Affected Software1
Cisco
Cisco
added 2026/04/15 4:0 p.m.16 views

Cisco ThousandEyes Enterprise Agent Arbitrary File Overwrite Vulnerability

A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent could allow an authenticated, local attacker with low privileges to overwrite arbitrary files on the local system of an affected device. This vulnerability is due to improper access controls on files that are on the local file syst...

5.5CVSS5.9AI score0.00129EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/14 5:34 p.m.26 views

CVE-2026-24907 October CMS has Stored XSS via Event Log Mail Preview

October is a Content Management System CMS and web platform. Versions prior to 3.7.14 and 4.1.10 contain a stored cross-site scripting XSS vulnerability in the Event Log mail preview feature. When viewing logged mail messages, HTML content was rendered in an iframe without proper sandboxing,...

5.1CVSS0.00198EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/04/14 1:7 a.m.6 views

AsyncHttpClient leaks authorization credentials to untrusted domains on cross-origin redirects

Impact When redirect following is enabled followRedirecttrue, AsyncHttpClient forwards Authorization and Proxy-Authorization headers along with Realm credentials to arbitrary redirect targets regardless of domain, scheme, or port changes. This leaks credentials on cross-domain redirects and...

6.8CVSS5.5AI score0.00326EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/03 9:59 p.m.16 views

LiteLLM: Authentication bypass via OIDC userinfo cache key collision

Impact When JWT authentication is enabled enablejwtauth: true, the OIDC userinfo cache uses token:20 as the cache key. JWT headers produced by the same signing algorithm generate identical first 20 characters. This configuration option is not enabled by default. Most instances are not affected. A...

9.4CVSS5.9AI score0.0049EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/03 3:28 a.m.15 views

Go JOSE Panics in JWE decryption

Impact Decrypting a JSON Web Encryption JWE object will panic if the alg field indicates a key wrapping algorithm one ending in KW, with the exception of A128GCMKW, A192GCMKW, and A256GCMKW and the encryptedkey field is empty. The panic happens when cipher.KeyUnwrap in keywrap.go attempts to...

7.5CVSS6AI score0.00651EPSS
Exploits0References4Affected Software3
Cisco
Cisco
added 2026/04/01 4:0 p.m.21 views

Cisco Integrated Management Controller Command Injection and Remote Code Execution Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Integrated Management Controller IMC could allow an authenticated, remote attacker to execute arbitrary code or commands on the underlying operating system of an affected system and elevate privileges to root. For more...

8.8CVSS6.2AI score0.00929EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2026/04/01 12:46 p.m.4 views

Block the Prompt, Not the Work: The End of "Doctor No"

There is a character that keeps appearing in enterprise security departments, and most CISOs know exactly who that is. It doesn’t build. It doesn’t enable. Its entire function is to say "No." No to ChatGPT. No to DeepSeek. No to the file-sharing tool the product team swears by. For years, this...

6AI score
Exploits0
Rows per page
Query Builder