Lucene search
K

777 matches found

EUVD
EUVD
added yesterday5 views

EUVD-2026-40388

IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 ships three ObjectInputStream subclasses WsObjectInputStream, ObjectStreamPool$ReusableInputStream, ObjectInputStreamResolver that install no JEP-290 class filter; when Coherence is on the classpath, multiple RCE gadget chains including...

7.5CVSS6.2AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added yesterday2 views

Linux Distros Unpatched Vulnerability : CVE-2026-6412

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Certificate policy and RFC 8446 compliance concerns regarding the continued acceptance of SHA-1/MD5 in certificate processing. CVE-2026-6412 Note that Nessus...

4.3CVSS5.8AI score0.00074EPSS
Exploits0References3
NVD
NVD
added 2 days ago9 views

CVE-2026-40524

FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the getgltransactions function where the filtertype parameter is concatenated directly into a SQL IN clause without parameterization. Attackers with SAGLANALYTIC permission can inject arbitrary SQL by supplying a closing...

8.1CVSS0.00276EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 5 days ago6 views

CVE-2026-55441

mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.6.4, mise's trust feature gates config files mise.toml, .tool-versions through trustcheck, but task-include files are loaded on a path that never reaches it. When a directory has a task-include dir mise-tasks/,...

8.6CVSS5.9AI score0.00184EPSS
Exploits0References2Affected Software1
NVD
NVD
added 6 days ago6 views

CVE-2026-9799

A flaw was found in org.keycloak.authorization. An authenticated user with a granted User-Managed Access UMA permission ticket for one resource can exploit this by using a specific permission request prefix to bypass per-resource access control. This allows the user to gain unauthorized access to...

4.6CVSS0.00175EPSS
Exploits0References6
OSV
OSV
added 6 days ago2 views

MINI-22HW-44RW-Q6R4

Bulletin has no description...

7.5CVSS6.5AI score0.0064EPSS
Exploits1
OSV
OSV
added 6 days ago2 views

MINI-53X2-G473-3QPW

Bulletin has no description...

7.5CVSS5.8AI score0.00273EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/06/24 2:8 p.m.5 views

CVE-2026-12986

A critical vulnerability in Admin GUI in Payara Server Full 4.x, 5.x, 6.x, 7.x, 7.2026.x, 6.2025.x, 6.2024.x on All platforms that allows the attacker to leak the admin gfresttoken to an attacker-controlled host that can result in a full unauthenticated takeover of Payara admin domain. A...

8.8CVSS6.6AI score0.00181EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-8924

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - curl - None Ubuntu Linux - A flaw in curl's cookie parsing logic allows a malicious HTTP server to set super cookies that bypass the Public Suffi...

5.8AI score
Exploits0References3
OSV
OSV
added 2026/06/22 12:8 p.m.2 views

SUSE-SU-2026:2487-1 Security update for rmt-server

This update for rmt-server fixes the following issues - CVE-2026-26961: rack: mismatch in header handling can allow to smuggle multipart content bsc1261398. - CVE-2026-26962: rack: improper unfolding of folded multipart headers can lead to header injection or response splitting bsc1261471. -...

7.5CVSS5.9AI score0.0043EPSS
Exploits0References22
NVD
NVD
added 2026/06/19 2:16 p.m.12 views

CVE-2026-9142

There is an insecure default credentials vulnerability in NI grpc-device when TLS configuration is not present and the server is bound beyond loopback. This may allow an unauthenticated user access to the server on the local network. This affects NI grpc-device 2.17.0 and prior versions...

9.3CVSS0.00308EPSS
Exploits0References2
OSV
OSV
added 2026/06/18 12:24 a.m.3 views

ECHO-3B3D-6365-FB28

Bulletin has no description...

8.3CVSS4.8AI score0.00222EPSS
Exploits0References1
OSV
OSV
added 2026/06/14 10:17 p.m.4 views

MINI-653Q-HR26-2VMV

Bulletin has no description...

6.1CVSS6.5AI score0.01946EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2026/06/10 1:39 p.m.33 views

Nezha has cross-site GET request that can trigger stored cron commands on a victim's agents

Summary The dashboard exposes the cron manual-trigger action as an authenticated GET /api/v1/cron/:id/manual endpoint. Dashboard JWTs are sent in the nz-jwt cookie and configured with SameSite=Lax, which browsers include on top-level cross-site GET navigations. Because this state-changing GET...

7.1CVSS5.7AI score0.00123EPSS
Exploits0References3Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 8:32 p.m.10 views

Malicious code in getd-eslint-rules (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 17328047b2ec8dce82cfbdfd5b16c8f862d51dca26b02c9801587c220a48975a On npm install, postinstall.js collects host identifiers os.hostname, os.userInfo username, os.platform, current working directory, CI environment...

5.5AI score
Exploits0References1
CVE
CVE
added 2026/06/09 4:3 p.m.40 views

CVE-2026-42766

The CVE-2026-42766 entry documents a NULL pointer dereference in OpenSSL’s CMS decryption for password-based CMS messages. Specifically, PasswordRecipientInfo.keyDerivationAlgorithm is OPTIONAL and may be absent; OpenSSL’s CMS decryption dereferences this field without checking, triggering an app...

5.9CVSS5.5AI score0.00595EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/06/09 4:0 p.m.5 views

MINI-V75P-C3RC-GQF7

Bulletin has no description...

5.4CVSS5.2AI score0.0016EPSS
Exploits1
OSV
OSV
added 2026/06/09 3:22 p.m.4 views

ECHO-2679-2ADC-AA61

Bulletin has no description...

8.3CVSS5.2AI score0.00222EPSS
Exploits0References1
OSV
OSV
added 2026/06/08 4:51 a.m.7 views

MINI-P3QR-J594-H2G3

Bulletin has no description...

5.2AI score0.00019EPSS
Exploits1
OSV
OSV
added 2026/06/06 4:6 a.m.3 views

MINI-VR54-GHQM-PQCQ

Bulletin has no description...

7.5CVSS5.2AI score0.00273EPSS
Exploits0
Rows per page
Query Builder