Lucene search
K

1936 matches found

NVD
NVD
added yesterday6 views

CVE-2026-55111

A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi Protect Floodlight devices to access files on the UniFi Protect Floodlight...

7.5CVSS
Exploits0References1
EUVD
EUVD
added 3 days ago4 views

EUVD-2026-40374

Nightingale n9e before 9.0.0-beta.2 exposes full datasource configurations, including plaintext database passwords, HTTP bearer tokens, HTTP basic-auth passwords, and mTLS client keys, to any authenticated low-privilege Standard role user through POST /api/n9e/datasource/list. The route is...

7.1CVSS5.8AI score0.00238EPSS
Exploits0References5
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-40091

HCL DevOps Deploy / HCL Launch is susceptible to an exposure of sensitive information vulnerability in output logs. This exposure could allow an attacker with access to the logs to potentially obtain sensitive values related to that step...

4.3CVSS5.8AI score0.00176EPSS
Exploits0References1
CVE
CVE
added 4 days ago10 views

CVE-2026-56457

The CVE concerns HCL DevOps Deploy / HCL Launch with a vulnerability that allows exposure of sensitive information via output logs. The description notes that an attacker with access to the logs could potentially obtain sensitive values associated with a step. The Connected CVE lists confirm the ...

4.3CVSS5.8AI score0.00176EPSS
Exploits0References1Affected Software2
OSV
OSV
added 4 days ago5 views

PYSEC-2026-358 InvokeAI Arbitrary File Deletion vulnerability

In invoke-ai/invokeai version v5.0.2, the web API POST /api/v1/images/delete is vulnerable to Arbitrary File Deletion. This vulnerability allows unauthorized attackers to delete arbitrary files on the server, potentially including critical or sensitive system files such as SSH keys, SQLite...

9.1CVSS7.5AI score0.01348EPSS
Exploits0References6
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/26 10:58 a.m.7 views

Security Bulletin: Multiple Security Vulnerabilities in IBM Sterling Partner Engagement Manager.

Summary Multiple vulnerabilities were addressed in IBM Sterling Partner Engagement Manager versions 6.3.0.0, 6.2.4.4, and 6.2.3.6. Vulnerability Details CVEID:CVE-2023-47038 DESCRIPTION: A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression i...

8.7CVSS6.2AI score0.02448EPSS
Exploits1Affected Software1
EUVD
EUVD
added 2026/06/25 6:32 p.m.10 views

EUVD-2026-37289

LangGraph SDK has unsafe URL path construction...

4.2CVSS5.8AI score0.00216EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/25 6:32 p.m.8 views

LangGraph SDK has unsafe URL path construction

Summary langgraph-sdk constructs HTTP request paths for resource operations by interpolating caller-supplied identifier values into URL templates. Without sanitization of those values, identifiers that contain characters with special meaning in URL paths could cause the resulting request to addre...

9.1CVSS5.7AI score0.00216EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.6 views

RHEL 9 : webkit2gtk3 (RHSA-2026:28148)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:28148 advisory. WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkitgtk: Processing maliciously...

8.8CVSS5.9AI score0.00693EPSS
Exploits0References34
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.10 views

RHEL 8 : webkit2gtk3 (RHSA-2026:28114)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:28114 advisory. WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkitgtk: Processing maliciously...

8.8CVSS6.7AI score0.00693EPSS
Exploits0References34
Cvelist
Cvelist
added 2026/06/22 6:56 p.m.32 views

CVE-2026-44272

Dell Wyse Management Suite WMS, versions prior to WMS 2605, contain an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access...

8.8CVSS0.00249EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/22 9:27 a.m.6 views

webkitgtk: An app may be able to access sensitive user data

A flaw was found in WebKitGTK. Processing or loading malicious web content can allow an app to access sensitive user data due to improper data protection...

5.5CVSS5.8AI score0.0014EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/19 8:46 p.m.6 views

Security Bulletin: IBM Operational Decision Manager - Multiple CVEs addressed related to SOLR and its dependencies (such as Jetty) affecting ODM-9.0.0 and older versions

Summary This Security bulletin addresses vulnerabilities in Apache Solr and its dependencies including Eclipse Jetty that might affect IBM Operational Decision Manager version 9.0.0 and older versions. Vulnerability Details CVEID:CVE-2026-2332 DESCRIPTION: In Eclipse Jetty, the HTTP/1.1 parser is...

9.1CVSS6.8AI score0.01127EPSS
Exploits2Affected Software1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

A known cache speculation vulnerability, known as Branch History Injection BHI or Spectre-BHB, reappears in the new hw AmpereOne. Spectre-BHB is similar to Spectre v2, except that malicious code uses the shared branch history stored in the CPU Branch History Buffer, or BHB to influence mispredict...

5.5CVSS6.6AI score0.00264EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/17 11:5 p.m.8 views

netty-handler: netty-handler: IPv6 subnet rule bypass due to incorrect masking operation

A flaw was found in netty-handler, a component of the Netty network application framework. A remote attacker can exploit an incorrect masking operation in the IpSubnetFilterRule.compareTo function to bypass configured IPv6 subnet rules. This allows valid public IP addresses to circumvent intended...

8.1CVSS5.3AI score0.00552EPSS
Exploits0References7
NVD
NVD
added 2026/06/17 10:55 a.m.10 views

CVE-2026-48776

LangGraph Python SDK is used to connect to running LangGraph API servers, manage assistants, threads and stream runs from Python applications. Versions 0.3.14 and prior have unsafe URL path construction through unsanitized caller-supplied identifier values used in HTTP request paths for resource...

9.1CVSS0.00216EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 10:54 a.m.7 views

CVE-2026-46949

Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

9.1CVSS0.00405EPSS
Exploits0References1
AlmaLinux
AlmaLinux
added 2026/06/15 12:0 a.m.19 views

Important: webkit2gtk3 security update

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash CVE-2026-28946 webkitgtk: Processing maliciously crafted web content may lead to an unexpected proces...

8.8CVSS5.4AI score0.00693EPSS
Exploits0References34
Vulnrichment
Vulnrichment
added 2026/06/12 8:57 p.m.6 views

CVE-2026-53608 @apostrophecms/seo Vulnerable to Stored XSS via Unsanitized Google Analytics / GTM ID Injected into Script Tag

ApostropheCMS is an open-source Node.js content management system. Versions up to and including 1.4.2 of the @apostrophecms/seo package injects the Google Analytics Tracking ID seoGoogleTrackingId and Google Tag Manager ID seoGoogleTagManager directly into tag bodies using JavaScript template...

8.7CVSS5.2AI score0.0021EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/12 8:24 p.m.28 views

CVE-2026-44785 Discourse: Hidden reply-to post raw can be disclosed through AI explain prompts

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, the AI "explain" helper only checks cansee? on the post being explained, not its replytopost, so any authenticated user wi...

4.3CVSS0.00189EPSS
Exploits0References1
Rows per page
Query Builder