Lucene search
+L

37 matches found

NVD
NVD
added yesterday6 views

CVE-2026-44251

Wazuh is a free and open source platform used for threat prevention, detection, and response. In versions 3.0.0 and above, prior to 4.14.5, a sizet integer underflow in oscrypto/shared/msgs.c:389 allows any enrolled Wazuh agent to crash the wazuh-remoted process on the manager, immediately...

6.5CVSS0.00289EPSS
Exploits0References1
OSV
OSV
added 2 days ago4 views

CVE-2026-46377 Dasel: Index-out-of-range panic in dasel selector lexer on trailing backslash in quoted string

Dasel is a command-line tool and library for querying, modifying, and transforming data structures. From 3.0.0 until 3.10.1, the escape sequence handler in Tokenizer.parseCurRune in selector/lexer/tokenize.go increments past a trailing backslash in a quoted string such as "\ or '\ and then reads...

6.2CVSS6.1AI score0.00129EPSS
Exploits0References5
OSV
OSV
added 2026/07/08 4:16 p.m.4 views

UBUNTU-CVE-2026-59869

js-yaml is a JavaScript YAML parser and dumper. From 3.0.0 before 3.15.0 and from 4.0.0 before 4.3.0, js-yaml can spend quadratic CPU time parsing a document whose size grows only linearly when a chain of mappings uses merge keys where each mapping merges the previous one. This issue is fixed in...

7.5CVSS6.1AI score0.0037EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/06/22 9:41 p.m.6 views

CVE-2026-48500

Filament is a collection of full-stack components for accelerated Laravel development. From 3.0.0 until 3.3.52, 4.11.5, and 5.6.5, any schema can contain a file upload form field, so Filament applies Livewire's WithFileUploads trait to the Livewire component the schema is embedded in. However, so...

6.5CVSS6AI score0.00207EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/19 1:18 p.m.15 views

EUVD-2026-38025

Cross-Site Request Forgery CSRF vulnerability in the cas-auth plugin under default configurations. This defect allows a remote attacker that manages to send a victim to a webpage controlled by them can cause the victim's browser to become authenticated as a different identity. Actions the victim...

2.1CVSS5.9AI score0.00261EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/05/19 3:31 p.m.8 views

org.glassfish.main.admingui:admingui (>=6.0.0 <=9.0.0-M1), org.glassfish.main.admingui:console-cluster-plugin (>=6.0.0 <=9.0.0-M1) +19 more potentially affected by CVE-2026-2586 via org.glassfish.jsftemplating:jsftemplating (>=3.0.0 <=4.1.0)

org.glassfish.jsftemplating:jsftemplating MAVEN version =3.0.0, =6.0.0, =6.0.0, =7.0.16, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =9.0.0-M1 and more Source cves: CVE-2026-2586 Source advisory: OSV:GHSA-96V6-HQ43-X9H4https://vulners.c...

9.1CVSS5.4AI score0.00819EPSS
Exploits1
CVE
CVE
added 2026/05/14 2:39 p.m.22 views

CVE-2026-44308

CVE-2026-44308 concerns Spring Cloud AWS, where the SNS HTTP/HTTPS endpoint support methods (@NotificationMessageMapping, @NotificationSubscriptionMapping, @NotificationUnsubscribeConfirmationMapping) failed to verify incoming SNS message signatures from versions 3.0.0 through 4.0.1. An unauthent...

6.3CVSS5.8AI score0.00179EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/05/07 4:10 a.m.8 views

@aiconnect/codelets-runner (>=0.1.0 <=0.2.0), @cairncms/api (>=1.0.0-beta.1 <=1.0.0-beta.4) +16 more potentially affected by CVE-2026-44001 via vm2 (>=3.0.0 <=3.10.5)

vm2 NPM version =3.0.0, =0.1.0, =1.0.0-beta.1, =3.0.46, =1.0.0-beta.1, =0.1.64, =0.1.61, =1.66.16, =1.66.16, =1.66.16, =1.66.16, =1.66.16, =1.66.16, =1.66.16, =1.72.1 and more Source cves: CVE-2026-44001 Source advisory: SNYK:JS-VM2-16438945...

8.6CVSS5.4AI score0.00448EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/04/27 10:14 a.m.7 views

org.apache.camel.kafkaconnector:camel-sjms2-kafka-connector (>=0.1.0 <=4.14.5), org.apache.camel.kafkaconnector:itests-sjms2 (>=0.3.0 <=4.14.5) +10 more potentially affected by CVE-2026-40860 via org.apache.camel:camel-sjms2 (>=3.0.0-M1 <=4.14.6)

org.apache.camel:camel-sjms2 MAVEN version =3.0.0-M1, =0.1.0, =0.3.0, =0.1.0, =4.10.3, =1.0.0, =1.0.0-M1, =2.2.0, =2.2.0, =1.0.0, =1.0.0, =3.0.0, =3.0.0-M1, =3.0.0-RC3 Source cves: CVE-2026-40860 Source advisory: SNYK:JAVA-ORGAPACHECAMEL-16321538...

9.8CVSS5.8AI score0.00881EPSS
Exploits2
Cvelist
Cvelist
added 2026/04/27 8:3 a.m.36 views

CVE-2026-40860 Apache Camel: Unsafe Deserialization of JMS ObjectMessage in camel-jms, camel-sjms, camel-sjms2 and camel-amqp

JmsBinding.extractBodyFromJms in camel-jms, and the equivalent JmsBinding class in camel-sjms, deserialized the payload of incoming JMS ObjectMessage values via javax.jms.ObjectMessage.getObject without applying any ObjectInputFilter, class allowlist or class denylist. Because this code path is...

0.00881EPSS
Exploits2References1
vulnersOsv
vulnersOsv
added 2026/04/16 3:31 p.m.4 views

airflow-balancer (>=0.7.0 <=0.7.6), airflow-clickhouse-plug (=1.6.2) +39 more potentially affected by CVE-2025-54550 via apache-airflow-core (>=3.0.0 <=3.2.0b1)

apache-airflow-core PYPI version =3.0.0, =0.7.0, =1.5.0, =0.6.1, =1.10.7, =0.6.0, =0.1.0, =1.4.3, =0.2.0, =1.2.10, =0.1.1, =3.0.0, =1.6.0, =1.5.3, =1.25.0, =1.28.0rc1 and more Source cves: CVE-2025-54550 Source advisory: SNYK:PYTHON-APACHEAIRFLOWCORE-16094668...

8.1CVSS5.7AI score0.00579EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/04/15 6:43 p.m.6 views

CVE-2026-5189

CWE-798: Use of Hard-coded Credentials in Sonatype Nexus Repository Manager versions 3.0.0 through 3.70.5 allows an unauthenticated attacker with network access to gain unauthorized read/write access to the internal database and execute arbitrary OS commands as the Nexus process user. Exploitatio...

9.2CVSS6AI score0.00461EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/14 8:9 a.m.7 views

CVE-2026-33929 Apache PDFBox Examples: Path Traversal in PDFBox ExtractEmbeddedFiles Example Code

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache PDFBox Examples. This issue affects the ExtractEmbeddedFiles example in Apache PDFBox: from 2.0.24 through 2.0.36, from 3.0.0 through 3.0.7. Users are recommended to update to version 2.0.37 or...

5.8AI score0.00711EPSS
Exploits0References3
OSV
OSV
added 2026/04/02 6:16 p.m.4 views

DEBIAN-CVE-2026-34835

Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 to before 3.1.21, and 3.2.0 to before 3.2.6, Rack::Request parses the Host header using an AUTHORITY regular expression that accepts characters not permitted in RFC-compliant hostnames, including /, ?, , and @. Because req.hos...

6.5CVSS5.3AI score0.00192EPSS
Exploits2References1
vulnersOsv
vulnersOsv
added 2026/04/01 9:36 p.m.7 views

@01.software/cli (>=0.1.1 <=0.2.0-dev.260310.cf511cb), @01.software/sdk (>=0.0.1-251008.90016 <=0.3.0) +33 more potentially affected by CVE-2026-34749 via payload (>=3.0.0-alpha.46 <=3.79.0)

payload NPM version =3.0.0-alpha.46, =0.1.1, =0.0.1-251008.90016, =0.0.6, =0.0.3, =1.0.1-beta.0, =1.0.0, =0.1.0, =1.0.0, =1.0.0, =3.64.0, =0.0.1-beta.0, =0.2.0, =0.2.14 and more Source cves: CVE-2026-34749 Source advisory: SNYK:JS-PAYLOAD-15873856...

5.4CVSS5.8AI score0.00129EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/01 9:19 p.m.5 views

@adenta/cms (>=0.0.6 <=1.1.1-0), @ainsleydev/payload-helper (>=0.0.6 <=0.3.2) +24 more potentially affected by CVE-2026-34747 via @payloadcms/drizzle (>=3.0.0-beta.100 <=3.79.0)

@payloadcms/drizzle NPM version =3.0.0-beta.100, =0.0.6, =0.0.6, =3.22.1, =3.37.0, =1.0.0, =3.53.0, =3.61.1-2, =3.50.0-internal.ca62628, =3.0.0, =3.0.0, =3.0.0, =1.0.1, =1.0.2 and more Source cves: CVE-2026-34747 Source advisory: SNYK:JS-PAYLOADCMSDRIZZLE-15873854...

8.5CVSS5.8AI score0.00317EPSS
Exploits0
OSV
OSV
added 2026/03/18 8:39 a.m.6 views

BIT-AIRFLOW-2026-26929 Apache Airflow: Wildcard DagVersion Listing Bypasses Per‑DAG RBAC and Leaks Metadata

Apache Airflow versions 3.0.0 through 3.1.7 FastAPI DagVersion listing API does not apply per-DAG authorization filtering when the request is made with dagid set to "" wildcard for all DAGs. As a result, version metadata of DAGs that the requester is not authorized to access is returned. Users ar...

6.5CVSS5.7AI score0.00406EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2026/03/03 9:44 p.m.8 views

@3t-transform/threeteeui (>=1.5.1 <=1.10.0), @8btc/excalidraw (>=0.18.0-beta.0 <=0.18.0-beta.4) +1240 more potentially affected by CVE-2025-15599 via dompurify (>=3.0.0 <=3.2.6)

dompurify NPM version =3.0.0, =1.5.1, =0.18.0-beta.0, =0.0.0-dev-20240828032938, =0.2.8-experimental.0, =1.2.0, =1.0.0, =4.4.0-rc1, =6.4.10, =5.1.1, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.2, =1.0.9 and more Source cves: CVE-2025-15599 Source advisory: SNYK:JS-DOMPURIFY-15371386...

6.1CVSS5.7AI score0.00245EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/10/30 12:31 p.m.5 views

apache-airflow (>=3.0.0 <=3.0.4rc2), apache-airflow-providers-common-sql (>=1.25.0 <=1.25.0rc1) +3 more potentially affected by CVE-2025-54941 via apache-airflow-core (>=3.0.0 <=3.0.4rc2)

apache-airflow-core PYPI version =3.0.0, =3.0.0, =1.25.0, =1.0.0, =1.16.0, =1.0.6, =1.0.9 Source cves: CVE-2025-54941 Source advisory: SNYK:PYTHON-APACHEAIRFLOWCORE-13786421...

4.6CVSS5.7AI score0.00448EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/08/29 12:31 p.m.10 views

@anjy7/navbar-cms (=0.0.5), @contentql/core (>=0.1.2 <=0.3.5) +14 more potentially affected by CVE-2025-4643 via @payloadcms/next (>=3.0.0-alpha.46 <=3.44.0-internal.6b79dc2)

@payloadcms/next NPM version =3.0.0-alpha.46, =0.1.2, =0.1.0, =3.2.0, =0.2.0, =0.1.0, =0.1.4, =1.0.0, =0.0.5, =0.0.1, =0.0.9-alpha.52, =0.0.5, =3.0.0-beta.3, =0.0.3, =1.0.0 and more Source cves: CVE-2025-4643 Source advisory: OSV:GHSA-5V66-M237-HWF7...

6.3CVSS5.7AI score0.00484EPSS
Exploits0
Rows per page
Query Builder