Lucene search
K

62 matches found

NVD
NVD
added 2026/06/17 10:40 a.m.9 views

CVE-2026-35274

Vulnerability in the PeopleSoft Enterprise PT PeopleTools product of Oracle PeopleSoft component: Deployment Package. Supported versions that are affected are 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft...

8.2CVSS0.00392EPSS
Exploits0References1
Elastic
Elastic
added 2026/05/28 7:24 p.m.79 views

Kibana 8.19.16 and 9.3.5 Security Update (ESA-2026-30)

Path Traversal in Kibana Leading to Unauthorized Deletion of User Accounts A path traversal vulnerability was identified in Kibana's dashboard management functionality. An authenticated user with limited permissions could create a dashboard with a specially crafted identifier. When an administrat...

4.6CVSS5.7AI score0.00223EPSS
Exploits0
CVE
CVE
added 2026/05/27 2:54 a.m.26 views

CVE-2026-2253

Hitachi Vantara Pentaho Data Integration & Analytics is affected by an XXE issue in XML parsing. Versions before 10.2.0.7 and 11.0.0.0 (including 9.3.x and 8.3.x) do not sufficiently restrict external entities, enabling potential confidentiality impact. CVSSv3.1 base score 7.7 (HIGH) with NETWORK...

7.7CVSS5.8AI score0.00201EPSS
Exploits0References1Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/06 5:5 p.m.8 views

Auth.js SDK has Improper Permission Checking

Description Under specific preconditions, the Auth0.js SDK may improperly return user profile information using a valid access token when a specifically crafted invalid ID token is provided. Am I Affected? Users are affected if they meet each of the following preconditions: - Applications built...

7.1CVSS5.8AI score0.00211EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/05/06 10:16 a.m.6 views

CVE-2026-42509

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Wicket. This issue affects Apache Wicket: from 8.0.0 through 8.17.0, 9.0.0, from 10.0.0 through 10.8.0. Users are recommended to upgrade to version 10.9.0, which fixes the issue...

6.1CVSS0.00357EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/06 8:34 a.m.11 views

CVE-2026-42509

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Wicket. This issue affects Apache Wicket: from 8.0.0 through 8.17.0, 9.0.0, from 10.0.0 through 10.8.0. Users are recommended to upgrade to version 10.9.0, which fixes the issue...

5.8AI score0.00357EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/21 8:35 p.m.9 views

CVE-2026-34267

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.45. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks...

4.9CVSS5.7AI score0.00323EPSS
Exploits0References2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/10 2:36 p.m.6 views

Security Bulletin: A security vulnerability has been identified in IBM HTTP Server shipped with IBM WebSphere Remote Server

Summary IBM HTTP Server is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM HTTP Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...

5.5CVSS5.8AI score0.00216EPSS
Exploits1Affected Software1
Elastic
Elastic
added 2026/03/19 4:51 p.m.8 views

Kibana 8.19.12, 9.2.6, 9.3.1 Security Update (ESA-2026-19)

Missing Authorization in Kibana Leading to Unauthorized Endpoint Response Action Configuration Missing Authorization CWE-862 in Kibana’s server-side Detection Rule Management can lead to Unauthorized Endpoint Response Action Configuration host isolation, process termination, and process suspensio...

6.5CVSS5.8AI score0.00175EPSS
Exploits0
OSV
OSV
added 2026/03/16 8:16 p.m.4 views

UBUNTU-CVE-2025-69693

Out-of-bounds read in FFmpeg 8.0 and 8.0.1 RV60 video decoder libavcodec/rv60dec.c. The quantization parameter qp validation at line 2267 only checks the lower bound qp 0 but is missing upper bound validation. The qp value can reach 65 base value 63 from 6-bit frame header + offset +2 from...

5.4CVSS5.8AI score0.00266EPSS
Exploits0References2
NVD
NVD
added 2026/01/22 5:16 p.m.7 views

CVE-2025-68903

Deserialization of Untrusted Data vulnerability in AivahThemes Anona anona allows Object Injection.This issue affects Anona: from n/a through = 8.0...

8.8CVSS0.0037EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/29 1:49 p.m.6 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses keras-2.14.0-py3-none-any.whl which is vulnerable to CVE-2024-55459.

Summary IBM Maximo Application Suite - Monitor Component uses keras-2.14.0-py3-none-any.whl which is vulnerable to CVE-2024-55459. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2024-55459 DESCRIPTION: An issue in keras 3.7.0 allows attackers to...

6.5CVSS7.4AI score0.00221EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/01 5:41 p.m.11 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses tar-fs-2.1.3.tgz which is vulnerable to CVE-2025-59343.

Summary IBM Maximo Application Suite - Monitor Component uses tar-fs-2.1.3.tgz which is vulnerable to CVE-2025-59343. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-59343 DESCRIPTION: tar-fs provides filesystem bindings for...

8.7CVSS6.6AI score0.00516EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2025/11/30 4:2 p.m.11 views

CVE-2025-13792 Qualitor getResumo.php eval code injection

A security flaw has been discovered in Qualitor up to 8.20.104/8.24.97. Affected by this vulnerability is the function eval of the file /html/st/stdeslocamento/request/getResumo.php. Performing a manipulation of the argument passageiros results in code injection. Remote exploitation of the attack...

7.5CVSS0.00402EPSS
Exploits0References6
Atlassian
Atlassian
added 2025/11/14 6:28 a.m.16 views

Cryptographic Failure Third-Party Dependency in Bitbucket Data Center and Server - CVE-2022-24771

This High severity vulnerability known as CVE-2022-24771 was introduced in 8.19.0, 8.19.1, 8.19.2, 8.19.3, 8.19.4, 8.19.5, 8.19.6, 8.19.7, 8.19.8, 8.19.9, 8.19.10, 8.19.11, 8.19.12, 8.19.13, 8.19.14, 8.19.15 of Bitbucket Data Center and Server. This vulnerability with a CVSS Score of 7.5 and a CV...

7.5CVSS6.8AI score0.00717EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2025/11/05 12:0 a.m.8 views

PT-2025-45138

Name of the Vulnerable Software and Affected Versions Dell CloudLink versions prior to 8.1.1 Description Dell CloudLink, versions prior to 8.1.1, contains a Command Injection issue that an authenticated attacker can exploit to execute arbitrary commands on the system. Recommendations Update Dell...

6.7CVSS7.5AI score0.00384EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2025/09/29 1:34 a.m.5 views

mysql: InnoDB unspecified vulnerability (CPU Apr 2025)

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server...

6.5CVSS5.8AI score0.00667EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/08/10 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-30687

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and...

6.5CVSS5.9AI score0.00691EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2025/05/01 1:44 p.m.6 views

com.farcsal.dql:query-es (=0.8.0), com.github.ben-manes.caffeine:simulator (>=3.0.4 <=3.0.5) +13 more potentially affected by CVE-2024-52979 via org.elasticsearch:elasticsearch (>=8.0.0-alpha1 <=8.15.5)

org.elasticsearch:elasticsearch MAVEN version =8.0.0-alpha1, =3.0.4, =1.2.0, =0.83.0, =7.23.0, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.10.0, =1.6.es801.0, =8.0.0, =8.15.5 Source cves: CVE-2024-52979 Source advisory: SNYK:JAVA-ORGELASTICSEARCH-9919796...

7.5CVSS5.8AI score0.00522EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2025/02/19 10:31 a.m.1 views

mysql: MySQL Server: Unauthorized Data Modification and Read Access Vulnerability

A flaw was found in MySQL Server. This vulnerability allows a low privileged attacker with network access via multiple protocols to achieve unauthorized data modification and read access to a subset of MySQL Server's accessible data...

5.4CVSS6.6AI score0.00481EPSS
Exploits0References5
Rows per page
Query Builder