Lucene search
K

21 matches found

CVE
CVE
added 2026/05/27 2:54 a.m.27 views

CVE-2026-2253

Hitachi Vantara Pentaho Data Integration & Analytics is affected by an XXE issue in XML parsing. Versions before 10.2.0.7 and 11.0.0.0 (including 9.3.x and 8.3.x) do not sufficiently restrict external entities, enabling potential confidentiality impact. CVSSv3.1 base score 7.7 (HIGH) with NETWORK...

7.7CVSS5.8AI score0.00201EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/06 8:34 a.m.11 views

CVE-2026-42509

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Wicket. This issue affects Apache Wicket: from 8.0.0 through 8.17.0, 9.0.0, from 10.0.0 through 10.8.0. Users are recommended to upgrade to version 10.9.0, which fixes the issue...

5.8AI score0.00357EPSS
Exploits0References2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/04 6:55 a.m.7 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses dompurify-3.2.7.tgz, dompurify-3.3.0.tgz, dompurify-3.3.1.tgz which is vulnerable to CVE-2026-0540.

Summary IBM Maximo Application Suite - Monitor Component uses dompurify-3.2.7.tgz, dompurify-3.3.0.tgz, dompurify-3.3.1.tgz which is vulnerable to CVE-2026-0540. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-0540 DESCRIPTION: DOMPurify 3.1.3...

6.1CVSS7.2AI score0.0034EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/04/15 11:16 a.m.11 views

CVE-2026-30778

The SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configuration information of MySQL/PostgreSQL. This issue affects Apache SkyWalking: from 9.7.0 through 10.3.0. Users are recommended to upgrade to version 10.4.0, which fixes the issue...

7.5CVSS0.00544EPSS
Exploits0References2
Elastic
Elastic
added 2026/03/19 4:51 p.m.9 views

Kibana 8.19.12, 9.2.6, 9.3.1 Security Update (ESA-2026-19)

Missing Authorization in Kibana Leading to Unauthorized Endpoint Response Action Configuration Missing Authorization CWE-862 in Kibana’s server-side Detection Rule Management can lead to Unauthorized Endpoint Response Action Configuration host isolation, process termination, and process suspensio...

6.5CVSS5.8AI score0.00175EPSS
Exploits0
Cvelist
Cvelist
added 2026/03/18 12:30 a.m.30 views

CVE-2026-29057 Next.js: HTTP request smuggling in rewrites

Next.js is a React framework for building full-stack web applications. Starting in version 9.5.0 and prior to versions 15.5.13 and 16.1.7, when Next.js rewrites proxy traffic to an external backend, a crafted DELETE/OPTIONS request using Transfer-Encoding: chunked could trigger request boundary...

6.3CVSS0.00427EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/02/10 12:0 a.m.8 views

Microsoft .NET 安全漏洞

Microsoft .NET is a software framework developed by Microsoft Corporation in the United States. It focuses on agile software development, rapid application development, platform independence, and network transparency. There are security vulnerabilities in Microsoft .NET. Attackers can exploit the...

7.5CVSS7.1AI score0.01015EPSS
Exploits0References1
OSV
OSV
added 2026/02/09 5:16 a.m.3 views

CVE-2025-66595

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product is vulnerable to Cross-Site Request Forgery CSRF. When a user accesses a link crafted by an attacker, the user’s account could be compromised. The affected products and versions are as follows:...

5.4CVSS5.7AI score0.00095EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/21 12:0 a.m.5 views

Slackware Linux 15.0 / current bind Vulnerability (SSA:2026-021-01)

The version of bind installed on the remote host is prior to 9.18.44 / 9.20.18. It is, therefore, affected by a vulnerability as referenced in the SSA:2026-021-01 advisory. New bind packages are available for Slackware 15.0 and -current to fix security issues. Tenable has extracted the preceding...

7.5CVSS6AI score0.08219EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/10/31 12:0 a.m.6 views

PT-2025-44636

Name of the Vulnerable Software and Affected Versions Kitware VTK Visualization Toolkit versions through 9.5.0 Description The software contains a heap buffer overflow issue within the vtkGLTFDocumentLoader. This occurs when processing specifically designed GLTF files, where the copy constructor ...

7.1CVSS7.1AI score0.00164EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2025/10/28 12:0 a.m.8 views

PT-2025-44196

Name of the Vulnerable Software and Affected Versions BESSystem BES Application Server versions through 9.5.x Description An issue exists that could allow unauthorized attackers to obtain sensitive information. This is due to the “pre-resource” option within the bes-web.xml file. Recommendations...

7.5CVSS6.4AI score0.00328EPSS
Exploits0References8
CVE
CVE
added 2025/09/16 12:23 p.m.12 views

CVE-2025-55118

CVE-2025-55118 concerns BMC Control-M/Agent. The issue is a memory corruption vulnerability that can be remotely triggered when SSL/TLS is configured, with specific non-default conditions: Control-M/Agent 9.0.20 using non-default SSL/TLS setting use_openssl=n; and 9.0.21/9.0.22 with non-default s...

8.9CVSS6.2AI score0.00343EPSS
Exploits0References2
OSV
OSV
added 2025/08/13 3:30 p.m.3 views

GHSA-23HV-MWM6-G8JF Apache Tomcat Session Fixation vulnerability

Session Fixation vulnerability in Apache Tomcat via rewrite valve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. Older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.8, 10.1.42 ...

6.5CVSS5.8AI score0.00775EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2025/05/23 1:50 a.m.5 views

SUSE CVE-2025-40775

When an incoming DNS protocol message includes a Transaction Signature TSIG, BIND always checks it. If the TSIG contains an invalid value in the algorithm field, BIND immediately aborts with an assertion failure. This issue affects BIND 9 versions 9.20.0 through 9.20.8 and 9.21.0 through 9.21.7...

7.5CVSS6.9AI score0.12301EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2025/02/19 10:31 a.m.1 views

mysql: MySQL Server: Unauthorized Data Modification and Read Access Vulnerability

A flaw was found in MySQL Server. This vulnerability allows a low privileged attacker with network access via multiple protocols to achieve unauthorized data modification and read access to a subset of MySQL Server's accessible data...

5.4CVSS6.6AI score0.00481EPSS
Exploits0References5
OSV
OSV
added 2024/07/16 9:15 p.m.5 views

CVE-2024-21687

This High severity File Inclusion vulnerability was introduced in versions 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0 and 9.6.0 of Bamboo Data Center and Server. This File Inclusion vulnerability, with a CVSS Score of 8.1, allows an authenticated attacker to get the application to display the...

8.1CVSS5.9AI score0.00746EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/07/10 12:0 a.m.4 views

PT-2024-19805 · Unknown · Controller 6000 +1

Name of the Vulnerable Software and Affected Versions: Controller 6000 and Controller 7000 versions 8.60 and prior Controller 6000 and Controller 7000 versions 8.70 prior to vCR8.70.240520a Controller 6000 and Controller 7000 versions 8.80 prior to vCR8.80.240520a Controller 6000 and Controller...

6.3CVSS7.8AI score0.00165EPSS
Exploits0References6
CNNVD
CNNVD
added 2024/03/05 12:0 a.m.4 views

Gallagher Command Centre Cross-Site Scripting Vulnerability

Gallagher Command Centre is a centralized control tool for Gallagher access control systems from Gallagher New Zealand. A security vulnerability exists in Gallagher Command Centre due to improper neutralization of special elements. The following products and versions are affected: Gallagher Comma...

6.8CVSS6.8AI score0.00304EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/02/01 12:0 a.m.5 views

Dell PowerScale OneFS Security Vulnerability

Dell PowerScale OneFS is an operating system from Dell USA. PowerScale OneFS operating system that provides horizontal scaling NAS. A security vulnerability exists in Dell PowerScale OneFS versions 9.0.0.x through 9.6.0.x. The vulnerability stems from a Contains Incorrect Default Privileges...

5.5CVSS6.6AI score0.00144EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/01/22 12:0 a.m.6 views

PT-2024-1468 · Ivanti · Ivanti Policy Secure +1

Name of the Vulnerable Software and Affected Versions: Ivanti Connect Secure versions 9.x through 22.x Ivanti Policy Secure versions 9.x through 22.x Description: A privilege escalation vulnerability in the web component of Ivanti Connect Secure and Ivanti Policy Secure allows a user to elevate...

8.8CVSS9.2AI score0.86806EPSS
Exploits4References104
Rows per page
Query Builder