Lucene search
K

1849 matches found

Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.14 views

PT-2026-38131

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.96 Description A use after free issue in CSS allows a remote attacker to execute arbitrary code inside a sandbox by using a crafted HTML page. Use after free is a memory corruption flaw that occurs wh...

9.6CVSS6.2AI score0.00344EPSS
Exploits0References136
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.11 views

PT-2026-38143

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.96 Description An out of bounds read and write issue exists in GFX, which allows a remote attacker to perform arbitrary read and write operations via malicious network traffic. Recommendations Update ...

9.6CVSS6AI score0.00344EPSS
Exploits0References135
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.16 views

PT-2026-38177

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.96 Description A use after free issue exists in ReadingMode. This allows a remote attacker who has already compromised the renderer process to execute arbitrary code within a sandbox by using a...

9.6CVSS6.2AI score0.00344EPSS
Exploits0References136
OSV
OSV
added 2026/05/04 3:31 a.m.7 views

GHSA-6RR6-V7CJ-MXPG Prefect Auth Bypass via endswith() Health Check Exemption

A vulnerability was detected in PrefectHQ prefect up to 3.6.21. This impacts the function endswith of the file /api/health of the component Health Check API. Performing a manipulation results in improper authentication. The attack is possible to be carried out remotely. The exploit is now public...

6.9CVSS5.7AI score0.00453EPSS
Exploits0References10
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.10 views

TOTOLINK N300RH 缓冲区错误漏洞

TOTOLINK N300RH is a long-range wireless router produced by TOTOLINK Corporation. The version TOTOLINK N300RH 3.2.4-B20220812 contains a buffer overflow vulnerability. This vulnerability arises from the loginauth function in the Parameter Handler component, where the handling of the Password...

10CVSS7.8AI score0.00606EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/01 12:0 a.m.8 views

PT-2026-36291

Name of the Vulnerable Software and Affected Versions Totolink A8000RU version 7.1cu.643 b20200521 Description An OS command injection issue exists in the CGI Handler component. A remote attacker can initiate an attack by manipulating the proto argument within the '/cgi-bin/cstecgi.cgi' endpoint...

10CVSS7.6AI score0.01823EPSS
Exploits0References17
OSV
OSV
added 2026/04/30 8:45 p.m.3 views

CVE-2026-7501 LinkStackOrg LinkStack UserController.php editPage cross site scripting

A weakness has been identified in LinkStackOrg LinkStack up to 4.8.6. Impacted is the function editPage of the file app/Http/Controllers/UserController.php. Executing a manipulation of the argument pageDescription can lead to cross site scripting. It is possible to launch the attack remotely. The...

5.1CVSS4.2AI score0.00254EPSS
Exploits0References8
ICS
ICS
added 2026/04/29 12:0 a.m.10 views

CryptPad unbounded WebSocket frame flood

RISK EVALUATION CryptPad 2025.3.1 allows unbounded WebSocket frame flood. A remote, unauthenticated attacker can significantly degrade or deny service for all users of a CryptPad instance. 2. RECOMMENDED PRACTICES Upgrade to 2026.2.2. 3. DESCRIPTION CryptPad 2025.3.1 allows unbounded WebSocket...

8.7CVSS5.3AI score0.00578EPSS
Exploits1References1
OSV
OSV
added 2026/04/27 6:32 p.m.5 views

GHSA-X368-4G9H-FVV4 vLLM makes Use of Uninitialized Resource

A vulnerability was found in vLLM up to 0.19.0. The affected element is the function hasmambalayers of the file vllm/v1/kvcacheinterface.py of the component KV Block Handler. Performing a manipulation results in uninitialized resource. It is possible to initiate the attack remotely. The attack is...

6.3CVSS5.5AI score0.00288EPSS
Exploits0References8
CVE
CVE
added 2026/04/26 11:0 p.m.20 views

CVE-2026-7065

Technical details are not publicly available in the provided documents. Monitor for updates.

7.5CVSS7AI score0.00294EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.8 views

PT-2026-34682

Name of the Vulnerable Software and Affected Versions n8n-mcp versions prior to 2.47.11 Description When running in HTTP transport mode, incoming requests to the 'POST /mcp' endpoint have their request metadata written to server logs regardless of whether authentication is successful. This can le...

5.3CVSS5.8AI score0.00255EPSS
Exploits0References9
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/22 4:12 p.m.6 views

Security Bulletin: IBM Guardium Data Protection is affected by an IBM SDK, Java Technology Edition Quarterly CPU - Oct 2025 - Includes Oracle October 2025 CPU vulnerability (CVE-2025-53066, CVE-2025-53057)

Summary IBM Guardium Data Protection has addressed this vulnerability in an update. Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP component could allow a remote attacker to cause high confidentiality impact, no integrity impact...

7.5CVSS6.6AI score0.00633EPSS
Exploits0Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/21 8:35 p.m.3 views

CVE-2026-35251

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is 7.2.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle...

7.5CVSS5.7AI score0.00107EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.11 views

PT-2026-34114

Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware component: Core. The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle Identity Manager...

7.5CVSS5.7AI score0.00337EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/20 3:0 p.m.35 views

CVE-2026-6652 Pagekit CMS StringStorage Template PhpEngine.php evaluate eval injection

A weakness has been identified in Pagekit CMS up to 1.0.18. This issue affects the function evaluate of the file app/modules/view/src/PhpEngine.php of the component StringStorage Template Handler. This manipulation causes improper neutralization of directives in dynamically evaluated code. Remote...

5.8CVSS0.00244EPSS
Exploits0References4
CVE
CVE
added 2026/04/20 11:45 a.m.14 views

CVE-2026-6635

Summary (CVE-2026-6635): Rowboat by Rowboat Labs, affected versions up to 0.1.67, has a vulnerability in the tools_webhook module. The flaw affects the function tool_call in apps/experimental/tools_webhook/app.py, where manipulation of the X-Tools-JWE header enables improper authentication. The i...

7.5CVSS6.5AI score0.00466EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/20 12:45 a.m.6 views

CVE-2026-6590

A vulnerability was detected in ComfyUI up to 0.13.0. This impacts the function getmodelpreview of the file app/modelmanager.py of the component Model Preview Endpoint. The manipulation results in path traversal. The attack may be launched remotely. The exploit is now public and may be used. The...

5.3CVSS5.4AI score0.00365EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/19 12:0 a.m.9 views

PT-2026-37048

Name of the Vulnerable Software and Affected Versions D-Link DI-8100 version 16.07.26A1 Description A buffer overflow can be triggered remotely via the POST Parameter Handler component. The issue exists within the url rule asp function of the '/url rule.asp' endpoint. Recommendations At the momen...

10CVSS7.5AI score0.0586EPSS
Exploits1References16
vulnersOsv
vulnersOsv
added 2026/04/17 3:31 p.m.9 views

ai.tock:bot-test (=23.9.2), ai.tock:bot-test-base (=23.9.2) +499 more potentially affected by CVE-2026-40458 via org.pac4j:pac4j-core (>=6.0.0-RC1 <=6.4.0)

org.pac4j:pac4j-core MAVEN version =6.0.0-RC1, =6.4.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.pac4j:pac4j-core and may be impacted: - ai.tock:bot-test =23.9.2 - ai.tock:bot-test-base =23.9.2 - ai.tock:bot-toolkit =23.9.2 -...

7CVSS5.7AI score0.00165EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/17 12:0 a.m.12 views

PT-2026-37010

Name of the Vulnerable Software and Affected Versions OpenClaw versions 2026.4.9 through 2026.4.9 Description A sender policy bypass exists in the outbound host-media attachment read helper. This issue allows unauthorized local file disclosure when deployments allow host read or filesystem root...

7.7CVSS5.8AI score0.00236EPSS
Exploits0References7
Rows per page
Query Builder