Lucene search
K

57361 matches found

Ubuntu
Ubuntu
added 2026/02/06 5:34 p.m.7 views

USN-8015-3: Linux kernel (FIPS) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - SMB network file system; - iouring subsystem; CVE-2025-38561, CVE-2025-39698, CVE-2025-40019...

8.8CVSS8.2AI score0.00391EPSS
Exploits2
OSV
OSV
added 2026/02/06 5:34 p.m.5 views

USN-8015-3 linux-fips, linux-aws-fips, linux-gcp-fips vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - SMB network file system; - iouring subsystem; CVE-2025-38561, CVE-2025-39698, CVE-2025-40019...

8.8CVSS6.7AI score0.00391EPSS
Exploits2References4
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/06 5:13 p.m.18 views

Security Bulletin: Multiple Vulnerabilities in IBM API Connect

Summary Multiple vulnerabilities were addressed in IBM API Connect version v12.1.0.1 Vulnerability Details CVEID:CVE-2023-39804 DESCRIPTION: In GNU tar before 1.35, mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c. CVSS Source: IBM X-Force CVSS Base...

8.6CVSS6.8AI score0.01082EPSS
Exploits3Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/06 4:22 p.m.7 views

CVE-2026-2103 Use of Hard-Coded Cryptographic Key for Password Storage

Infor SyteLine ERP uses hard-coded static cryptographic keys to encrypt stored credentials, including user passwords, database connection strings, and API keys. The encryption keys are identical across all installations. An attacker with access to the application binary and database can decrypt a...

7.1CVSS5.4AI score0.00097EPSS
Exploits1References1
CVE
CVE
added 2026/02/06 4:22 p.m.15 views

CVE-2026-2103

Infor SyteLine ERP is affected by CVE-2026-2103 due to hard-coded static cryptographic keys used to encrypt stored credentials (passwords, DB connection strings, API keys). The keys are identical across all installations, enabling an attacker with access to the application binary and database to ...

7.8CVSS5.4AI score0.00097EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/02/06 3:54 p.m.4 views

OESA-2026-1289 python-urllib3 security update

HTTP library with thread-safe connection pooling, file post support, sanity friendly, and more. Security Fixes: urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed data. urllib3's streaming A...

8.9CVSS5.7AI score0.02667EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/06 1:30 p.m.26 views

CVE-2026-1294

The All In One Image Viewer Block plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.2 due to missing authorization and URL validation on the image-proxy REST API endpoint. This makes it possible for unauthenticated attackers to make web...

7.2CVSS5.6AI score0.00293EPSS
Exploits0References1
NCSC
NCSC
added 2026/02/06 9:25 a.m.12 views

Vulnerability fixed in SmarterTools SmarterMail

SmarterTools has fixed vulnerabilities in SmarterMail. A malicious party could exploit the vulnerabilities to bypass authentication and execute arbitrary code with administrator privileges, and possibly SYSTEM. For successful abuse, the malicious party must have access to the API interface...

9.8CVSS6.2AI score0.96268EPSS
Exploits3References1
Snyk
Snyk
added 2026/02/06 7:7 a.m.5 views

Malicious Package

Overview syf-api is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 2026/02/06 7:6 a.m.5 views

Malicious Package

Overview syf-api-legacy is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score
Exploits0References2
NVD
NVD
added 2026/02/06 6:15 a.m.8 views

CVE-2026-0598

A security flaw was identified in the Ansible Lightspeed API conversation endpoints that handle AI chat interactions. The APIs do not properly verify whether a conversation identifier belongs to the authenticated user making the request. As a result, an attacker with valid credentials could acces...

4.2CVSS0.00222EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/06 5:47 a.m.27 views

CVE-2026-0598 Ansible-lightspeed: broken object level authorization leading to cross-user ai conversation context injection in ansible lightspeed api

A security flaw was identified in the Ansible Lightspeed API conversation endpoints that handle AI chat interactions. The APIs do not properly verify whether a conversation identifier belongs to the authenticated user making the request. As a result, an attacker with valid credentials could acces...

4.2CVSS0.00222EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/06 5:47 a.m.6 views

CVE-2026-0598

A security flaw was identified in the Ansible Lightspeed API conversation endpoints that handle AI chat interactions. The APIs do not properly verify whether a conversation identifier belongs to the authenticated user making the request. As a result, an attacker with valid credentials could acces...

4.2CVSS4.9AI score0.00222EPSS
Exploits0References3
CVE
CVE
added 2026/02/06 5:47 a.m.32 views

CVE-2026-0598

The connected PT-2026-6676 entry confirms a vulnerability in the Ansible Lightspeed API conversation endpoints used for AI chat interactions. Affected component: the conversation endpoints within Ansible Lightspeed API. Root cause:broken object-level authorization that fails to verify that the co...

4.2CVSS5.3AI score0.00222EPSS
Exploits0References3
EUVD
EUVD
added 2026/02/06 5:47 a.m.6 views

EUVD-2026-5677

A security flaw was identified in the Ansible Lightspeed API conversation endpoints that handle AI chat interactions. The APIs do not properly verify whether a conversation identifier belongs to the authenticated user making the request. As a result, an attacker with valid credentials could acces...

4.2CVSS5.3AI score0.00222EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.8 views

PT-2026-6676

Name of the Vulnerable Software and Affected Versions Ansible Lightspeed affected versions not specified Description The Ansible Lightspeed API conversation endpoints, which manage AI chat interactions, do not adequately confirm if a conversation identifier corresponds to the authenticated user...

4.2CVSS5.4AI score0.00222EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.7 views

PT-2026-6774

Name of the Vulnerable Software and Affected Versions OpenSTAManager versions 2.9.8 and earlier Description OpenSTAManager contains a critical Error-Based SQL Injection issue within the Scadenzario Payment Schedule module’s bulk operations handler. The application does not properly validate that...

8.7CVSS6.2AI score0.00356EPSS
Exploits4References7
Vulnrichment
Vulnrichment
added 2026/02/06 12:0 a.m.4 views

CVE-2025-70963

Gophish =0.12.1 is vulnerable to Incorrect Access Control. The administrative dashboard exposes each user’s long-lived API key directly inside the rendered HTML/JavaScript of the page on every login. This makes permanent API credentials accessible to any script running in the browser context...

5.4AI score0.00267EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.8 views

PT-2026-6794

Name of the Vulnerable Software and Affected Versions DeepAudit versions prior to 3.0.5 Description An improper access control issue exists in DeepAudit versions 3.0.4 and earlier. The /api/v1/users/ API endpoint allows any authenticated user to enumerate all users within the system. This allows...

5.3CVSS5.4AI score0.00209EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/02/06 12:0 a.m.7 views

DeepAudit 安全漏洞

DeepAudit is an automated vulnerability auditing tool developed by lintsinghua’s individual developers. Versions of DeepAudit 3.0.4 and earlier contain security vulnerabilities. These vulnerabilities stem from improper access control on the /api/v1/users endpoint, which may allow any authenticate...

6.5CVSS5.8AI score0.00209EPSS
Exploits0References3
Rows per page
Query Builder