Lucene search
K

57420 matches found

VulnCheck KEV
VulnCheck KEV
added 2026/01/31 12:0 a.m.8 views

VulnCheck KEV: CVE-2018-11770

From version 1.3.0 onward, Apache Spark's standalone master exposes a REST API for job submission, in addition to the submission mechanism used by spark-submit. In standalone, the config property 'spark.authenticate.secret' establishes a shared secret for authenticating requests to submit jobs vi...

4.9CVSS5.8AI score0.6583EPSS
In wildExploits2References2
EUVD
EUVD
added 2026/01/30 9:30 p.m.6 views

EUVD-2024-36557

It was identified that under certain specific preconditions, an API key that was originally created with a specific privileges could be subsequently used to create new API keys that have elevated privileges...

9.8CVSS5.9AI score0.00603EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/30 9:23 p.m.4 views

CVE-2026-1457

An authenticated buffer handling flaw in TP-Link VIGI C385 V1 Web API lacking input sanitization, may allow memory corruption leading to remote code execution. Authenticated attackers may trigger buffer overflow and potentially execute arbitrary code with elevated privileges...

8.8CVSS6.6AI score0.06605EPSS
Exploits1References1
NVD
NVD
added 2026/01/30 7:16 p.m.7 views

CVE-2024-9432

Cleartext Storage of Sensitive Information vulnerability in OpenText™ Vertica allows Retrieve Embedded Sensitive Data. The vulnerability could read Vertica agent plaintext apikey.This issue affects Vertica versions: 23.X, 24.X, 25.X...

6.9CVSS0.00091EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/30 6:31 p.m.6 views

CVE-2024-9432 Cleartext Storage of Sensitive Information vulnerability has been discovered in OpenText™ Vertica.

Cleartext Storage of Sensitive Information vulnerability in OpenText™ Vertica allows Retrieve Embedded Sensitive Data. The vulnerability could read Vertica agent plaintext apikey.This issue affects Vertica versions: 23.X, 24.X, 25.X...

6.9CVSS5.9AI score0.00091EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/30 6:31 p.m.6 views

CVE-2024-9432

Cleartext Storage of Sensitive Information vulnerability in OpenText™ Vertica allows Retrieve Embedded Sensitive Data. The vulnerability could read Vertica agent plaintext apikey.This issue affects Vertica versions: 23.X, 24.X, 25.X...

6.9CVSS5.9AI score0.00091EPSS
Exploits0References2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/30 5:20 p.m.31 views

Security Bulletin: Multiple Vulnerabilities in IBM API Connect

Summary Multiple vulnerabilities were addressed in IBM API Connect version 10.0.8.6 Vulnerability Details CVEID:CVE-2021-3999 DESCRIPTION: A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd may lead to memory corruption when the size of the buffer is exactly 1. A loc...

9.8CVSS6.8AI score0.08673EPSS
Exploits7Affected Software1
OSV
OSV
added 2026/01/30 4:8 p.m.10 views

CLEANSTART-2026-ZM51114 SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption

Multiple security vulnerabilities affect the argo-workflows-fips package. SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption. See references for individual vulnerability...

9.8CVSS5.8AI score0.0056EPSS
Exploits1References17
Ubuntu
Ubuntu
added 2026/01/30 3:41 p.m.10 views

USN-7990-2: Linux kernel (FIPS) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - Padata parallel execution mechanism; - Netfilter; CVE-2022-49698, CVE-2025-21726, CVE-2025-400...

7.8CVSS7.1AI score0.00283EPSS
Exploits1
Wallarm Lab
Wallarm Lab
added 2026/01/30 1:0 p.m.8 views

Why API Security Is No Longer an AppSec Problem – And What Security Leaders Must Do Instead

APIs are one of the most important technologies in digital business ecosystems. And yet, the responsibility for their security often falls to AppSec teams – and that’s a problem. This organizational mismatch creates systemic risk: business teams assume APIs are “secured,” while attackers exploit...

6AI score
Exploits0
OSV
OSV
added 2026/01/30 12:27 p.m.7 views

OESA-2026-1249 python-urllib3 security update

HTTP library with thread-safe connection pooling, file post support, sanity friendly, and more. Security Fixes: urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed data. urllib3's streaming A...

8.9CVSS6AI score0.00622EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2026/01/30 11:20 a.m.11 views

Chromium: CVE-2026-1504 Inappropriate implementation in Background Fetch API

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

6.5CVSS5.9AI score0.00224EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/01/30 10:10 a.m.7 views

CVE-2026-1188

In the Eclipse OMR port library component since release 0.2.0, an API function to return the textual names of all supported processor features was not accounting for the separator inserted between processor features. If the output buffer supplied to this function was incorrectly sized, failing to...

9.8CVSS6.1AI score0.00491EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/01/30 7:31 a.m.7 views

WordPress EventPrime plugin <= 4.2.7.0 - Unauthenticated Sensitive Information Exposure via REST API vulnerability

Unauthenticated Sensitive Information Exposure via REST API vulnerability discovered by Deadbee - NA in WordPress Plugin EventPrime versions = 4.2.7.0...

5.3CVSS5.9AI score0.00378EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/01/30 7:16 a.m.12 views

CVE-2026-0963

An input neutralization vulnerability in the File Operations API Endpoint component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal...

9.9CVSS0.00681EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/30 6:4 a.m.5 views

CVE-2026-0963 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Crafty Controller

An input neutralization vulnerability in the File Operations API Endpoint component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal...

9.9CVSS6.5AI score0.00681EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/30 6:4 a.m.27 views

CVE-2026-0963 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Crafty Controller

An input neutralization vulnerability in the File Operations API Endpoint component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal...

9.9CVSS0.00681EPSS
Exploits0References1
CVE
CVE
added 2026/01/30 6:4 a.m.21 views

CVE-2026-0963

The CVE-2026-0963 entry concerns Crafty Controller's File Operations API Endpoint, where an input neutralization flaw allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal. The vulnerability affects the File Operations API Endpoint componen...

9.9CVSS6.5AI score0.00681EPSS
Exploits0References1Affected Software1
GithubExploit
GithubExploit
added 2026/01/30 5:34 a.m.187 views

Exploit for CVE-2026-1457

CVE-2026-1457: TP-Link VIGI C385 Authenticated Remote Code Exe...

8.5CVSS6.7AI score0.06605EPSS
Exploits1
SUSE CVE
SUSE CVE
added 2026/01/30 12:26 a.m.8 views

SUSE CVE-2026-1504

Inappropriate implementation in Background Fetch API in Google Chrome prior to 144.0.7559.110 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

6.5CVSS5.9AI score0.00224EPSS
Exploits1References3
Rows per page
Query Builder