Lucene search
+L

279511 matches found

nvd
nvd
added yesterday6 views

CVE-2026-59865

Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.5, kiota info read x-ms-kiota-info.languagesInformation..dependencyInstallCommand plus dependency name and version values from an OpenAPI description and presented the spec-supplied command as Kiota's recommended install command,...

9.3CVSS
Exploits0References4
nvd
nvd
added yesterday7 views

CVE-2026-45695

Kopia is a cross-platform backup tool for Windows, macOS, and Linux with fast incremental backups, client-side end-to-end encryption, compression, and data deduplication. Prior to 0.23.0, Kopia's HTTP server started with --without-password accepts unauthenticated requests to /api/v1/repo/exists a...

9.8CVSS0.00109EPSS
Exploits0References4
suse
suse
added yesterday3 views

Security update for rpcbind

This update for rpcbind fixes the following issue Fix several memory leaks and buffer overflow bsc1267212. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for your...

6.2AI score
Exploits0References2
suse
suse
added yesterday4 views

Security update for rpcbind

This update for rpcbind fixes the following issue Fix several memory leaks and buffer overflow bsc1267212. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for your...

6.2AI score
Exploits0References2
f5
f5
added yesterday4 views

K000162178: NLnet Labs Unbound vulnerability CVE-2026-40622

Security Advisory Description NLnet Labs Unbound 1.16.2 up to and including version 1.25.0 has a vulnerability of the 'ghost domain names' family of attacks that could extend the ghost domain window by up to one cached TTL configured value. Similar to other 'ghost domain names' attacks, an...

8.7CVSS6AI score0.00171EPSS
Exploits0Affected Software1
cve
cve
added yesterday79 views

CVE-2026-45695

Kopia prior to version 0.23.0 is vulnerable to unauthenticated remote command execution via SSH ProxyCommand Injection when the HTTP server runs with --without-password. An attacker can send requests to /api/v1/repo/exists, causing the server to forward attacker-supplied SFTP storage configuratio...

9.8CVSS6.1AI score0.00109EPSS
Exploits0References4
cvelist
cvelist
added yesterday14 views

CVE-2026-45695 Kopia: Unauthenticated RCE via SSH ProxyCommand Injection when --insecure --without-password is used

Kopia is a cross-platform backup tool for Windows, macOS, and Linux with fast incremental backups, client-side end-to-end encryption, compression, and data deduplication. Prior to 0.23.0, Kopia's HTTP server started with --without-password accepts unauthenticated requests to /api/v1/repo/exists a...

9.8CVSS0.00109EPSS
Exploits0References4
euvd
euvd
added yesterday4 views

EUVD-2026-44948

Kopia is a cross-platform backup tool for Windows, macOS, and Linux with fast incremental backups, client-side end-to-end encryption, compression, and data deduplication. Prior to 0.23.0, Kopia's HTTP server started with --without-password accepts unauthenticated requests to /api/v1/repo/exists a...

9.8CVSS6.1AI score0.00109EPSS
Exploits0References4
attackerkb
attackerkb
added yesterday4 views

CVE-2026-45695

Kopia is a cross-platform backup tool for Windows, macOS, and Linux with fast incremental backups, client-side end-to-end encryption, compression, and data deduplication. Prior to 0.23.0, Kopia's HTTP server started with --without-password accepts unauthenticated requests to /api/v1/repo/exists a...

9.8CVSS6.1AI score0.00109EPSS
Exploits0References5Affected Software1
vulnrichment
vulnrichment
added yesterday5 views

CVE-2026-45695 Kopia: Unauthenticated RCE via SSH ProxyCommand Injection when --insecure --without-password is used

Kopia is a cross-platform backup tool for Windows, macOS, and Linux with fast incremental backups, client-side end-to-end encryption, compression, and data deduplication. Prior to 0.23.0, Kopia's HTTP server started with --without-password accepts unauthenticated requests to /api/v1/repo/exists a...

9.8CVSS6.1AI score0.00109EPSS
Exploits0References4
thn
thn
added yesterday5 views

ThreatsDay: Game Cheat Spyware, 24-Hour Ransomware, Chrome Sync Stalking + 12 More Stories

A lot of this week’s trouble starts with something that looks close enough. A familiar repo. A useful installer. A harmless sync setting. Then the handoff goes bad, the box starts talking to someone else, and the damage moves faster than the explanation. Old bugs are back, weak defaults are earni...

9.8CVSS7.3AI score0.01045EPSS
Exploits2
ibm
ibm
added yesterday12 views

Security Bulletin: Multiple Vulnerabilities in IBM Datacap

Summary Multiple vulnerabilities were addressed in IBM Datacap version 9.1.10 released on December 19, 2025 and IBM Datacap version 9.1.9 Interim Fix 008 released on June 15, 2026 Vulnerability Details CVEID:CVE-2022-23302 DESCRIPTION: JMSSink in all versions of Log4j 1.x is vulnerable to...

9.8CVSS7.2AI score0.66537EPSS
Exploits1Affected Software1
euvd
euvd
added yesterday5 views

EUVD-2026-44933

Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.5, kiota info read x-ms-kiota-info.languagesInformation..dependencyInstallCommand plus dependency name and version values from an OpenAPI description and presented the spec-supplied command as Kiota's recommended install command,...

9.3CVSS6.2AI score
Exploits0References4
attackerkb
attackerkb
added yesterday4 views

CVE-2026-59865

Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.5, kiota info read x-ms-kiota-info.languagesInformation..dependencyInstallCommand plus dependency name and version values from an OpenAPI description and presented the spec-supplied command as Kiota's recommended install command,...

9.3CVSS6.2AI score
Exploits0References5Affected Software1
cvelist
cvelist
added yesterday14 views

CVE-2026-59865 Kiota: Command injection via x-ms-kiota-info dependencyInstallCommand surfaced by `kiota info`

Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.5, kiota info read x-ms-kiota-info.languagesInformation..dependencyInstallCommand plus dependency name and version values from an OpenAPI description and presented the spec-supplied command as Kiota's recommended install command,...

9.3CVSS
Exploits0References4
cve
cve
added yesterday5 views

CVE-2026-59865

Kiota (OpenAPI-based HTTP Client code generator) prior to version 1.32.5 is vulnerable. The issue arises in kiota info where x-ms-kiota-info.languagesInformation..dependencyInstallCommand, along with dependency name/version, could be used to present a spec-supplied command as Kiota’s recommended ...

9.3CVSS6.2AI score
Exploits0References4
redhat
redhat
added yesterday6 views

golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Unauthorized command execution via discarded SSH permissions

A flaw was found in golang.org/x/crypto/ssh. A remote attacker could exploit this vulnerability when an SSH server authentication callback returned a PartialSuccessError with non-nil permissions. This flaw caused these permissions to be silently discarded, potentially bypassing certificate...

8.8CVSS6.2AI score0.00314EPSS
Exploits0References8
redhat
redhat
added yesterday6 views

Important: Red Hat Security Advisory: Red Hat Edge Manager Version 1.1.3 Security Update

Red Hat Edge Manager Version 1.1.3 Security Update Red Hat Edge Manager RHEM provides simple, scalable, and security-focused management of edge devices and applications. It supports image-mode RHEL and container workloads that run on Podman/Docker or Kubernetes. RHEM is now available as a...

10CVSS6.9AI score0.01557EPSS
Exploits3References25
githubexploit
githubexploit
added yesterday33 views

Exploit for OS Command Injection in Apache Activemq

CVE-2026-34197 - Apache ActiveMQ Jolokia Remote Code Execution...

8.8CVSS7.3AI score0.96666EPSS
Exploits14
ossf
ossf
added yesterday4 views

Malicious code in discord-telemetry (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b8a926675ed9f43b0067def4bd625208d08a08c8750fd3c2f9f7bfd6138e3d4d During installation, the package downloads and executes a remote executable. Before 0.1.5, the code contained local-only tests of malicious behaviour. ---...

6.3AI score
Exploits0References2
Rows per page
Query Builder