Lucene search
K

102810 matches found

Debian CVE
Debian CVE
added 2026/06/14 3:49 a.m.9 views

CVE-2026-54421

In OpenStack Ironic before 37.0.1, when applying a PATCH to update fields in volume properties the user is authorized for, Ironic can return unredacted sensitive information such as iSCSI credentials. The PATCH outcome is a security issue; the POST outcome is not a security issue...

6.8CVSS5.3AI score0.00291EPSS
Exploits0
GithubExploit
GithubExploit
added 2026/06/12 9:37 p.m.65 views

ember

🔥 Ember AI systems burn brightly but hide their secrets. Em...

5.3AI score
Exploits0
Github Security Blog
Github Security Blog
added 2026/06/12 9:2 p.m.15 views

ConnectBot SSH Client Library: Excessive allocation and integer overflow in DER private-key parsing

Summary The DER parser used for application-supplied private keys did not safely validate encoded length values before converting them to Int values or allocating arrays. A malformed private-key file could encode a length that overflowed or wrapped around, or request an allocation much larger tha...

5.4AI score
Exploits0References3Affected Software1
NVD
NVD
added 2026/06/12 8:16 p.m.13 views

CVE-2026-42890

Actual is an open-source personal finance application. In the macOS desktop application version 25.x built on Electron 39.2.7, the ELECTRONRUNASNODE fuse is not disabled, allowing an attacker who can place a file on disk or control command-line arguments to invoke the signed Actual.app binary wit...

4.8CVSS0.00126EPSS
Exploits0References2
NVD
NVD
added 2026/06/12 7:16 p.m.10 views

CVE-2026-47248

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.78 and 9.9.1-alpha.2, Parse Server's GraphQL endpoint discloses schema metadata to unauthenticated callers through Did you mean ...? suggestions embedded in GraphQL...

6.9CVSS0.00291EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/06/12 2:55 p.m.9 views

CVE-2026-50020

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, before reading the first request-line, HttpObjectDecoder skips every byte for which Character.isISOControlb is true 0x00–0x1F and 0x7F as well as all...

5.3CVSS5.3AI score0.00232EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/06/12 2:45 p.m.9 views

CVE-2026-48748

Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, a memory exhaustion vulnerability in the Netty HTTP/3 codec allows the creation of an infinite number of blocked streams, which can cause OOM error. Version 4.2.15.Final patche...

7.5CVSS5.3AI score0.00366EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/06/12 2:16 p.m.9 views

CVE-2026-45673

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's DNS resolver uses a predictable PRNG for generating DNS transaction IDs and defaults to a static UDP source port. This combination reduces the entrop...

6.8CVSS5.2AI score0.00256EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/06/12 2:12 p.m.9 views

CVE-2026-45536

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, nettyunixsocketrecvFd sets msgcontrol to char controlCMSGSPACEsizeofint line 940 — 24 bytes on 64-bit Linux. A peer-sent SCMRIGHTS cmsg carrying two ints has...

4CVSS5.3AI score0.00136EPSS
Exploits0
EUVD
EUVD
added 2026/06/12 2:5 p.m.11 views

EUVD-2026-36434

The Yarbo Android and iOS applications contain hard-coded MQTT broker credentials that are identical for all users and all devices. These credentials are embedded in the application binary and are readily extractable via APK decompilation. The credentials provide access to cloud MQTT brokers...

9.8CVSS5.2AI score0.00353EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/12 8:0 a.m.6 views

CVE-2026-11535

An unauthorized access vulnerability exists in the PcSuite APP. The vulnerability can be exploited by attackers to Unauthorized access to the victim’s device...

9.4CVSS5.3AI score0.00151EPSS
Exploits0References1
NCSC
NCSC
added 2026/06/12 7:45 a.m.11 views

Vulnerabilities hidden in Fortinet FortiPortal

Fortinet identified a vulnerability in FortiPortal versions 7.0 through 7.4.7. The vulnerability relates to the FortiPortal API endpoints, where an external attacker with organizational user privileges could access sensitive network configuration data through specially crafted HTTP requests. Thes...

6.5CVSS5.4AI score0.00201EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/06/12 3:47 a.m.67 views

ethical-hacking-security-labs

Ethical Hacking & Network Security Lab Portfolio A hands-on...

10CVSS8AI score0.96184EPSS
Exploits30
GithubExploit
GithubExploit
added 2026/06/12 2:44 a.m.62 views

websec-skills

websec-skills Web Security Vulnerability Testing Skills Set,...

5.5AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.12 views

PT-2026-49068

Name of the Vulnerable Software and Affected Versions File Browser versions prior to 2.63.7 Description An authenticated user can create a public share for an arbitrary path that does not yet exist. The system stores the share record without verifying the file's existence. Consequently, if a file...

8.4CVSS6AI score0.00175EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.15 views

EulerOS Virtualization 2.13.1 : binutils (EulerOS-SA-2026-2367)

According to the versions of the binutils packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in GNU Binutils. This heap-based buffer overflow vulnerability, specifically an out-of- bounds read in the bfd...

7.5CVSS6.3AI score0.00256EPSS
Exploits3References6
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.13 views

SAP NetWeaver AS Java Apache Log4j Vulnerability (3726899)

The version of SAP NetWeaver Application Server Java detected on the remote host is affected by a vulnerability in the Apache Log4j library as referenced in SAP Security Note 3726899: - The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname...

6.3CVSS6.1AI score0.00743EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.10 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Mistral vulnerability (USN-8422-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8422-1 advisory. Eduardo Gonzalez Gutierrez and Arnaud Morin discovered that Mistral did not properly enforce access policies on some API endpoints...

9.9CVSS6.1AI score0.00733EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.14 views

SAP NetWeaver AS Java Directory Traversal (3727078)

The version of SAP NetWeaver Application Server Java detected on the remote host is affected by a directory traversal vulnerability as referenced in SAP Security Note 3727078: - SAP NetWeaver Application Server Java Web Container allows an unauthenticated attacker to craft a malicious HTTP logon...

9CVSS5.4AI score0.00454EPSS
Exploits0References2
NVD
NVD
added 2026/06/11 8:16 p.m.14 views

CVE-2026-49949

CodexBar before 0.33.0 contains a credential forwarding vulnerability that allows network-adjacent attackers to intercept sensitive credentials by issuing cross-origin or HTTP-downgrade redirects to the shared ProviderHTTPClient transport. Attackers can redirect credentialed provider requests...

6CVSS0.00253EPSS
Exploits0References4
Rows per page
Query Builder