Lucene search
K

192404 matches found

Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.8 views

PT-2026-28671

Name of the Vulnerable Software and Affected Versions code-projects Simple Laundry System version 1.0 Description A security flaw exists in code-projects Simple Laundry System 1.0. The issue affects an unknown function within the file /modstaffinfo.php of the Parameter Handler component...

7.5CVSS5.8AI score0.00393EPSS
Exploits1References9
UbuntuCve
UbuntuCve
added 2026/03/27 12:0 a.m.3 views

CVE-2026-27855

Dovecot OTP authentication is vulnerable to replay attack under specific conditions. If auth cache is enabled, and username is altered in passdb, then OTP credentials can be cached so that same OTP reply is valid. An attacker able to observe an OTP exchange is able to log in as the user. If...

6.8CVSS5.8AI score0.00338EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.4 views

PT-2026-28585

Name of the Vulnerable Software and Affected Versions WeGIA versions prior to 3.6.7 Description WeGIA is a web manager for charitable institutions. Versions prior to 3.6.7 contain a flaw in the html/socio/sistema/deletar tag.php file. This file utilizes the extract$ REQUEST function on line 14, a...

8.8CVSS5.9AI score0.00392EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.4 views

PT-2026-28278

Wazuh Manager authd service in wazuh-manager packages through version 4.7.3 contains an improper restriction of client-initiated SSL/TLS renegotiation vulnerability that allows remote attackers to cause a denial of service by sending excessive renegotiation requests. Attackers can exploit the lac...

6.9CVSS5.9AI score0.00497EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.6 views

PT-2026-28460

Name of the Vulnerable Software and Affected Versions wazuh-manager versions prior to 4.7.4 Description The authd service in Wazuh Manager contains an improper restriction of client-initiated SSL/TLS renegotiation. This allows remote attackers to cause a denial of service by sending excessive...

7.5CVSS5.8AI score0.00422EPSS
Exploits0References5
Amazon
Amazon
added 2026/03/27 12:0 a.m.8 views

Medium: lcms2

Issue Overview: A heap buffer overflow vulnerability has been identified in thesmooth2 in cmsgamma.c in lcms2-2.16 which allows a remote attacker to cause a denial of service. NOTE: the Supplier disputes this because "this is not exploitable as this function is never called on normal color...

7.5CVSS6AI score0.00844EPSS
Exploits0
CVE
CVE
added 2026/03/27 12:0 a.m.7 views

CVE-2026-30569

CVE-2026-30569 affects SourceCodester Sales and Inventory System 1.0. The flaw is a reflected XSS in view_stock_availability.php triggered through the limit parameter, with the app failing to sanitize input. This enables an attacker to inject arbitrary script/HTML via a crafted URL. CVSSv3.1 base...

6.1CVSS6AI score0.00266EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.13 views

VMware Spring AI 安全漏洞

VMware Spring AI is a development framework by the American company VMware, which integrates artificial intelligence and large language model capabilities within the Spring ecosystem. Versions of VMware Spring AI prior to 1.0.5 and 1.1.4 contained security vulnerabilities. These vulnerabilities...

9.8CVSS5.8AI score0.00821EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/03/27 12:0 a.m.2 views

CVE-2025-59031

Dovecot has provided a script to use for attachment to text conversion. This script unsafely handles zip-style attachments. Attacker can use specially crafted OOXML documents to cause unintended files on the system to be indexed and subsequently ending up in FTS indexes. Do not use the provided...

4.3CVSS5.8AI score0.00283EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2026/03/27 12:0 a.m.7 views

strongSwan CVE-2026-25075 Vulnerability Assessment Tool

This tool allows you to safely detect whether a strongSwan VPN server is vulnerable to CVE-2026-25075 without causing any disruption. CVE-2026-25075 is an integer underflow vulnerability in strongSwan's EAP-TTLS plugin that allows remote, unauthenticated attackers to crash the IKE daemon through ...

8.7CVSS5.9AI score0.01013EPSS
Exploits2
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.8 views

SourceCodester Inventory System 跨站脚本漏洞

The SourceCodester Inventory System is an open-source inventory system developed by SourceCodester. Version 1.0 of the SourceCodester Inventory System has a cross-site scripting vulnerability. This vulnerability stems from improper cleaning of the limit parameter in the viewsales.php file. It is...

6.1CVSS5.8AI score0.00266EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.11 views

Open-Xchange OX Dovecot Pro 安全漏洞

Open-Xchange OX Dovecot Pro is a mail storage and delivery system provided by the German company Open-Xchange. Open-Xchange OX Dovecot Pro has a security vulnerability that can be exploited under certain conditions, leading to a replay attack, which may allow attackers to log in as users...

6.8CVSS5.8AI score0.00338EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2026/03/27 12:0 a.m.4 views

CVE-2026-27856

Doveadm credentials are verified using direct comparison which is susceptible to timing oracle attack. An attacker can use this to determine the configured credentials. Figuring out the credential will lead into full access to the affected component. Limit access to the doveadm http service port,...

7.4CVSS5.9AI score0.00392EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.8 views

Digital Bazaar Forge 数据伪造问题漏洞

Digital Bazaar Forge is a native implementation of TLS in JavaScript by the American company Digital Bazaar, and it is an open-source tool used for developing encrypted and network-intensive web applications. Versions of Digital Bazaar Forge prior to 1.4.0 had a data manipulation vulnerability...

7.5CVSS5.7AI score0.00339EPSS
Exploits0References4
OSV
OSV
added 2026/03/27 12:0 a.m.3 views

UBUNTU-CVE-2026-27860

If authusernamechars is empty, it is possible to inject arbitrary LDAP filter to Dovecot's LDAP authentication. This leads to potentially bypassing restrictions and allows probing of LDAP structure. Do not clear out authusernamechars, or install fixed version. No publicly available exploits are...

5.3CVSS5.9AI score0.00286EPSS
Exploits1References3
Redos
Redos
added 2026/03/27 12:0 a.m.4 views

ROS-20260327-73-0006

A vulnerability in the Golang programming language is related to unrestricted resource allocation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

7.5CVSS7.1AI score0.01945EPSS
Exploits0
OSV
OSV
added 2026/03/27 12:0 a.m.4 views

UBUNTU-CVE-2026-27856

Doveadm credentials are verified using direct comparison which is susceptible to timing oracle attack. An attacker can use this to determine the configured credentials. Figuring out the credential will lead into full access to the affected component. Limit access to the doveadm http service port,...

7.4CVSS5.8AI score0.00392EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/03/27 12:0 a.m.5 views

Aqua Security Trivy 0.69.4 Supply Chain Compromise (GHSA-69fq-xp46-6x23)

The version of Aqua Security Trivy installed on the remote host is 0.69.4. This version was published by a threat actor using compromised credentials as part of a supply chain attack. The malicious release contains credential-stealing malware designed to exfiltrate secrets such as SSH keys, cloud...

9.4CVSS6.1AI score0.60368EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2026/03/27 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-33898

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incus is a system container and virtual machine manager. Prior to version 6.23.0, the web server spawned by incus webui incorrectly validates the authentication...

8.8CVSS5.9AI score0.00347EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/03/27 12:0 a.m.2 views

SUSE SLES12: tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc (SUSE-SU-2026:1058-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1058-1 advisory. Update to Tomcat 9.0.115: - CVE-2025-48989: HTTP/2 protocol including DNS over HTTPS is vulnerable to 'MadeYouReset' DoS attack bsc1243895. -...

10CVSS7.1AI score0.99999EPSS
Exploits107References94
Rows per page
Query Builder