Lucene search
+L

2273 matches found

CNNVD
CNNVD
added 2026/05/11 12:0 a.m.11 views

WebDyne::Session 安全特征问题漏洞

WebDyne::Session is a server-side component developed by ASPEER’s individual developers, used for session management in web applications. Versions of WebDyne::Session 2.075 and earlier contained security vulnerabilities. These vulnerabilities stemmed from insecure session ID generation. The sessi...

6.5CVSS5.8AI score0.00304EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.7 views

PT-2026-38048

Vulnerability in Oracle Java SE component: Install. The supported version that is affected is Oracle Java SE: 8u451. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Java SE executes to compromise Oracle Java SE. Successful attacks...

7.3CVSS7.1AI score0.00245EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2026/05/05 11:58 a.m.30 views

The Back Door Attackers Know About — and Most Security Teams Still Haven’t Closed

Every AI tool, workflow automation, and productivity app your employees connected to Google or Microsoft this year left something behind: a persistent OAuth token with no expiration date, no automatic cleanup, and in most organizations, no one watching it. Your perimeter controls don't see it. Yo...

5.8AI score
Exploits0
Vulnrichment
Vulnrichment
added 2026/05/04 4:22 p.m.11 views

CVE-2026-42809 Apache Polaris: staged table creation could vend storage credentials for unvalidated locations

Apache Polaris can issue broad temporary "vended" storage credentials during staged table creation before the effective table location has been validated or durably reserved. Those temporary credentials are meant to limit the scope of accessible table data and metadata, but this scope limitation...

9.9CVSS5.8AI score0.00355EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.7 views

PT-2026-36926

Name of the Vulnerable Software and Affected Versions Boundary Community Edition versions prior to 0.21.3 Boundary Community Edition versions prior to 0.20.3 Boundary Community Edition versions prior to 0.19.5 Boundary Enterprise versions prior to 0.21.3 Boundary Enterprise versions prior to 0.20...

7.5CVSS5.8AI score0.002EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/04/30 12:0 a.m.12 views

PT-2026-36203

Name of the Vulnerable Software and Affected Versions HKUDS OpenHarness affected versions not specified Description A remote code execution issue exists in the '/bridge' slash command. Remote senders accepted by the configuration can execute arbitrary operating system commands. This occurs when t...

8.8CVSS6.6AI score0.00649EPSS
Exploits1References8
AlpineLinux
AlpineLinux
added 2026/04/24 4:54 p.m.3 views

CVE-2026-41079

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to 2.4.17, a network-adjacent attacker can send a crafted SNMP response to the CUPS SNMP backend that causes an out-of-bounds read of up to 176 bytes past a stack buffer. The leaked memory i...

5.4CVSS5.4AI score0.00409EPSS
Exploits1References3
Snyk
Snyk
added 2026/04/18 1:0 a.m.6 views

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication in the providerFlowSignIn process. An attacker can gain unauthorized access to another user's account by exploiting improper handling of email verification status from OAuth providers. This allows the attacker to...

9.8CVSS5.8AI score0.00809EPSS
Exploits1References2
NVD
NVD
added 2026/04/16 7:16 p.m.5 views

CVE-2025-43937

Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an insertion of sensitive information into log file vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able ...

6.6CVSS0.00141EPSS
Exploits0References1
NVD
NVD
added 2026/04/16 6:16 a.m.13 views

CVE-2026-22619

Eaton Intelligent Power Protector IPP is affected by insecure library loading in its executable, which could lead to arbitrary code execution by an attacker with access to the software package. This security issue has been fixed in the latest version of Eaton IPP software which is available on th...

9.9CVSS0.00324EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.8 views

PT-2026-32937

Unisys WebPerfect Image Suite versions 3.0.3960.22810 and 3.0.3960.22604 expose a deprecated .NET Remoting TCP channel that allows remote unauthenticated attackers to leak NTLMv2 machine-account hashes by supplying a Windows UNC path as a target file argument through object-unmarshalling...

7CVSS5.8AI score0.00687EPSS
Exploits1References4
CNVD
CNVD
added 2026/04/14 12:0 a.m.10 views

Huawei HarmonyOS Communication Module Memory Misreference Vulnerability (CNVD-2026-20004)

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A memory misreference vulnerability exists in the Huawei HarmonyOS communication module, which can be exploited by an attacker to cause availability to be...

7.5CVSS5.8AI score0.00133EPSS
Exploits0
EUVD
EUVD
added 2026/04/13 6:30 a.m.7 views

EUVD-2026-21860

Exposure of sensitive information in S Share prior to SMR Apr-2026 Release 1 allows adjacent attacker to access sensitive information...

6.5CVSS5.8AI score0.00163EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/13 5:9 a.m.2 views

CVE-2026-21008

Exposure of sensitive information in S Share prior to SMR Apr-2026 Release 1 allows adjacent attacker to access sensitive information...

5.1CVSS5.8AI score0.00163EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/13 5:9 a.m.34 views

CVE-2026-21008

Exposure of sensitive information in S Share prior to SMR Apr-2026 Release 1 allows adjacent attacker to access sensitive information...

5.1CVSS0.00163EPSS
Exploits0References1
CVE
CVE
added 2026/04/13 5:9 a.m.19 views

CVE-2026-21008

Technical details (affected software, root cause, exploitability, or fixes) are not provided in the supplied documents. Monitor for updates on CVE-2026-21008 as more details may be released.

6.5CVSS5.8AI score0.00163EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/12 12:28 p.m.4 views

CVE-2019-25703

ImpressCMS 1.3.11 contains a time-based blind SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'bid' parameter. Attackers can send POST requests to the admin.php endpoint with malicious 'bid' values containing SQL...

7.1CVSS6AI score0.00342EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2026/04/08 9:32 p.m.3 views

EUVD-2024-46836

The Ultimate Post Kit Addons For Elementor – Post Grid, Post Carousel, Post Slider, Category List, Post Tabs, Timeline, Post Ticker, Tag Cloud plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the Social Count Static widget in all versions up to, and...

6.4CVSS6.1AI score0.004EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/04/08 9:20 p.m.4 views

CVE-2026-5888

Uninitialized Use in WebCodecs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS8.3AI score0.00258EPSS
Exploits0
EUVD
EUVD
added 2026/04/08 6:33 p.m.6 views

EUVD-2024-33433

The Bard Extra plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the bardxtraimportxml function in all versions up to, and including, 1.2.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to...

4.3CVSS7.2AI score0.00535EPSS
Exploits0References4
Rows per page
Query Builder