Lucene search
K

1857 matches found

Tenable Nessus
Tenable Nessus
added 6 days ago9 views

Curl 8.15.0 < 8.21.0 SASL Double-Free

The version of curl installed on the remote host is 8.15.0 prior to 8.21.0. It is, therefore, affected by a double-free vulnerability: - The curl logic that works with SASL authentication could end up cleaning up the GSASL context twice without clearing the pointer in between, making it free the...

5.8AI score
Exploits0References2
NVD
NVD
added 2026/06/23 1:16 p.m.11 views

CVE-2026-10711

Missing authentication for critical function vulnerability in AKIN Software Computer Import Export Industry and Trade Ltd. CafePlus allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects CafePlus: from 12.05.03 before 12.05.04...

8.8CVSS0.00228EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/22 2:37 a.m.31 views

CVE-2026-11748

A vulnerability has been identified in centraldogma-server-auth-shiro versions prior to 0.84.0, where the SearchFirstActiveDirectoryRealm substitutes the login username into an LDAP search filter without neutralizing LDAP filter metacharacters, allowing an unauthenticated attacker to manipulate t...

6.9CVSS0.00386EPSS
Exploits0References1
OSV
OSV
added 2026/06/17 8:17 p.m.13 views

UBUNTU-CVE-2026-55199

libssh2 through 1.11.1, fixed in commit 1762685, contains a pre-authentication denial of service vulnerability in the SSHMSGEXTINFO handler in src/packet.c that allows a malicious SSH server to cause a client CPU exhaustion loop by sending a crafted extension count value. A malicious server can s...

8.2CVSS7.1AI score0.00408EPSS
Exploits1References4
NVD
NVD
added 2026/06/15 9:16 p.m.7 views

CVE-2026-40785

Subscriber Broken Authentication in AutomatorWP = 5.6.7 versions...

7.1CVSS0.00385EPSS
Exploits0References1
OSV
OSV
added 2026/06/15 8:16 p.m.6 views

GHSA-WQP7-X3PW-XC5R Starlette: SSRF and NTLM credential theft via UNC paths in StaticFiles on Windows

Summary When serving static files on Windows, StaticFiles resolves the requested path with os.path.realpath. If a UNC path such as \attacker.com\share reaches the resolver, realpath causes the process to open a connection to the remote host over SMB port 445. This is a server-side request forgery...

7.5CVSS5.6AI score0.00368EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/14 12:0 a.m.7 views

SUSE SLES15 Security Update : tomcat11 (SUSE-SU-2026:2374-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2374-1 advisory. This update for tomcat11 fixes the following issues Update to Tomcat 11.0.22: - CVE-2026-41284: Unbounded read in WebDAV LOCK and...

9.8CVSS6.7AI score0.01339EPSS
Exploits2References22
Tenable Nessus
Tenable Nessus
added 2026/06/14 12:0 a.m.9 views

SUSE SLES15 Security Update : tomcat10 (SUSE-SU-2026:2377-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2377-1 advisory. This update for tomcat10 fixes the following issues Update to Tomcat 10.1.55: - CVE-2026-41284: Unbounded read in WebDAV LOCK and...

9.8CVSS6.7AI score0.01339EPSS
Exploits2References22
EUVD
EUVD
added 2026/06/12 8:23 p.m.7 views

EUVD-2026-36586

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, a flaw in how replies to whisper posts are handled allows authenticated users outside the groups configured in...

5.4CVSS5.3AI score0.00148EPSS
Exploits0References1
OSV
OSV
added 2026/06/12 9:14 a.m.10 views

SUSE-SU-2026:2383-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP4 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2026-31405: media: dvb-net: fix OOB access in ULE extension header tables bsc1261700. - CVE-2026-31629: nfc: llcp: add missing return after LLCPCLOSED checks...

9.8CVSS5.1AI score0.00563EPSS
Exploits5References27
NVD
NVD
added 2026/06/09 5:17 p.m.10 views

CVE-2026-9212

Insufficient authentication and input validation in the listed NETGEAR models allow users connected to the local network to execute commands impacting the product's confidentiality or change certain configurations...

8.3CVSS0.0027EPSS
Exploits0References24
Tenable Nessus
Tenable Nessus
added 2026/06/03 12:0 a.m.12 views

RockyLinux 9 : postgresql-jdbc (RLSA-2026:22304)

The remote RockyLinux 9 host has a package installed that is affected by a vulnerability as referenced in the RLSA-2026:22304 advisory. jdbc.postgresql.org: pgjdbc: Client-side Denial of Service via malicious SCRAM-SHA-256 authentication CVE-2026-42198 Tenable has extracted the preceding...

7.5CVSS7.2AI score0.0077EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.12 views

PT-2026-45530

Name of the Vulnerable Software and Affected Versions Nextcloud versions 5.5.13 through 5.5.16 Nextcloud versions 6.2.0 through 6.2.2 Description An authenticated user can enumerate other users on the same instance. This is possible because sharing restrictions were not effectively applied to the...

4.3CVSS5.8AI score0.00281EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.16 views

SUSE SLED15 / SLES15 Security Update : samba (SUSE-SU-2026:2076-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2076-1 advisory. This update for samba fixes the following issues Security issues: - CVE-2026-1933: Missing access check on...

9.8CVSS5.8AI score0.12797EPSS
Exploits7References22
Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.13 views

Alibaba Cloud Linux 3 : 0137: nginx (ALINUX3-SA-2026:0137)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2026:0137 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2022-41741: NGINX Open Source before...

8.8CVSS8.5AI score0.21621EPSS
Exploits2References7
CNNVD
CNNVD
added 2026/05/24 12:0 a.m.7 views

JeecgBoot 授权问题漏洞

JeecgBoot is a Java low-code platform developed by Jeecg Corporation, designed for enterprise web applications. Version 3.9.1 of JeecgBoot contains an authorization vulnerability. This vulnerability stems from an unknown handling of files in the OpenAPI Endpoint component, which may lead to...

6.3CVSS5.8AI score0.00357EPSS
Exploits0References3
OSV
OSV
added 2026/05/23 12:18 a.m.6 views

GHSA-HVV7-HFRH-7GXJ Nezha Monitoring: Nezha WebSocket server stream discloses cross-tenant server telemetry to authenticated members

Summary Any authenticated non-admin member can connect to the server-status WebSocket and receive telemetry for all servers, including servers owned by other users. The normal server list API filters objects by HasPermission, but the WebSocket stream treats the presence of any authenticated user ...

6.5CVSS5.8AI score0.0027EPSS
Exploits0References3
NVD
NVD
added 2026/05/20 4:16 p.m.20 views

CVE-2026-9084

MISP’s OIDC authentication plugin allowed automatic linking of an OIDC identity to an existing local user account based on the email claim when the local account had no stored sub value. Under insecure or untrusted IdP configurations where email ownership is not enforced, an attacker with a valid...

6CVSS0.00182EPSS
Exploits0References1
SUSE Linux
SUSE Linux
added 2026/05/15 3:22 p.m.10 views

Security update for firewalld

This update for firewalld fixes the following issue: CVE-2026-4948: local unprivileged users can modify the runtime firewall state without proper authentication due to D-Bus setter mis-authorizations bsc1260903. Patch Instructions: To install this SUSE update use the SUSE recommended installation...

6.8CVSS5.8AI score0.00118EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/13 2:12 p.m.9 views

CVE-2026-39455 BIG-IP Configuration utility vulnerability

When the BIG-IP Configuration utility is configured to use Lightweight Directory Access Protocol LDAP authentication, undisclosed traffic can cause the httpd process to exhaust the available file descriptors. Note: Software versions which have reached End of Technical Support EoTS are not...

8.7CVSS5.8AI score0.003EPSS
Exploits0References1
Rows per page
Query Builder