Lucene search
K

161467 matches found

Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.11 views

PT-2026-48635

Name of the Vulnerable Software and Affected Versions ABB Freelance versions 2013 through 2024 Description An authentication bypass issue exists in ABB Freelance due to a primary weakness. Recommendations At the moment, there is no information about a newer version that contains a fix for this...

7.1CVSS5.9AI score0.00116EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.12 views

PT-2026-48696

A remote unauthenticated attacker may be able to conduct credential-guessing attacks against user accounts in Sonatype Nexus Repository via authentication endpoints...

8.7CVSS5.5AI score0.00503EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.10 views

PT-2026-48674

IBM Langflow OSS 1.0.0 through 1.9.1 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references...

7.5CVSS5.4AI score0.00248EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.15 views

CyberArk Idira Endpoint Privilege Manager 信任管理问题漏洞

CyberArk Idira Endpoint Privilege Manager is a terminal privilege management agent developed by the American company CyberArk. Versions of CyberArk Idira Endpoint Privilege Manager prior to version 26.5 contained vulnerabilities related to trust management. These vulnerabilities stemmed from...

8.5CVSS5.4AI score0.00128EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.13 views

ClipBucket V5 SQL注入漏洞

ClipBucket V5 is a video hosting platform developed by MacWarrior’s individual developers. Versions of ClipBucket V5 prior to 5.5.3 – including version 132 – contained an SQL injection vulnerability. This vulnerability stemmed from the number parameter in the POST /actions/subtitleedit.php reques...

8.8CVSS5.6AI score0.00307EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.17 views

389 Directory Server 输入验证错误漏洞

389 Directory Server is an open-source implementation of a highly available, fully functional, reliable, and secure LDAP server. 389 Directory Server has a vulnerability related to input validation. This vulnerability stems from an integer overflow in the SASL I/O layer. In the function...

7.6CVSS6.3AI score0.00539EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.14 views

PT-2026-48628

Name of the Vulnerable Software and Affected Versions Gitea affected versions not specified Description Gitea fails to enforce OAuth2 access token scopes when a token is submitted via HTTP Basic authentication instead of a Bearer token. This occurs because the authentication process in...

8.1CVSS5.3AI score0.00043EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.18 views

IBM Langflow 安全漏洞

IBM Langflow is a visual process orchestration tool developed by the American multinational company International Business Machines IBM. Versions 1.0.0 to 1.9.1 of IBM Langflow contain security vulnerabilities. These vulnerabilities stem from insecure direct object references, which could allow...

8.1CVSS5.4AI score0.00248EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.9 views

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Tomcat vulnerabilities (USN-8417-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8417-1 advisory. It was discovered that Tomcat did not properly limit the size of WebDAV LOCK and PROPFIND request...

9.8CVSS8.2AI score0.01339EPSS
Exploits2References7
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-48108

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Russh is a Rust SSH client & server library. From version 0.34.0-beta.1 to before version 0.61.0, russh did not enforce the SSH identification-string rules as...

5.3CVSS5.6AI score0.00277EPSS
Exploits0References2
Saint
Saint
added 2026/06/11 12:0 a.m.27 views

Ivanti Sentry handleMessage authentication bypass and command execution

Added: 06/11/2026 Background Ivanti Sentry, formerly MobileIron Sentry, is an in-line gateway that manages, encrypts, and secures traffic between the mobile device and back-end enterprise systems. Problem An authentication bypass and command execution vulnerability in the handleMessage endpoint...

10CVSS6.5AI score0.98937EPSS
Exploits4
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-42189

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Russh is a Rust SSH client & server library. Prior to version 0.60.1, a pre-authentication denial-of- service vulnerability exists in the server's...

7.5CVSS5.6AI score0.00481EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.13 views

PT-2026-49052

Name of the Vulnerable Software and Affected Versions Allegra affected versions not specified Description A flaw in the downloadAttachment method allows remote attackers to execute arbitrary scripts on affected installations. This occurs due to insufficient validation of user-supplied data,...

4.6CVSS5.4AI score0.00225EPSS
Exploits0References7
Packet Storm
Packet Storm
added 2026/06/11 12:0 a.m.52 views

📄 Craft CMS 5.9.5 Missing Authorization / Authentication Bypass

This script is an assessment and exploitation framework targeting a missing authorization vulnerability in affected versions of Craft CMS that may permit unauthorized access to privileged migration functionality. Versions 5.9.5 and below are affected...

7.3CVSS5.5AI score0.00283EPSS
Exploits3
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.14 views

PT-2026-48620

Name of the Vulnerable Software and Affected Versions Spring Web Services versions 5.0.0 through 5.0.1 Spring Web Services versions 4.1.0 through 4.1.3 Spring Web Services versions 4.0.0 through 4.0.18 Spring Web Services versions 3.1.0 through 3.1.8 Description Integration paths between Spring W...

5.3CVSS5.8AI score0.00366EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-46705

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Russh is a Rust SSH client & server library. From version 0.34.0-beta.1 to before version 0.61.0, the russh server authentication path keeps internal userauth...

5.3CVSS5.6AI score0.00218EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.10 views

PT-2026-48684

Name of the Vulnerable Software and Affected Versions Traefik versions prior to 2.11.48 Traefik versions prior to 3.6.19 Traefik versions prior to 3.7.3 Description An unauthenticated attacker can bypass route-level authentication and authorization in Traefik when PathPrefix-based public routes a...

7.8CVSS5.3AI score0.00591EPSS
Exploits2References13
Cloud Foundry
Cloud Foundry
added 2026/06/11 12:0 a.m.11 views

CVE-2026-41005 - UAA accepts SAML Encrypted Assertions authentication bypass | Cloud Foundry

Severity CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H 9.0 / Critical CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H 9.5 / Critical Vendor CloudFoundry Foundation Description Cloud Foundry UAA versions v2.0.0 through v78.13.0 incorrectly treated XML encryption to the Service...

9CVSS5.4AI score0.00131EPSS
Exploits0
FreeBSD
FreeBSD
added 2026/06/11 12:0 a.m.8 views

chromium -- security fixes

Chrome Releases reports: This update includes 33 security fixes: 516496659 Critical CVE-2026-12437: Use after free in WebShare. 516947912 Critical CVE-2026-12438: Inappropriate implementation in WebView. 519728275 Critical CVE-2026-12439: Use after free in Digital Credentials. 519731619 Critical...

9.6CVSS5.5AI score0.00601EPSS
Exploits0References1
NVD
NVD
added 2026/06/10 11:16 p.m.8 views

CVE-2026-47165

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, the distributed pixel cache was originally designed to operate without a challenge–response authentication model. This has been changed in versions 6.9.13-48 an...

4.1CVSS0.00109EPSS
Exploits0References1
Rows per page
Query Builder