Lucene search
K

161618 matches found

Packet Storm
Packet Storm
added 2026/06/09 12:0 a.m.56 views

📄 Meta AI Information Disclosure

Meta AI has publicly accessible hosted files generated through the upload workflow that expose unsanitized object metadata through response headers. The exposed metadata contains uploader-associated information including public IP addresses and additional internal object properties. The issue...

5.5AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/09 12:0 a.m.7 views

Fedora 43 : exim (2026-71b1e9b455)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-71b1e9b455 advisory. This is an update fixing a pre-authentication information disclosure CVE-2026-48840. Tenable has extracted the preceding description block directly from the...

5.3CVSS5.5AI score0.00264EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/09 12:0 a.m.22 views

EulerOS 2.0 SP11 : cups (EulerOS-SA-2026-2199)

According to the versions of the cups packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, there is a...

7.8CVSS6.3AI score0.00502EPSS
Exploits7References8
Tenable Nessus
Tenable Nessus
added 2026/06/09 12:0 a.m.10 views

EulerOS 2.0 SP11 : curl (EulerOS-SA-2026-2238)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the...

6.5CVSS7.4AI score0.00333EPSS
Exploits2References4
Cvelist
Cvelist
added 2026/06/09 12:0 a.m.34 views

CVE-2026-36808

Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the webAuthUserInfo parameter of the formAddWebAuthUser function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

0.00309EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 12:0 a.m.34 views

CVE-2026-36807

Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the webAuthUserPwd parameter of the formAddWebAuthUser function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

0.00309EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.17 views

PT-2026-47630

A vulnerability was determined in DTStack Taier up to 1.4.0. The affected element is the function preHandle of the file taier-data-develop/src/main/java/com/dtstack/taier/develop/interceptor/LoginInterceptor.java of the component Source Connection Test Endpoint. Executing a manipulation can lead ...

7.5CVSS6.7AI score0.00401EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/06/09 12:0 a.m.8 views

EulerOS 2.0 SP11 : util-linux (EulerOS-SA-2026-2268)

According to the versions of the util-linux packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in util-linux. Improper hostname canonicalization in the login1 utility, when invoked with the -h option, can modify the...

5.3CVSS5.5AI score0.00436EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.11 views

PT-2026-47779

A flaw was found in 389 Directory Server. The SMD5 password storage plugin performs unsigned integer underflow when computing salt length from a crafted password hash shorter than 16 bytes, causing a buffer over-read that crashes the LDAP server during authentication...

4.9CVSS5.7AI score0.00282EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.12 views

OpenSSL 安全漏洞

OpenSSL is an open-source encryption library developed by the OpenSSL team that enables secure implementation of Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. This product supports various encryption algorithms, including symmetric ciphers, hash algorithms, and secure...

7.5CVSS5.4AI score0.0032EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.15 views

PT-2026-47830

Name of the Vulnerable Software and Affected Versions OpenSSL affected versions not specified Description PKCS12 file processing fails to perform sufficient input validation for files using the Password-Based Message Authentication Code 1 PBMAC1 integrity mechanism. This allows an attacker to...

9.1CVSS5.5AI score0.02719EPSS
Exploits0References99
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.11 views

PT-2026-47842

Name of the Vulnerable Software and Affected Versions OpenSSL affected versions not specified Description When using the AES-OCB cipher with the one-shot EVP Cipher interface, the application-supplied initialisation vector IV is silently discarded. This causes every message encrypted with the sam...

7.5CVSS5.6AI score0.00513EPSS
Exploits0References120
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.14 views

PT-2026-47843

Name of the Vulnerable Software and Affected Versions OpenSSL versions 3.0 through 3.3 Description The implementations of AES-SIV and AES-GCM-SIV mishandle the authentication of Additional Authenticated Data AAD when the ciphertext is empty, which allows for the forgery of such messages. In the...

7.5CVSS5.6AI score0.00513EPSS
Exploits0References118
Zero Day Initiative
Zero Day Initiative
added 2026/06/09 12:0 a.m.12 views

Progress Software Kemp LoadMaster dodelapikey Uninitialized Memory Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software Kemp LoadMaster. Authentication is required to exploit this vulnerability. The specific flaw exists within the dodelapikey method. The issue results from the lack of proper...

8.8CVSS7.8AI score0.0819EPSS
Exploits1References1
Zero Day Initiative
Zero Day Initiative
added 2026/06/09 12:0 a.m.9 views

Progress Software Kemp LoadMaster dolistapikeys Uninitialized Memory Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software Kemp LoadMaster. Authentication is required to exploit this vulnerability. The specific flaw exists within the dolistapikeys method. The issue results from the lack of proper...

7.2CVSS8.2AI score0.0819EPSS
Exploits1References1
Zero Day Initiative
Zero Day Initiative
added 2026/06/09 12:0 a.m.10 views

Progress Software Kemp LoadMaster apiuser Uninitialized Memory Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software Kemp LoadMaster. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the apiuser parameter provided to the accessv2 endpoin...

9.8CVSS7.8AI score0.0819EPSS
Exploits1References1
Snyk
Snyk
added 2026/06/09 12:0 a.m.4 views

User Impersonation

Overview org.springframework.security:spring-security-web is a package within Spring Security that provides security services for the Spring IO Platform. Affected versions of this package are vulnerable to User Impersonation via username extraction in SubjectDnX509PrincipalExtractor. An attacker...

8.1CVSS5.4AI score0.00116EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.14 views

Taier 授权问题漏洞

Taier is a distributed scheduling system open source by DTStack. It aims to reduce the costs of ETL processes, clarify complex dependencies between tasks, and lower labor costs related to submission, scheduling, and operations. Versions of Taier 1.4.0 and earlier have vulnerabilities related to...

7.5CVSS7.5AI score0.00401EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.11 views

WordPress plugin WPForms 安全漏洞

WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is a security vulnerability in the WPForms plugin. This vulnerability stems from...

5.3CVSS6AI score0.00197EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.8 views

Catalyst-Plugin-Authentication 授权问题漏洞

Catalyst-Plugin-Authentication is an open-source authentication plugin framework developed by Catalyst. Versions of Catalyst-Plugin-Authentication prior to 0.10027 contained vulnerabilities related to authorization. These vulnerabilities stemmed from the lack of automatic session ID changes after...

9.1CVSS5.3AI score0.00369EPSS
Exploits0References1
Rows per page
Query Builder