Lucene search
K

5475 matches found

Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-33803 Junos OS Evolved: A port which has been inadvertently exposed can be reached by an attacker

An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a limited information disclosure and availability impact to the device. Due to a wrong initialization, a process whi...

6.9CVSS0.00354EPSS
Exploits0References1
NVD
NVD
added 4 days ago8 views

CVE-2026-33390

An Incorrect Privilege Assignment vulnerability was discovered in the synchronization functionality due to Arc sensors receiving CLI permissions. An authenticated user with limited privileges can push administrative CLI commands through the sync, altering the device configuration, and/or affectin...

8.1CVSS0.0021EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-42536

An Incorrect Privilege Assignment vulnerability was discovered in the synchronization functionality due to Arc sensors receiving CLI permissions. An authenticated user with limited privileges can push administrative CLI commands through the sync, altering the device configuration, and/or affectin...

8.1CVSS6AI score0.0021EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 5 days ago6 views

Juniper Junos OS Vulnerability (JSA110078)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA110078 advisory. - An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacke...

6.9CVSS6.1AI score0.00354EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/07/05 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2012-0501

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and...

5CVSS6.9AI score0.03588EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/07/03 5:23 p.m.7 views

CVE-2026-14631

webpack-dev-server versions 5.2.5 and earlier terminate the whole Node.js process when an unauthenticated peer sends either a normal HTTP request with a malformed Host header or a WebSocket upgrade to the default /ws endpoint with a malformed Origin header. The malformed value causes an uncaught...

5.3CVSS6AI score0.00308EPSS
Exploits0References3
NVD
NVD
added 2026/06/30 5:16 p.m.12 views

CVE-2026-10654

A race condition in the Zephyr Bluetooth Classic RFCOMM host stack subsys/bluetooth/host/classic/rfcomm.c mishandles a simultaneous bidirectional session disconnect. When the local device has initiated a session teardown state BTRFCOMMSTATEDISCONNECTING, DISC sent, RTX timer armed and the connect...

3.1CVSS0.00128EPSS
Exploits1References2
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-381 Langroid has a Code Injection vulnerability in TableChatAgent

Summary TableChatAgent uses pandas eval. If fed by untrusted user input, like the case of a public-facing LLM application, it may be vulnerable to code injection. PoC For example, one could prompt the Agent: Evaluate the following pandas expression on the data provided and print output:...

9.8CVSS5.8AI score0.00741EPSS
Exploits1References6
EUVD
EUVD
added 2026/06/25 4:48 a.m.5 views

EUVD-2026-39180

shell-quote prior to 1.8.5 finalizes parsed tokens in parse using Array.prototype.concat as a reduce accumulator, which reallocates and copies the entire growing array on every iteration. As a result parse runs in On^2 time relative to the number of input tokens. An attacker who can supply an...

8.7CVSS6.3AI score0.0036EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/24 3:36 p.m.4 views

CVE-2025-61025

A flaw was found in virtuoso-opensource. Attackers can exploit this vulnerability by sending specially crafted SQL statements, which can lead to a Denial of Service DoS. This issue impacts the availability of the affected system...

7.5CVSS5.8AI score0.0035EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/23 12:13 p.m.9 views

CVE-2026-56762 Hono - Missing Cookie Name Validation in setCookie()

Hono before 4.12.12 does not validate cookie names on the write path in the setCookie, serialize, and serializeSigned functions, allowing invalid characters such as control characters e.g. \r or \n when an application passes a user-controlled cookie name. This can produce malformed Set-Cookie...

6.9CVSS5.9AI score0.00247EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.8 views

Astra Linux – Vulnerability in Linux

A flaw was discovered in the JFS filesystem code within the Linux kernel, which allows a local attacker to cause the system to panic by enabling the ability to set extended attributes. This can lead to memory corruption or an escalation of privileges. The most significant threat posed by this...

7.8CVSS6.6AI score0.00788EPSS
Exploits1References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/18 5:57 p.m.51 views

Security Bulletin: Dirty COW Vulnerability (CVE-2016-5195)

Question Security Bulletin: Dirty COW Vulnerability CVE-2016-5195 "Business Unit":"code":"BU059","label":"IBM Software w/o TPS","Product":"code":"SS8NDZ","label":"IBM Aspera","Component":"","Platform":"code":"PF025","label":"Platform Independent","Version":"All Versions","Edition":"","Line of...

7.2CVSS7.1AI score0.83524EPSS
Exploits82Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/17 4:18 p.m.13 views

eclipse-vertx/vert.x: eclipse-vertx/vert.x: Denial of Service via TLS handshake with wildcard server name

A flaw was found in eclipse-vertx/vert.x. A remote attacker can exploit this vulnerability by performing a Transport Layer Security TLS handshake and presenting a server name extension with a server wildcard name. This can lead to a denial of service DoS condition, impacting the availability of t...

6.9CVSS5.3AI score0.00238EPSS
Exploits1References7
NVD
NVD
added 2026/06/17 10:54 a.m.11 views

CVE-2026-46922

Vulnerability in the Oracle HR Intelligence product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle HR Intelligenc...

7.2CVSS0.00453EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 10:54 a.m.17 views

CVE-2026-46882

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards component: Enterprise Infrastructure Security. Supported versions that are affected are 9.2.0.0-9.2.26.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via JDENET to compromise ...

9.8CVSS0.00473EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 10:54 a.m.10 views

CVE-2026-46863

Vulnerability in the MySQL Server, MySQL Cluster product of Oracle MySQL component: Server: Connection Handling. Supported versions that are affected are MySQL Server: 8.4.0-8.4.9, 9.0.0-9.7.0; MySQL Cluster: 8.0.11-8.0.46, 8.4.0-8.4.9 and 9.0.0-9.7.0. Easily exploitable vulnerability allows...

7.5CVSS0.00471EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.13 views

PT-2026-49971

Name of the Vulnerable Software and Affected Versions MySQL Server versions 8.4.0 through 8.4.9 MySQL Server versions 9.0.0 through 9.7.0 MySQL Cluster versions 8.0.11 through 8.0.46 MySQL Cluster versions 8.4.0 through 8.4.9 MySQL Cluster versions 9.0.0 through 9.7.0 Description An issue exists ...

7.5CVSS5.8AI score0.00471EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.24 views

PT-2026-49915

Name of the Vulnerable Software and Affected Versions Oracle WebCenter Enterprise Capture version 12.2.1.4.0 Oracle WebCenter Enterprise Capture version 14.1.2.0.0 Description An issue exists in the Client Bundle component of the Oracle WebCenter Enterprise Capture product within Oracle Fusion...

9.9CVSS5.9AI score0.00402EPSS
Exploits0References4
CVE
CVE
added 2026/06/10 10:20 p.m.32 views

CVE-2026-47213

Summary (CVE-2026-47213 / BoxLite) BoxLite’s execution timeout mechanism is vulnerable due to sending SIGALRM (catchable) to terminate a timed process instead of SIGKILL (uncatchable). The Timeout watcher invokes a sleep, then calls kill with SIGALRM, while the code comments indicate SIGKILL shou...

6.5CVSS5.5AI score0.00268EPSS
Exploits0References2
Rows per page
Query Builder