Lucene search
K

423 matches found

Tenable Nessus
Tenable Nessus
added 5 days ago5 views

Podman 1.8.1 < 5.8.4 / 6.0.0 Host Environment Variable Leak (GHSA-4hq8-gpf5-8p68)

The version of Podman installed on the remote host is prior to 5.8.4 / 6.0.0. It is, therefore, affected by an information disclosure vulnerability. - Podman is a tool for managing OCI containers and pods. From 1.8.1 until 5.8.4, a container image that contains an environment variable with just a...

7.5CVSS6.2AI score0.0026EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.16 views

PT-2026-56001

Name of the Vulnerable Software and Affected Versions Genetec Security Center versions 5.14.0.0 through 5.14.178.17 Description A flaw in the authentication mechanism for video stream requests may allow an unauthenticated attacker to access live video streams. Recommendations Update Genetec...

7.5CVSS6.1AI score0.00291EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.9 views

PT-2026-55537

Name of the Vulnerable Software and Affected Versions Prospero Flow CRM versions prior to 5.5.3 Description An authorization bypass exists in the CalendarDeleteEventController app/Http/Controllers/Calendar/CalendarDeleteEventController.php via the GET '/calendar/event/delete/id' endpoint. A remot...

6.9CVSS6AI score0.00403EPSS
Exploits0References7
OSV
OSV
added 2026/06/29 11:50 a.m.7 views

PYSEC-2026-274 Apache Airflow Hive Provider vulnerable to Command Injection

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Apache Software Foundation Apache Airflow Hive Provider.This issue affects Apache Airflow Hive Provider before 5.0.0...

9.8CVSS7.3AI score0.0322EPSS
Exploits0References6
NVD
NVD
added 2026/06/25 2:16 p.m.6 views

CVE-2026-49506

Dell Wyse Management Suite, versions prior to WMS 5.5 HF1, contain an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Remote Code Execution...

7.2CVSS0.00548EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 1:28 p.m.35 views

CVE-2026-41120

CVE-2026-41120 affects Dell Wyse Management Suite prior to 5.5 HF1. The vulnerability is described as an Acceptance of Extraneous Untrusted Data With Trusted Data, enabling a low-privilege, remote attacker to potentially achieve Remote Code Execution. The connected sources indicate the fix is ava...

9.8CVSS6AI score0.00255EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/24 3:16 p.m.9 views

CVE-2026-11877

An unauthorized user can modify configuration through API calls that affects the OpenText Access Manager. This issue affects Access Manager before 5.1.3...

7.5CVSS0.00178EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/22 8:53 p.m.23 views

CVE-2026-54911 UltraJSON: Malformed/Truncated UTF-8 Accepted and Silently Rewritten in ujson.dumps()

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Prior to 5.13.0, ujson.dumps or ujson.dump or ujson.encode have a rejectbytes=False option. When set, they may accept malformed or truncated UTF-8 byte sequences, silently rewriting them into different...

6.5CVSS0.00272EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in Linux

A issue was discovered in netfilter within the Linux kernel before version 5.10. There may be a use-after-free situation in the packet processing context, as the per-CPU sequence count is mishandled during concurrent iptables rule replacements. This vulnerability could be exploited with the...

6.7CVSS6.6AI score0.00444EPSS
Exploits1References2
OSV
OSV
added 2026/06/17 10:12 p.m.2 views

CVE-2024-27928 Vantage6: 2FA can be circumvented with hacked email access

vantage6 is an open-source infrastructure for privacy preserving analysis. Prior to version 5.0.0, if an attacker hacks into a vantage6 user's email account, they can 1 reset the password via email and then 2 reset the 2FA token via email. This way they reduce 2FA to 1FA email access. Note that...

5.9CVSS5.9AI score0.00278EPSS
Exploits0References5
NVD
NVD
added 2026/06/14 8:16 a.m.17 views

CVE-2025-15546

The Iptanus File Upload WordPress plugin before 5.1.7 does not implement proper file handling when the duplicatepolicy setting is configured to "maintain both." Due to a Time-of-Check to Time-of-Use TOCTOU race condition between the file existence check and the actual file write operation, an...

5.4CVSS0.00159EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

QNAP Systems QTS和QNAP Systems QuTS hero 操作系统命令注入漏洞

QNAP Systems QTS and QNAP Systems QuTS hero are software products with data storage and management functions developed by QNAP Systems, a company based in Taiwan, China. Both products have an operating system command injection vulnerability. This vulnerability stems from command injection, which...

8.6CVSS6AI score0.01049EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.8 views

go-billy 路径遍历漏洞

Go-Billy is an open-source file system abstraction library developed by go-git. Versions of Go-Billy prior to 5.9.0 contained a path traversal vulnerability. This vulnerability stemmed from path traversal issues in multiple components. Insufficient path cleaning and boundary enforcement may lead ...

8.1CVSS5.8AI score0.0031EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 12:0 a.m.10 views

CVE-2025-67903

Northern.tech Mender Client 5 before 5.0.4 allows a Cryptographic signature verification bypass...

5.8AI score0.00183EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux, Linux 5.10

An improper update of the reference count vulnerability in the net/sched component of the Linux kernel allows a local attacker to escalate privileges to root. This issue affects Linux Kernel versions prior to 5.18, as well as version 4.14 and later versions...

7.8CVSS6.6AI score0.01039EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux

A use-after-free occurred in the function hcisockboundioctl of the Linux kernel’s HCI subsystem. This issue arises when the user calls ioct HCIUNBLOCKADDR, or when the call to hciunregisterdev triggers a race condition, along with the calls hcisockblacklistadd, hcisockblacklistdel, hcigetconninfo...

6.9CVSS6.7AI score0.0037EPSS
Exploits1References1
CVE
CVE
added 2026/05/17 12:11 p.m.19 views

CVE-2018-25324

The CVE-2018-25324 entry concerns the WordPress plugin Simple Fields versions 0.2–0.3.5, which contains a local file inclusion (LFI) flaw via the wp_abspath parameter. Unauthenticated attackers can read arbitrary files (e.g., /etc/passwd) by injecting null bytes into wp_abspath on PHP versions be...

6.9CVSS6.5AI score0.00533EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/14 3:10 a.m.15 views

EUVD-2026-30212

SOGo before 5.12.7, when PostgreSQL is used, allows SQL injection...

7.1CVSS5.9AI score0.00239EPSS
Exploits0References3
NVD
NVD
added 2026/05/12 10:16 a.m.18 views

CVE-2026-22925

A vulnerability has been identified in SIMATIC CN 4100 All versions V5.0. The affected application is susceptible to resource exhaustion when subjected to high volume of TCP SYN packets This could allow an attacker to render the service unavailable and cause denial-of-service conditions by...

8.7CVSS0.00324EPSS
Exploits0References1
NVD
NVD
added 2026/05/12 10:16 a.m.23 views

CVE-2026-22924

A vulnerability has been identified in SIMATIC CN 4100 All versions V5.0. The affected application does not properly restrict unauthenticated connections and is susceptible to resource exhaustion conditions. This could allow an attacker to disrupt normal operations or perform unauthorized actions...

9.1CVSS0.003EPSS
Exploits0References1
Rows per page
Query Builder