Lucene search
K

1452 matches found

NVD
NVD
added 4 days ago7 views

CVE-2026-57215

RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, RabbitMQ allows foreign bindings to amq.rabbitmq.reply-to destinations because volatile direct-reply-to queues can be accepted at bind and route time but are missing from Khepri-backed deletion checks,...

8.8CVSS0.00245EPSS
Exploits1References6
CVE
CVE
added 4 days ago12 views

CVE-2026-57215

RabbitMQ vulnerability CVE-2026-57215 affects the broker’s binding logic for amq.rabbitmq.reply-to destinations. Before fixes, volatile direct-reply-to queues could be bound and routed even if not properly checked by Khepri-backed deletion checks, leaving persistent route entries after unbind. Af...

8.8CVSS6.1AI score0.00245EPSS
Exploits1References6Affected Software1
NVD
NVD
added 6 days ago6 views

CVE-2026-54782

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF SAML 1.1 and SAML 2.0 token validation does not correctly resolve the issuer signing key or require signed tokens when IdentityConfiguration is used with federated binding...

10CVSS0.00246EPSS
Exploits0References6
Cvelist
Cvelist
added 6 days ago34 views

CVE-2026-54782 CoreWCF: Authentication bypass in CoreWCF SAML 1.1 / 2.0 token signature validation

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF SAML 1.1 and SAML 2.0 token validation does not correctly resolve the issuer signing key or require signed tokens when IdentityConfiguration is used with federated binding...

10CVSS0.00246EPSS
Exploits0References6
Fedora
Fedora
added 6 days ago24 views

[SECURITY] Fedora 43 Update: python-pillow-jxl-plugin-1.3.7-2.fc43

Pillow plugin for JPEG-XL, using Rust for bindings...

5.9AI score
Exploits0
Fedora
Fedora
added 6 days ago17 views

[SECURITY] Fedora 43 Update: python-cramjam-2.11.0-12.fc43

Thin Python bindings to de/compression algorithms in Rust...

5.9AI score
Exploits0
Fedora
Fedora
added 6 days ago15 views

[SECURITY] Fedora 44 Update: python-pillow-jxl-plugin-1.3.7-2.fc44

Pillow plugin for JPEG-XL, using Rust for bindings...

5.9AI score
Exploits0
Fedora
Fedora
added 6 days ago13 views

[SECURITY] Fedora 44 Update: python-cramjam-2.11.0-12.fc44

Thin Python bindings to de/compression algorithms in Rust...

5.9AI score
Exploits0
Fedora
Fedora
added 2026/07/06 2:55 p.m.15 views

[SECURITY] Fedora 44 Update: rust-gtk4-macros-0.11.4-2.fc44

Macros helpers for GTK 4 bindings...

5.9AI score
Exploits0
Fedora
Fedora
added 2026/07/06 2:55 p.m.17 views

[SECURITY] Fedora 44 Update: python-rpds-py-0.29.0-4.fc44

Python bindings to the Rust rpds crate...

5.9AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/06 1:23 p.m.9 views

Security Bulletin: Multiple Vulnerabilities in IBM Bob

Summary Multiple vulnerabilities were addressed in IBM Bob V 2.0 Vulnerability Details CVEID:CVE-2026-41676 DESCRIPTION: rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.27 to before 0.10.78, Deriver::derive and PkeyCtxRef::derive sets len = buf.len and passes it...

9.8CVSS7.8AI score0.00412EPSS
Exploits1Affected Software1
SUSE CVE
SUSE CVE
added 2026/07/03 3:16 a.m.8 views

SUSE CVE-2026-41676

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.27 to before 0.10.78, Deriver::derive and PkeyCtxRef::derive sets len = buf.len and passes it as the in/out length to EVPPKEYderive, relying on OpenSSL to honor it. On OpenSSL 1.1.x, X25519, X448, DH and HKDF-extra...

6.5CVSS6AI score0.00298EPSS
Exploits0References13
EUVD
EUVD
added 2026/07/01 12:34 a.m.7 views

EUVD-2026-40429

Capgo before 12.128.2 allows org admins to assign org-scoped RBAC roles at app scope without validating role scope compatibility, including to pending invitees. Attackers can pre-seed malformed high-privilege bindings that survive invite acceptance, enabling accepted low-privilege users to perfor...

8.8CVSS5.8AI score0.00303EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/01 12:34 a.m.8 views

EUVD-2026-40627

Capgo before 12.128.2 contains a NULL-auth bypass vulnerability in the public.getorguseraccessrbac function that allows unauthenticated attackers to retrieve RBAC role bindings and member email addresses. Attackers can exploit improper NULL comparison in the authorization gate to disclose...

8.7CVSS5.7AI score0.00341EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/30 10:8 p.m.6 views

CVE-2026-56247

Capgo before 12.128.2 allows org admins to assign org-scoped RBAC roles at app scope without validating role scope compatibility, including to pending invitees. Attackers can pre-seed malformed high-privilege bindings that survive invite acceptance, enabling accepted low-privilege users to perfor...

8.8CVSS5.8AI score0.00303EPSS
Exploits0References3
CVE
CVE
added 2026/06/30 10:8 p.m.19 views

CVE-2026-56247

Capgo prior to version 12.128.2 contains a privilege-escalation flaw where org admins can assign org-scoped RBAC roles at the app scope without validating role-scope compatibility, including assignments to pending invitees . Attackers can pre-seed malformed high-privilege bindings that survive in...

8.8CVSS5.8AI score0.00303EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/30 10:8 p.m.23 views

CVE-2026-56219 Capgo - Unauthenticated RBAC Bindings and Email Disclosure via get_org_user_access_rbac NULL-auth Bypass

Capgo before 12.128.2 contains a NULL-auth bypass vulnerability in the public.getorguseraccessrbac function that allows unauthenticated attackers to retrieve RBAC role bindings and member email addresses. Attackers can exploit improper NULL comparison in the authorization gate to disclose...

8.7CVSS0.00341EPSS
Exploits0References2
CVE
CVE
added 2026/06/30 10:8 p.m.11 views

CVE-2026-56219

Capgo before 12.128.2 contains a NULL-auth bypass in public.get_org_user_access_rbac that allows unauthenticated attackers to disclose RBAC role bindings and member email addresses. The issue arises from improper NULL comparison in the authorization gate, enabling disclosure of organization membe...

8.7CVSS5.7AI score0.00341EPSS
Exploits0References2
OSV
OSV
added 2026/06/29 5:48 a.m.5 views

BIT-NODE-MIN-2026-48930

A flaw in Node.js TLS hostname handling can cause Embedded-nul hostnames can lead to silent authority rebinding due to c-string truncation in resolver bindings. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

9.8CVSS7.1AI score0.00405EPSS
Exploits0References2
OSV
OSV
added 2026/06/29 5:48 a.m.5 views

BIT-NODE-2026-48930

A flaw in Node.js TLS hostname handling can cause Embedded-nul hostnames can lead to silent authority rebinding due to c-string truncation in resolver bindings. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

9.8CVSS7.1AI score0.00405EPSS
Exploits0References2
Rows per page
Query Builder