Lucene search
K

91 matches found

EUVD
EUVD
added 2026/06/10 6:8 a.m.9 views

EUVD-2026-35989

A vulnerability has been found in some Dahua products could allow an authenticated remote attacker to send a specially crafted packet, triggering an exception that causes the system to reboot unexpectedly, resulting in a denial of service...

6.9CVSS5.4AI score0.00362EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 12:31 a.m.9 views

EUVD-2026-35907

Spring Data REST serializes the full exception cause chain into HTTP error response bodies, potentially exposing persistence-layer internals to HTTP clients. Affected versions: Spring Data REST 3.7.0 through 3.7.19; 4.3.0 through 4.3.16; 4.4.0 through 4.4.14; 4.5.0 through 4.5.11; 5.0.0 through...

5.3CVSS5.5AI score0.00197EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/09 11:49 p.m.7 views

CVE-2026-41730 Spring Data REST exposes persistence-layer internals in error responses

Spring Data REST serializes the full exception cause chain into HTTP error response bodies, potentially exposing persistence-layer internals to HTTP clients. Affected versions: Spring Data REST 3.7.0 through 3.7.19; 4.3.0 through 4.3.16; 4.4.0 through 4.4.14; 4.5.0 through 4.5.11; 5.0.0 through...

5.3CVSS5.5AI score0.00197EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 11:49 p.m.19 views

CVE-2026-41730

Spring Data REST is the affected component. The CVE describes that it serializes the full exception cause chain into HTTP error response bodies, potentially exposing persistence‑layer internals to HTTP clients. Affected versions include Spring Data REST 3.7.0–3.7.19; 4.3.0–4.3.16; 4.4.0–4.4.14; 4...

5.3CVSS5.5AI score0.00197EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/30 2:7 p.m.3 views

CVE-2026-28527

BlueKitchen BTstack versions prior to 1.8.1 contain an out-of-bounds read vulnerability in the AVRCP Controller GETPLAYERAPPLICATIONSETTINGATTRIBUTETEXT and GETPLAYERAPPLICATIONSETTINGVALUETEXT handlers that allows nearby attackers to read beyond packet boundaries. Attackers can establish a paire...

3.5CVSS5.9AI score0.00157EPSS
Exploits0References3
OSV
OSV
added 2026/03/01 12:0 a.m.8 views

ASB-A-483074618

In multiple locations, there is a possible way to access unexpected data due to multiple causes. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.1CVSS6.1AI score0.00165EPSS
Exploits2References2
HackRead
HackRead
added 2026/02/23 10:50 p.m.6 views

Data Breaches in 2026: What’s old, what’s new?

Data breaches in 2026 explained, new cyber threats, AI driven attacks, common breach causes, and practical security strategies for individuals and businesses...

5.5AI score
Exploits0
MSRC
MSRC
added 2026/02/09 12:0 a.m.8 views

Fixing the script: Journey to reduce XSS exposure

Cross‑site scripting XSS remains one of the most frequently reported web vulnerabilities—not because developers are unaware of it, but because many deployed mitigations address symptoms rather than root causes. Across vulnerability reports and incident response investigations, both within Microso...

5.5AI score
Exploits0
CNNVD
CNNVD
added 2026/01/16 12:0 a.m.8 views

SmartSoft SmartFTP Client security vulnerabilities

SmartSoft SmartFTP Client is a file transfer software client developed by SmartSoft Corporation. Version 10.0.2909.0 of SmartSoft SmartFTP Client contains security vulnerabilities. These vulnerabilities stem from multiple denial-of-service vulnerabilities, which may lead to the application crashi...

7.5CVSS5.8AI score0.00467EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/01/15 12:0 a.m.6 views

Celestial AbsoluteTelnet Buffer Error Vulnerability

Celestial AbsoluteTelnet is a Telnet/SSH terminal client software developed by the American company Celestial. Version 11.24 of Celestial AbsoluteTelnet contains a buffer error vulnerability. This vulnerability stems from manipulating the username and error report fields, which could allow local...

6.7CVSS6AI score0.00174EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/01/09 12:40 p.m.10 views

CVE-2023-43502

A cross-site request forgery CSRF vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to delete Failure Causes...

4.3CVSS6.7AI score0.00339EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2025/11/12 12:0 a.m.8 views

SecTracer: A Framework for Uncovering the Root Causes of Network Intrusions Via Security Provenance

Modern enterprise networks comprise diverse and heterogeneous systems that support a wide range of services, making it challenging for administrators to track and analyze sophisticated attacks such as advanced persistent threats APTs, which often exploit multiple vectors. To address this challeng...

6.8AI score
Exploits0
NVD
NVD
added 2025/10/21 8:20 p.m.7 views

CVE-2025-53068

Vulnerability in the Oracle Solaris product of Oracle Systems component: Kernel. The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the...

6.5CVSS0.00134EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/13 12:0 a.m.7 views

Mattermost Desktop App 安全漏洞

Mattermost Desktop App is a messaging desktop application from Mattermost USA. A security vulnerability exists in Mattermost Desktop App version 5.13.0 and earlier, which originates from an unauthenticated external URL and could allow an attacker to crash the application by sending a specially...

6.5CVSS6.7AI score0.0027EPSS
Exploits0References2
Filippo.io
Filippo.io
added 2025/10/10 2:33 p.m.7 views

A Retrospective Survey of 2024/2025 Open Source Supply Chain Compromises

Lack of memory safety is such a predominant cause of security issues that we have a responsibility as professional software engineering to robustly mitigate it in security-sensitive use cases—by using memory safe languages. Similarly, I have the growing impression that software supply chain...

6.3AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/09 12:0 a.m.6 views

An AUTOSAR-Aligned Architectural Study of Vulnerabilities in Automotive SoC Software

Cooperative, Connected and Automated Mobility CCAM are complex cyber-physical systems CPS that integrate computation, communication, and control in safety-critical environments. At their core, System-on-Chip SoC platforms consolidate processing units, communication interfaces, AI accelerators, an...

6.9AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/10/07 12:0 a.m.6 views

PT-2025-46739

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's crypto/skcipher implementation related to the handling of request sizes. A change introduced by commit afddce13ce81d added the cra reqsize field in th...

4.6CVSS5.5AI score0.00517EPSS
Exploits4References389
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-3290

Malicious code in bioql PyPI...

7.1CVSS8.7AI score0.0022EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2025/09/22 12:0 a.m.4 views

Rain: Transiently Leaking Data from Public Clouds Using Old Vulnerabilities

Given their vital importance for governments and enterprises around the world, we need to trust public clouds to provide strong security guarantees even in the face of advanced attacks and hardware vulnerabilities. While transient execution vulnerabilities, such as Spectre, have been in the...

7.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/07/21 12:0 a.m.7 views

SMB Kerberos Not Working

The scan was configured to use Kerberos for Windows authentication, but Kerberos failed at least once for this host. There are many causes for Kerberos failure in a Windows environment. They include: Lack of time synchronization between the DC, scanner and target. DC or targets were not specified...

5.5AI score
Exploits0References1
Rows per page
Query Builder