Lucene search
K

61538 matches found

CVE
CVE
added 2 days ago11 views

CVE-2026-46455

CVE-2026-46455 affects Apache Camel with the camel-keycloak component. The security helper KeycloakSecurityHelper.parseAndVerifyAccessToken builds a Keycloak TokenVerifier using withChecks(...) that only enforces subject and issuer, but omits the default IS_ACTIVE check. Consequently, the verifie...

9.8CVSS6AI score0.00319EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2 days ago4 views

golang.org/x/crypto/ssh/knownhosts: golang: golang.org/x/crypto/ssh/knownhosts: Revocation bypass via unchecked SignatureKey

A flaw was found in golang.org/x/crypto/ssh/knownhosts. This vulnerability occurs because the system did not correctly check for the revocation status of a SignatureKey belonging to a Certificate Authority CA. A remote attacker could potentially exploit this by presenting a revoked key, leading t...

9.1CVSS6AI score0.00469EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2 days ago4 views

golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing

A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname for example, xn--example-.com returns example.com instead of an error. Applications that validate the ASCII form then convert to Unicode may grant acce...

9.6CVSS5.9AI score0.00478EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2 days ago4 views

golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing

A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname for example, xn--example-.com returns example.com instead of an error. Applications that validate the ASCII form then convert to Unicode may grant acce...

9.6CVSS5.9AI score0.00478EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2 days ago9 views

golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing

A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname for example, xn--example-.com returns example.com instead of an error. Applications that validate the ASCII form then convert to Unicode may grant acce...

9.6CVSS6.6AI score0.00478EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2 days ago3 views

pnpm 11.3.x < 11.5.3 Stage Download Path Traversal (CVE-2026-55700)

The version of pnpm installed on the remote host is 11.3.x prior to 11.5.3. It is, therefore, affected by a path traversal vulnerability: - From 11.3.0 until 11.5.3, pnpm stage download derived a local filename from registry-controlled package name and version fields. A crafted manifest could...

7.1CVSS6AI score0.00267EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2 days ago6 views

PT-2026-55963

Name of the Vulnerable Software and Affected Versions Pillow versions prior to 12.3.0 Description The FontFile.compile function in the PIL/FontFile.py module fails to call Image. decompression bomb check when assembling per-glyph images into a combined bitmap using Image.new"1", xsize, ysize. Thi...

7.5CVSS6AI score0.00342EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2 days ago9 views

PT-2026-56068

Name of the Vulnerable Software and Affected Versions Coder versions 2.17.0 through 2.29.6 Coder versions 2.32.0 through 2.32.6 Coder versions 2.33.0 through 2.33.7 Coder versions 2.34.0 through 2.34.1 Description The POST /api/v2/files endpoint converts zip uploads to tar in memory using the...

6.5CVSS6.4AI score
Exploits0References9
CVE
CVE
added 3 days ago10 views

CVE-2026-10657

Zephyr Project's DNS resolver contains an out-of-bounds read in the mDNS suffix check (dns_resolve_name_internal), using memcmp(strrchr(query, '.'), ".local", 7). If the final label is shorter than 7 bytes (or there is a trailing dot), the comparison may read past the NUL and fault on tight buffe...

3.7CVSS6.2AI score0.00226EPSS
Exploits0References2
NVD
NVD
added 3 days ago8 views

CVE-2026-14714

A weakness has been identified in zhayujie chatgpt-on-wechat CowAgent 2.1.0. This issue affects the function verifyserver of the file channel/wechatmp/common.py of the component wx Endpoint. This manipulation of the argument wechatmptoken causes missing authentication. The attack may be initiated...

6.9CVSS0.00453EPSS
Exploits0References7
EUVD
EUVD
added 3 days ago7 views

EUVD-2026-41708

A vulnerability was found in HdrHistogram up to 2.2.2. This issue affects the function org.HdrHistogram.DoubleHistogram.recordValue of the file src/main/java/org/HdrHistogram/DoubleHistogram.java of the component Range Check. Performing a manipulation results in incorrect comparison. The attack i...

4.8CVSS5.5AI score0.0024EPSS
Exploits0References6
CVE
CVE
added 3 days ago13 views

CVE-2026-14686

Technical details about this CVE are not publicly available in the provided documents. Monitor for updates.

4.8CVSS5.5AI score0.0024EPSS
Exploits0References6
Cvelist
Cvelist
added 3 days ago32 views

CVE-2026-14686 HdrHistogram Range Check DoubleHistogram.java org.HdrHistogram.DoubleHistogram.recordValue comparison

A vulnerability was found in HdrHistogram up to 2.2.2. This issue affects the function org.HdrHistogram.DoubleHistogram.recordValue of the file src/main/java/org/HdrHistogram/DoubleHistogram.java of the component Range Check. Performing a manipulation results in incorrect comparison. The attack i...

4.8CVSS0.0024EPSS
Exploits0References6
Debian CVE
Debian CVE
added 3 days ago3 views

CVE-2026-14686

A vulnerability was found in HdrHistogram up to 2.2.2. This issue affects the function org.HdrHistogram.DoubleHistogram.recordValue of the file src/main/java/org/HdrHistogram/DoubleHistogram.java of the component Range Check. Performing a manipulation results in incorrect comparison. The attack i...

4.8CVSS5.5AI score0.0024EPSS
Exploits0
CVE
CVE
added 4 days ago13 views

CVE-2026-14634

Summary (CVE-2026-14634) The vulnerability exists in kirilkirkov’s Ecommerce-CodeIgniter-Bootstrap (up to commit 213babdbaa949e94557246414db0130e01394517) and affects the function checkForPostRequests in the file application/core/MY_Controller.php for the Subscribed Emails Admin Page. Manipulatio...

5.3CVSS4.1AI score0.00288EPSS
Exploits0References7
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-14534 Fickling check_safety() bypass via unlisted standard library modules (_posixsubprocess, site, atexit)

Trail of Bits fickling versions up to and including 0.1.10 do not include the Python standard library modules posixsubprocess, site, and atexit in the UNSAFEIMPORTS denylist fickle.py. Because these modules are absent from the denylist, fickling's checksafety function returns LIKELYSAFE with zero...

8.8CVSS0.00328EPSS
Exploits0References4
NVD
NVD
added 4 days ago8 views

CVE-2026-12252

In nltk/nltk versions 3.9.3 and earlier, five Stanford interface classes StanfordPOSTagger, StanfordNERTagger, StanfordParser, StanfordDependencyParser, and StanfordNeuralDependencyParser are vulnerable to untrusted JAR code execution. These classes accept user-controllable JAR paths and execute...

7.8CVSS0.0015EPSS
Exploits0References1
NVD
NVD
added 5 days ago6 views

CVE-2026-58299

Time-of-check time-of-use toctou race condition in Microsoft Edge for Android allows an unauthorized attacker to execute code over a network...

7.5CVSS0.00276EPSS
Exploits0References1
NVD
NVD
added 5 days ago3 views

CVE-2026-26247

Gitea versions before 1.25.5 do not persist the OAuth2 PKCE S256 challenge method correctly during authorization, allowing token exchange without the expected verifier check...

9.1CVSS0.00166EPSS
Exploits0References4
EUVD
EUVD
added 5 days ago8 views

EUVD-2026-41572

Time-of-check time-of-use toctou race condition in Microsoft Edge for Android allows an unauthorized attacker to execute code over a network...

7.5CVSS6.1AI score0.00276EPSS
Exploits0References1
Rows per page
Query Builder