Lucene search
K

52649 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/08 7:9 p.m.7 views

CVE-2026-46484

Headplane is a feature-complete Web UI for Headscale. Prior to versions 0.6.3 and 0.7.0-beta.3, Headplane was vulnerable to a path traversal / authorization bypass in the Headscale API client used by node and user rename operations. This issue has been patched in versions 0.6.3 and 0.7.0-beta.3...

8.1CVSS5.4AI score0.00374EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/06/08 6:16 p.m.13 views

CVE-2026-8913

A command Injection vulnerability exists in the WireGuard client configuration of Archer MR600 v5 due to improper neutralization of user-controlled input within the web management interface. An authenticated attacker with administrative privileges may be able to execute arbitrary commands when...

8.5CVSS0.00907EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/08 5:21 p.m.18 views

CVE-2026-8913 Command Injection in TP-Link's Archer MR600 WireGuard Client Configuration

A command Injection vulnerability exists in the WireGuard client configuration of Archer MR600 v5 due to improper neutralization of user-controlled input within the web management interface. An authenticated attacker with administrative privileges may be able to execute arbitrary commands when...

8.5CVSS6AI score0.00907EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/08 5:21 p.m.8 views

CVE-2026-8913

A command Injection vulnerability exists in the WireGuard client configuration of Archer MR600 v5 due to improper neutralization of user-controlled input within the web management interface. An authenticated attacker with administrative privileges may be able to execute arbitrary commands when...

8.5CVSS6AI score0.00907EPSS
Exploits0References4
OSV
OSV
added 2026/06/08 5:16 p.m.12 views

DEBIAN-CVE-2026-11611

A flaw was found in 389 Directory Server. The Content Synchronization persistent search plugin allows unbounded memory growth when an authenticated client stops reading sync responses, enabling denial of service. Additional race conditions in plugin thread lifecycle can cause crashes during...

6.5CVSS5.4AI score0.00244EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/08 4:37 p.m.7 views

Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to Server-side Request Forgery CVE-2026-1180

Summary keycloak is used by the IBM Datapower Operations Dashboard as part of their IAM and SSO implementation Vulnerability Details CVEID:CVE-2026-1180 DESCRIPTION: A flaw was identified in Keycloak’s OpenID Connect Dynamic Client Registration feature when clients authenticate using privatekeyjw...

5.8CVSS5.6AI score0.00363EPSS
Exploits0Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 4:17 p.m.5 views

CVE-2026-11611

A flaw was found in 389 Directory Server. The Content Synchronization persistent search plugin allows unbounded memory growth when an authenticated client stops reading sync responses, enabling denial of service. Additional race conditions in plugin thread lifecycle can cause crashes during...

6.5CVSS5.4AI score0.00244EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/08 3:20 p.m.5 views

CVE-2026-49755

Improper Handling of Highly Compressed Data Data Amplification vulnerability in wojtekmach Req allows attacker-controlled HTTP servers to exhaust memory in a Req client via decompression-bomb response bodies. Req's default response pipeline includes Req.Steps.decodebody/1 and...

8.2CVSS5.5AI score0.00438EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/06/08 3:5 p.m.27 views

CVE-2020-37248

OfflineIMAP prior to version 8.0.3 is affected by a STARTTLS trust issue: the client trusts the server’s STARTTLS capability before authentication, enabling man-in-the-middle attacks that can exfiltrate credentials in cleartext. This vulnerability can enable an attacker to take over the connectio...

6.5CVSS5.5AI score0.00186EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/08 2:21 p.m.17 views

Important: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

8.1CVSS5.5AI score0.00378EPSS
Exploits4References4
OSV
OSV
added 2026/06/08 1:54 p.m.7 views

JLSEC-2026-604

Use of inherently dangerous function PQfn..., resultisint=0, ... in PostgreSQL libpq loexport, loread, lolseek64, and lotell64 functions allows the server superuser to overwrite a client stack buffer with an arbitrarily-large response. Like gets, PQfn..., resultisint=0, ... stores arbitrary-lengt...

8.8CVSS5.7AI score0.00464EPSS
Exploits0References1
OSV
OSV
added 2026/06/08 1:29 p.m.2 views

CLEANSTART-2026-XP87070 Security fixes for CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-35206, ghsa-f6x5-jh6r-wrfv, ghsa-hr2v-4r36-88hr, ghsa-j5w8-q4qc-rx2x, ghsa-mh2q-q3fh-2475, ghsa-p77j-4mvh-x3m3, ghsa-pc3f-x583-g7j2 applied in versions: 0.8.10-r0, 0.8.11-r0, 0.8.4-r0

Multiple security vulnerabilities affect the k8ssandra-client-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

7.5CVSS5.9AI score0.00728EPSS
Exploits0References15
OSV
OSV
added 2026/06/08 1:29 p.m.3 views

CLEANSTART-2026-US10263 Security fixes for CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-35206, ghsa-f6x5-jh6r-wrfv, ghsa-hr2v-4r36-88hr, ghsa-j5w8-q4qc-rx2x, ghsa-mh2q-q3fh-2475, ghsa-p77j-4mvh-x3m3, ghsa-pc3f-x583-g7j2 applied in versions: 0.8.10-r0, 0.8.11-r0, 0.8.4-r0

Multiple security vulnerabilities affect the k8ssandra-client-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

7.5CVSS5.8AI score0.00728EPSS
Exploits0References15
RedHat Linux
RedHat Linux
added 2026/06/08 3:14 a.m.10 views

jdbc.postgresql.org: pgjdbc: Client-side Denial of Service via malicious SCRAM-SHA-256 authentication

A flaw was found in pgjdbc, an open-source PostgreSQL JDBC Driver. A malicious server can exploit this vulnerability by instructing the driver to perform SCRAM-SHA-256 Salted Challenge Response Authentication Mechanism Secure Hash Algorithm 256 authentication with an excessively large iteration...

7.5CVSS5.4AI score0.0077EPSS
Exploits0References6
Snyk
Snyk
added 2026/06/08 3:14 a.m.10 views

Open Redirect

Overview Affected versions of this package are vulnerable to Open Redirect via the OAuth2Client function. An attacker can redirect users to arbitrary external sites by crafting a malicious link and tricking them into clicking it. Remediation A fix was pushed into the master branch but not yet...

5.3CVSS5.6AI score0.00303EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/08 2:58 a.m.10 views

CVE-2026-11406

A vulnerability was determined in GL.iNet MT3000 up to 4.4.5. This vulnerability affects unknown code of the file ovpnclient.sh of the component OpenVPN Client Import Workflow. This manipulation causes command injection. Remote exploitation of the attack is possible. The exploit has been publicly...

6.5CVSS6.2AI score0.0123EPSS
Exploits0References1
CVE
CVE
added 2026/06/08 1:45 a.m.39 views

CVE-2026-11477

The CVE-2026-11477 affects hs-web hsweb-framework up to 5.0.1, specifically the OAuth2Client in hsweb-authorization/hsweb-authorization-oauth2/src/main/java/org/hswebframework/web/oauth2/server/OAuth2Client.java. The issue enables an open redirect due to manipulation of this component, with remot...

5.3CVSS5.1AI score0.00303EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/08 1:45 a.m.42 views

CVE-2026-11477 hs-web hsweb-framework OAuth2 Client OAuth2Client.java OAuth2Client redirect

A vulnerability was detected in hs-web hsweb-framework up to 5.0.1. This affects the function OAuth2Client of the file hsweb-authorization/hsweb-authorization-oauth2/src/main/java/org/hswebframework/web/oauth2/server/OAuth2Client.java of the component OAuth2 Client. The manipulation results in op...

5.3CVSS0.00303EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/06/08 1:45 a.m.5 views

CVE-2026-11477

A vulnerability was detected in hs-web hsweb-framework up to 5.0.1. This affects the function OAuth2Client of the file hsweb-authorization/hsweb-authorization-oauth2/src/main/java/org/hswebframework/web/oauth2/server/OAuth2Client.java of the component OAuth2 Client. The manipulation results in op...

5.3CVSS5.1AI score0.00303EPSS
Exploits0References8Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/08 1:45 a.m.8 views

CVE-2026-11477 hs-web hsweb-framework OAuth2 Client OAuth2Client.java OAuth2Client redirect

A vulnerability was detected in hs-web hsweb-framework up to 5.0.1. This affects the function OAuth2Client of the file hsweb-authorization/hsweb-authorization-oauth2/src/main/java/org/hswebframework/web/oauth2/server/OAuth2Client.java of the component OAuth2 Client. The manipulation results in op...

5.3CVSS5.1AI score0.00303EPSS
Exploits0References8
Rows per page
Query Builder