Lucene search
K

52655 matches found

OSV
OSV
added 2026/06/08 1:29 p.m.3 views

CLEANSTART-2026-US10263 Security fixes for CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-35206, ghsa-f6x5-jh6r-wrfv, ghsa-hr2v-4r36-88hr, ghsa-j5w8-q4qc-rx2x, ghsa-mh2q-q3fh-2475, ghsa-p77j-4mvh-x3m3, ghsa-pc3f-x583-g7j2 applied in versions: 0.8.10-r0, 0.8.11-r0, 0.8.4-r0

Multiple security vulnerabilities affect the k8ssandra-client-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

7.5CVSS5.8AI score0.00728EPSS
Exploits0References15
RedHat Linux
RedHat Linux
added 2026/06/08 3:14 a.m.10 views

jdbc.postgresql.org: pgjdbc: Client-side Denial of Service via malicious SCRAM-SHA-256 authentication

A flaw was found in pgjdbc, an open-source PostgreSQL JDBC Driver. A malicious server can exploit this vulnerability by instructing the driver to perform SCRAM-SHA-256 Salted Challenge Response Authentication Mechanism Secure Hash Algorithm 256 authentication with an excessively large iteration...

7.5CVSS5.4AI score0.0077EPSS
Exploits0References6
Snyk
Snyk
added 2026/06/08 3:14 a.m.10 views

Open Redirect

Overview Affected versions of this package are vulnerable to Open Redirect via the OAuth2Client function. An attacker can redirect users to arbitrary external sites by crafting a malicious link and tricking them into clicking it. Remediation A fix was pushed into the master branch but not yet...

5.3CVSS5.6AI score0.00303EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/08 2:58 a.m.10 views

CVE-2026-11406

A vulnerability was determined in GL.iNet MT3000 up to 4.4.5. This vulnerability affects unknown code of the file ovpnclient.sh of the component OpenVPN Client Import Workflow. This manipulation causes command injection. Remote exploitation of the attack is possible. The exploit has been publicly...

6.5CVSS6.2AI score0.0123EPSS
Exploits0References1
CVE
CVE
added 2026/06/08 1:45 a.m.39 views

CVE-2026-11477

The CVE-2026-11477 affects hs-web hsweb-framework up to 5.0.1, specifically the OAuth2Client in hsweb-authorization/hsweb-authorization-oauth2/src/main/java/org/hswebframework/web/oauth2/server/OAuth2Client.java. The issue enables an open redirect due to manipulation of this component, with remot...

5.3CVSS5.1AI score0.00303EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/08 1:45 a.m.42 views

CVE-2026-11477 hs-web hsweb-framework OAuth2 Client OAuth2Client.java OAuth2Client redirect

A vulnerability was detected in hs-web hsweb-framework up to 5.0.1. This affects the function OAuth2Client of the file hsweb-authorization/hsweb-authorization-oauth2/src/main/java/org/hswebframework/web/oauth2/server/OAuth2Client.java of the component OAuth2 Client. The manipulation results in op...

5.3CVSS0.00303EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/06/08 1:45 a.m.5 views

CVE-2026-11477

A vulnerability was detected in hs-web hsweb-framework up to 5.0.1. This affects the function OAuth2Client of the file hsweb-authorization/hsweb-authorization-oauth2/src/main/java/org/hswebframework/web/oauth2/server/OAuth2Client.java of the component OAuth2 Client. The manipulation results in op...

5.3CVSS5.1AI score0.00303EPSS
Exploits0References8Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/08 1:45 a.m.8 views

CVE-2026-11477 hs-web hsweb-framework OAuth2 Client OAuth2Client.java OAuth2Client redirect

A vulnerability was detected in hs-web hsweb-framework up to 5.0.1. This affects the function OAuth2Client of the file hsweb-authorization/hsweb-authorization-oauth2/src/main/java/org/hswebframework/web/oauth2/server/OAuth2Client.java of the component OAuth2 Client. The manipulation results in op...

5.3CVSS5.1AI score0.00303EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/08 1:45 a.m.13 views

EUVD-2026-35008

A vulnerability was detected in hs-web hsweb-framework up to 5.0.1. This affects the function OAuth2Client of the file hsweb-authorization/hsweb-authorization-oauth2/src/main/java/org/hswebframework/web/oauth2/server/OAuth2Client.java of the component OAuth2 Client. The manipulation results in op...

5.3CVSS5.1AI score0.00303EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/06/08 1:44 a.m.19 views

tornado: Tornado: Cookie attribute injection due to improper handling of cookie arguments

A flaw was found in Tornado. A remote attacker could exploit this vulnerability by injecting specially crafted characters into the domain, path, and samesite arguments when setting cookies. This could lead to cookie attribute injection, potentially allowing for information disclosure or...

7.2CVSS7AI score0.00237EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.10 views

Headplane 路径遍历漏洞

Headplane is a web management interface for Headscale, developed by Aarnav Tale. Versions of Headplane prior to 0.6.3 and 0.7.0-beta.3 contained a path traversal vulnerability. This vulnerability stemmed from path traversal and authorization bypass issues in the Headscale API client during node a...

8.1CVSS5.3AI score0.00374EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.10 views

TencentOS Server 4: storm (TSSA-2026:0414)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0414 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

6.5CVSS5.5AI score0.00286EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.7 views

TencentOS Server 4: nginx (TSSA-2025:0724)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0724 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

5.3CVSS5.7AI score0.02557EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.15 views

PT-2026-47450

Name of the Vulnerable Software and Affected Versions WACRM versions prior to commit 73041bf Description An authorization bypass exists in the automation engine that allows authenticated attackers to access and modify contacts belonging to other tenants. By providing an arbitrary contact id in th...

7.1CVSS5.6AI score0.00216EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.15 views

PT-2026-47447

Headplane is a feature-complete Web UI for Headscale. Prior to versions 0.6.3 and 0.7.0-beta.3, Headplane was vulnerable to a path traversal / authorization bypass in the Headscale API client used by node and user rename operations. This issue has been patched in versions 0.6.3 and 0.7.0-beta.3...

8.1CVSS5.4AI score0.00374EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.10 views

Gun 安全漏洞

Gun is an open-source Erlang HTTP client developed by Nine Nines, supporting HTTP/1.1, HTTP/2, and WebSocket. Versions of Gun from 1.0.0 to 2.4.0 contained security vulnerabilities. These vulnerabilities stemmed from uncontrolled resource consumption in the gunhttp module, which could allow...

8.7CVSS5.3AI score0.00381EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.14 views

req 安全漏洞

“req” is a simple Go HTTP client developed by a Roc individual using Black Magic. Versions of “req” from 0.1.0 to 0.6.1 contained security vulnerabilities. These vulnerabilities stemmed from improper handling of highly compressed data, which could allow an attacker-controlled HTTP server to exhau...

8.2CVSS5.4AI score0.00438EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.9 views

Gun 安全漏洞

Gun is an open-source Erlang HTTP client developed by Nine Nines that supports HTTP/1.1, HTTP/2, and WebSocket. Versions of Gun from 2.0.0 to 2.4.0 contained security vulnerabilities. These vulnerabilities stemmed from unexpected status codes or return values in the gunhttp module, which could...

8.7CVSS5.3AI score0.00381EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.24 views

PT-2026-47339

Name of the Vulnerable Software and Affected Versions 389 Directory Server affected versions not specified Description A flaw in the Content Synchronization persistent search plugin allows unbounded memory growth when an authenticated client stops reading sync responses, which can lead to a denia...

6.5CVSS5.4AI score0.00244EPSS
Exploits0References5
Amazon
Amazon
added 2026/06/08 12:0 a.m.14 views

Important: kernel6.12

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: bonding: fix use-after-free due to enslave fail after slave array update CVE-2026-23171 In the Linux kernel, the following vulnerability has been resolved: mm/pagewalk: fix race between concurrent split and refaul...

8.8CVSS5.5AI score0.00307EPSS
Exploits1
Rows per page
Query Builder