Lucene search
K

33944 matches found

CVE
CVE
added 2026/05/07 3:47 a.m.27 views

CVE-2026-40004

Technical details about CVE-2026-40004 are not publicly provided in the supplied documents. No explicit affected products, versions, impact, or fixes are present here. Monitor for updates from vendors and security feeds for confirmation and remediation guidance.

7.8CVSS6.2AI score0.00137EPSS
Exploits0References1Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/07 12:6 a.m.15 views

Spring Cloud AWS missing SNS message signature verification allows spoofing of HTTP/HTTPS endpoint notifications

Impact Applications using Spring Cloud AWS SNS HTTP/HTTPS endpoint support @NotificationMessageMapping, @NotificationSubscriptionMapping, @NotificationUnsubscribeConfirmationMapping did not verify the signature of incoming SNS messages. An unauthenticated attacker who knows the endpoint URL could...

6.3CVSS6AI score0.00179EPSS
Exploits0References5Affected Software1
Snyk
Snyk
added 2026/05/07 12:6 a.m.9 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the SNS HTTP/HTTPS notification endpoints due to missing signature verification. An attacker can cause the application to process arbitrary payloads as legitimate notifications, auto-confi...

6.3CVSS5.9AI score0.00179EPSS
Exploits0References2
OSV
OSV
added 2026/05/07 12:6 a.m.12 views

GHSA-R4W4-WV68-QV85 Spring Cloud AWS missing SNS message signature verification allows spoofing of HTTP/HTTPS endpoint notifications

Impact Applications using Spring Cloud AWS SNS HTTP/HTTPS endpoint support @NotificationMessageMapping, @NotificationSubscriptionMapping, @NotificationUnsubscribeConfirmationMapping did not verify the signature of incoming SNS messages. An unauthenticated attacker who knows the endpoint URL could...

6.3CVSS6AI score0.00179EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2026/05/07 12:6 a.m.7 views

be.appify.prefab:prefab-sns-sqs (>=0.4.0 <=0.7.1), be.appify.prefab:prefab-test (>=0.4.0 <=0.7.1) +72 more potentially affected by CVE-2026-44308 via io.awspring.cloud:spring-cloud-aws-autoconfigure (>=3.0.0-M1 <=4.0.1)

io.awspring.cloud:spring-cloud-aws-autoconfigure MAVEN version =3.0.0-M1, =0.4.0, =0.4.0, =3.2.1, =1.0.0, =1.0.3, =1.0.0, =1.0.0, =1.0.0, =4.0.0-rc.39, =4.0.0-rc.39, =4.0.0-rc.39, =5.0.2, =5.1.1 and more Source cves: CVE-2026-44308 Source advisory: SNYK:JAVA-IOAWSPRINGCLOUD-16799817...

6.3CVSS5.4AI score0.00179EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/07 12:6 a.m.5 views

be.appify.prefab:prefab-sns-sqs (>=0.4.0 <=0.7.1), be.appify.prefab:prefab-test (>=0.4.0 <=0.7.1) +8 more potentially affected by CVE-2026-44308 via io.awspring.cloud:spring-cloud-aws-sns (>=4.0.0-M1 <=4.0.1)

io.awspring.cloud:spring-cloud-aws-sns MAVEN version =4.0.0-M1, =0.4.0, =0.4.0, =4.0.0, =4.0.0, =4.0.0, =2.1.0, =1.3.0, =7.0.0, =7.0.0, =7.3.1 Source cves: CVE-2026-44308 Source advisory: SNYK:JAVA-IOAWSPRINGCLOUD-16799818...

6.3CVSS5.4AI score0.00179EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/07 12:6 a.m.6 views

be.appify.prefab:prefab-sns-sqs (>=0.4.0 <=0.7.1), be.appify.prefab:prefab-test (>=0.4.0 <=0.7.1) +8 more potentially affected by CVE-2026-44308 via io.awspring.cloud:spring-cloud-aws-sns (>=4.0.0 <=4.0.1)

io.awspring.cloud:spring-cloud-aws-sns MAVEN version =4.0.0, =0.4.0, =0.4.0, =4.0.0, =4.0.0, =4.0.0, =2.1.0, =1.3.0, =7.0.0, =7.0.0, =7.3.1 Source cves: CVE-2026-44308 Source advisory: OSV:GHSA-R4W4-WV68-QV85...

6.3CVSS5.8AI score0.00179EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/07 12:6 a.m.6 views

com.limemojito.oss.spring-boot:aws-utilities (>=11.0.0 <=12.0.7), com.limemojito.oss.standards:aws-utilities (>=13.0.0 <=14.1.0) +8 more potentially affected by CVE-2026-44308 via io.awspring.cloud:spring-cloud-aws-sns (>=3.0.0 <=3.4.2)

io.awspring.cloud:spring-cloud-aws-sns MAVEN version =3.0.0, =11.0.0, =13.0.0, =3.2.0, =3.0.0, =0.16.0, =1.1.0, =0.0.1, =2.1.0, =2.0.0, =7.0.0-beta Source cves: CVE-2026-44308 Source advisory: OSV:GHSA-R4W4-WV68-QV85...

6.3CVSS5.8AI score0.00179EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.14 views

PT-2026-38403

Impact Applications using Spring Cloud AWS SNS HTTP/HTTPS endpoint support @NotificationMessageMapping, @NotificationSubscriptionMapping, @NotificationUnsubscribeConfirmationMapping did not verify the signature of incoming SNS messages. An unauthenticated attacker who knows the endpoint URL could...

6.3CVSS6AI score0.00179EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.7 views

ZTE Cloud PC client uSmartView 格式化字符串错误漏洞

The ZTE Cloud PC client uSmartView is a cloud desktop remote access client software developed by ZTE Corporation. The ZTE Cloud PC client uSmartView has a vulnerability related to formatted strings. This vulnerability may lead to memory corruption and remote denial of service attacks...

7.5CVSS5.8AI score0.00274EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.8 views

n8n-MCP 代码问题漏洞

n8n-MCP is a model context protocol server developed by Romuald Członkowski, an individual developer. There are code vulnerabilities in versions 2.47.4 to 2.47.13 of n8n-MCP. These vulnerabilities stem from the fact that the SSRFRProtection.validateUrlSync URL verifier does not check IPv6...

8.5CVSS5.9AI score0.00206EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.13 views

ZTE Cloud PC client uSmartView 代码问题漏洞

ZTE Cloud PC client uSmartView is a cloud desktop remote access client software developed by ZTE Corporation. There is a code vulnerability in ZTE Cloud PC client uSmartView, which stems from a DLL hijacking vulnerability. Since uSmartViewServiceAgent.exe runs with SYSTEM privileges, successful...

7.8CVSS6AI score0.00162EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.11 views

PT-2026-38346

Name of the Vulnerable Software and Affected Versions ZTE Cloud PC client uSmartView affected versions not specified Description ZTE Cloud PC client uSmartView is subject to a DLL hijacking issue. Because the uSmartViewServiceAgent.exe process runs with SYSTEM privileges, a successful attack allo...

7.8CVSS6AI score0.00162EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.18 views

PT-2026-38361

A remote denial-of-service vulnerability exists in the ZTE Cloud PC client uSmartview, which may lead to memory corruption and remote denial of service...

4.7CVSS5.8AI score0.00274EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.11 views

PT-2026-38328

There exists an openssl.cnf privilege escalation vulnerability in ZTE Cloud PC client uSmartview. An attacker can execute arbitrary code locally and escalate privileges...

5.5CVSS6.2AI score0.00137EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.10 views

Microsoft Azure Cloud Shell 命令注入漏洞

Microsoft Azure Cloud Shell is a browser-based cloud command-line environment developed by Microsoft Corporation. There is a command injection vulnerability in Microsoft Azure Cloud Shell, which stems from improper neutralization of special elements in commands. This vulnerability could allow...

9.6CVSS6AI score0.00933EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.20 views

PT-2026-38582

Name of the Vulnerable Software and Affected Versions Azure Cloud Shell affected versions not specified Description Improper neutralization of special elements used in a command allows an unauthorized attacker to perform command injection, which can enable network-based spoofing attacks...

10CVSS5.8AI score0.00933EPSS
Exploits0References11
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.9 views

VMware Spring Cloud Config 日志信息泄露漏洞

VMware Spring Cloud Config is a configuration management solution for distributed systems developed by VMware, Inc. This product provides server and client support for external configurations in distributed systems. VMware Spring Cloud Config has a vulnerability related to log information leakage...

4.4CVSS5.8AI score0.00168EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.10 views

VMware Spring Cloud Config 路径遍历漏洞

VMware Spring Cloud Config is a configuration management solution for distributed systems developed by VMware, Inc. This product provides server and client support for external configurations in distributed systems. VMware Spring Cloud Config has a path traversal vulnerability, which stems from t...

9.1CVSS5.8AI score0.00727EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.9 views

VMware Spring Cloud Config 安全漏洞

VMware Spring Cloud Config is a configuration management solution for distributed systems developed by VMware, Inc. This product primarily provides server and client support for external configurations in distributed systems. There is a security vulnerability in VMware Spring Cloud Config, which...

7.5CVSS5.8AI score0.00435EPSS
Exploits0References1
Rows per page
Query Builder