Lucene search
K

33947 matches found

GithubExploit
GithubExploit
added 2026/05/05 2:42 p.m.75 views

Exploit for Code Injection in Vmware Spring_Cloud_Function

No d...

9.8CVSS7.3AI score0.99939EPSS
Exploits36
The Hacker News
The Hacker News
added 2026/05/05 2:19 p.m.11 views

China-Linked UAT-8302 Targets Governments Using Shared APT Malware Across Regions

A sophisticated China-nexus advanced persistent threat APT group has been attributed to attacks targeting government entities in South America since at least late 2024 and government agencies in southeastern Europe in 2025. The activity is being tracked by Cisco Talos under the moniker UAT-8302 ,...

6AI score
Exploits0
Vulnrichment
Vulnrichment
added 2026/05/05 2:15 p.m.6 views

CVE-2026-7412

In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, the Operation Delegation feature fails to validate the destination URI of delegated requests. An unauthenticated remote attacker can exploit this design flaw to force the BaSyx server to execute blind HTTP POST requests to...

8.6CVSS6.1AI score0.00516EPSS
Exploits0References2
CVE
CVE
added 2026/05/05 2:15 p.m.24 views

CVE-2026-7412

CVE-2026-7412 affects Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10. The Operation Delegation feature fails to validate the destination URI of delegated requests, enabling an unauthenticated remote attacker to coerce the BaSyx server into performing blind HTTP POSTs to arbitr...

8.6CVSS6.1AI score0.00516EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/05 9:18 a.m.10 views

Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerabilities in Handlebars

Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerabilities in Handlebars. CVE-2026-33937, CVE-2026-33938, CVE-2026-33939, CVE-2026-33940, CVE-2026-33941 The vulnerabilities have been addressed. Vulnerability Details...

9.8CVSS6.2AI score0.01739EPSS
Exploits6Affected Software2
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.11 views

PT-2026-37258

Name of the Vulnerable Software and Affected Versions MagicMirror² versions prior to 2.36.0 Description An unauthenticated Server-Side Request Forgery SSRF exists in the '/cors' endpoint, which acts as an open HTTP proxy without authentication or URL validation. This allows remote attackers to...

9.2CVSS6AI score0.01623EPSS
Exploits1References5
OSV
OSV
added 2026/05/05 12:0 a.m.6 views

OPENSUSE-SU-2026:10688-1 cf-cli-8.18.3+git.0.83ce51d9c-1.1 on GA media

These are all security issues fixed in the cf-cli-8.18.3+git.0.83ce51d9c-1.1 package on the GA media of openSUSE Tumbleweed...

7.5CVSS7.1AI score0.00459EPSS
Exploits2References1
RedHat Linux
RedHat Linux
added 2026/05/04 11:37 p.m.8 views

axios: Axios: Remote Code Execution via Prototype Pollution escalation

A flaw was found in Axios, a promise-based HTTP client. This vulnerability, known as Prototype Pollution, can be exploited through a specific "Gadget" attack chain. This allows an attacker to escalate a Prototype Pollution vulnerability in a third-party dependency, potentially leading to remote...

9CVSS6.6AI score0.01815EPSS
Exploits5References8
RedhatCVE
RedhatCVE
added 2026/05/04 8:21 p.m.4 views

CVE-2026-7678

A vulnerability was identified in YunaiV yudao-cloud up to 2026.01. This affects the function getDataBySQL of the file yudao-module-report-biz/src/main/java/io/github/ruoyi/report/service/impl/GoViewDataServiceImpl.java. Such manipulation leads to sql injection. It is possible to launch the attac...

6.5CVSS6.4AI score0.00196EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/04 8:21 p.m.8 views

CVE-2026-7679

A security flaw has been discovered in YunaiV yudao-cloud up to 2026.01. This impacts the function getAccessToken of the file yudao-module-system-biz/src/main/java/io/github/ruoyi/common/oauth2/service/impl/OAuth2TokenServiceImpl.java. Performing a manipulation results in improper authentication...

7.5CVSS6.8AI score0.00414EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/04 8:12 p.m.9 views

Argo vulnerable to exposure of artifact repository credentials

Summary The workflow executor logs all artifact repository credentials S3 access keys, secret keys, GCS service account keys, Azure account keys, Git passwords, etc. in plaintext on artifact operation. Any user with read access to workflow pod logs can extract these credentials. Note: This is an...

8.5CVSS7.3AI score0.00357EPSS
Exploits1References7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/04 6:40 p.m.10 views

Security Bulletin: Multiple vulnerabilities affect Data Virtualization on IBM Software Hub (April 2026 - Part 2 of 2)

Summary Multiple vulnerabilities have been addressed in Data Virtualization on IBM Software Hub. Note that Data Virtualization was named Watson Query on IBM Cloud Pak for Data version 4.8. Vulnerability Details CVEID:CVE-2025-68121 DESCRIPTION: During session resumption in crypto/tls, if the...

10CVSS6.8AI score0.00765EPSS
Exploits1Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/04 6:30 p.m.10 views

Apache Polaris has an Improper Input Validation issue

In plain terms, Apache Polaris is supposed to issue short-lived GCS credentials that only work for one table's files, but a crafted namespace or table name can cause those credentials to work across the configured bucket instead. Apache Polaris builds Google Cloud Storage downscoped credentials b...

9.9CVSS5.7AI score0.00431EPSS
Exploits0References5Affected Software1
Snyk
Snyk
added 2026/05/04 6:26 p.m.9 views

Improper Encoding or Escaping of Output

Overview org.apache.polaris:polaris-core is an a catalog for data lakes. It provides new levels of choice, flexibility and control over data, with full enterprise security and Apache Iceberg interoperability across a multitude of engines and infrastructure Affected versions of this package are...

9.9CVSS5.8AI score0.00424EPSS
Exploits0References2
NVD
NVD
added 2026/05/04 5:16 p.m.21 views

CVE-2026-42811

In plain terms, Apache Polaris is supposed to issue short-lived GCS credentials that only work for one table's files, but a crafted namespace or table name can cause those credentials to work across the configured bucket instead. Apache Polaris builds Google Cloud Storage downscoped credentials b...

9.9CVSS0.00431EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/04 4:53 p.m.7 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the imgPostURLInfo function. An attacker can cause the server to initiate outbound HTTP HEAD requests to arbitrary endpoints by supplying a crafted URL during the image import preflight stage. This c...

5.3CVSS5.9AI score0.00271EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/04 4:53 p.m.6 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the imgPostURLInfo function. An attacker can cause the server to initiate outbound HTTP HEAD requests to arbitrary endpoints by supplying a crafted URL during the image import preflight stage. This c...

5.3CVSS5.9AI score0.00271EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/05/04 4:48 p.m.8 views

CVE-2026-42810 Apache Polaris: could broaden vended S3 credentials through wildcard-bearing namespace or table names

Apache Polaris accepts literal characters in namespace and table names. When it later builds temporary S3 access policies for delegated table access, those same characters appear to be reused unescaped in S3 IAM resource patterns and s3:prefix conditions. In S3 IAM policy matching, is treated as ...

9.9CVSS5.8AI score0.00424EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/04 4:37 p.m.6 views

CVE-2026-42811

In plain terms, Apache Polaris is supposed to issue short-lived GCS credentials that only work for one table's files, but a crafted namespace or table name can cause those credentials to work across the configured bucket instead. Apache Polaris builds Google Cloud Storage downscoped credentials b...

9.9CVSS5.7AI score0.00431EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/04 4:37 p.m.8 views

CVE-2026-42811 Apache Polaris: could broaden vended GCS credentials through unescaped identifier content in access-boundary CEL conditions

In plain terms, Apache Polaris is supposed to issue short-lived GCS credentials that only work for one table's files, but a crafted namespace or table name can cause those credentials to work across the configured bucket instead. Apache Polaris builds Google Cloud Storage downscoped credentials b...

9.9CVSS5.7AI score0.00431EPSS
Exploits0References1
Rows per page
Query Builder