Lucene search
+L

1931 matches found

OSV
OSV
added 2026/04/01 12:0 a.m.16 views

ALSA-2026:6388 Important: grafana-pcp security update

The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards. Security Fixes: net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 For...

7.5CVSS7.2AI score0.00728EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/30 7:41 p.m.34 views

CVE-2026-28505 Tautulli: RCE via eval() sandbox bypass using lambda nested scope to escape co_names whitelist check

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.0, the streval function in notificationhandler.py implements a sandboxed eval for notification text templates. The sandbox attempts to restrict callable names by inspecting code.conames of the...

7.5CVSS0.00476EPSS
Exploits1References2
AlmaLinux
AlmaLinux
added 2026/03/24 12:0 a.m.13 views

Moderate: opencryptoki security update

The opencryptoki packages contain version 2.11 of the PKCS11 API, implemented for IBM Cryptocards, such as IBM 4764 and 4765 crypto cards. These packages includes support for the IBM 4758 Cryptographic CoProcessor with the PKCS11 firmware loaded, the IBM eServer Cryptographic Accelerator FC 4960 ...

6.8CVSS5.8AI score0.00162EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/19 6:30 a.m.7 views

EUVD-2026-13045

Incorrect Privilege Assignment vulnerability in Rymera Web Co Pty Ltd. Woocommerce Wholesale Lead Capture allows Privilege Escalation.This issue affects Woocommerce Wholesale Lead Capture: from n/a through 2.0.3.1...

9.8CVSS5.8AI score0.0054EPSS
Exploits1References2
CVE
CVE
added 2026/03/19 5:24 a.m.51 views

CVE-2026-27540

CVE-2026-27540 is an unauthenticated arbitrary file upload vulnerability in the WordPress WooCommerce Wholesale Lead Capture plugin (

9CVSS5.7AI score0.0047EPSS
In wildExploits2References1
ATTACKERKB
ATTACKERKB
added 2026/03/19 5:22 a.m.3 views

CVE-2026-27542

Incorrect Privilege Assignment vulnerability in Rymera Web Co Pty Ltd. Woocommerce Wholesale Lead Capture allows Privilege Escalation.This issue affects Woocommerce Wholesale Lead Capture: from n/a through 2.0.3.1...

9.8CVSS5.8AI score0.0054EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/17 12:46 p.m.5 views

Exposure of Resource to Wrong Sphere

Overview Affected versions of this package are vulnerable to Exposure of Resource to Wrong Sphere due to improper handling of the session token cookie path. An attacker can gain unauthorized access to user sessions by capturing valid session tokens through co-hosted applications operating under t...

9.3CVSS5.8AI score0.00677EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/17 10:15 a.m.33 views

CVE-2026-28779 Apache Airflow: Path of session token in cookie does not consider base_url - session hijacking via co-hosted applications

Apache Airflow versions 3.1.0 through 3.1.7 session token token in cookies is set to path=/ regardless of the configured webserver baseurl or api baseurl. This allows any application co-hosted under the same domain to capture valid Airflow session tokens from HTTP request headers, allowing full...

0.00677EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/17 10:15 a.m.2 views

CVE-2026-28779 Apache Airflow: Path of session token in cookie does not consider base_url - session hijacking via co-hosted applications

Apache Airflow versions 3.1.0 through 3.1.7 session token token in cookies is set to path=/ regardless of the configured webserver baseurl or api baseurl. This allows any application co-hosted under the same domain to capture valid Airflow session tokens from HTTP request headers, allowing full...

5.8AI score0.00677EPSS
Exploits0References2
CVE
CVE
added 2026/03/17 10:15 a.m.25 views

CVE-2026-28779

Apache Airflow 3.1.0–3.1.7 exposes a session-token cookie path (/), ignoring configured webserver/api base_url. This enables co-hosted applications on the same domain to capture tokens and take over sessions without exploiting Airflow itself. Public descriptions consistently recommend upgrading t...

7.5CVSS5.8AI score0.00677EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/17 10:15 a.m.7 views

CVE-2026-28779 Apache Airflow: Path of session token in cookie does not consider base_url - session hijacking via co-hosted applications

Apache Airflow versions 3.1.0 through 3.1.7 session token token in cookies is set to path=/ regardless of the configured webserver baseurl or api baseurl. This allows any application co-hosted under the same domain to capture valid Airflow session tokens from HTTP request headers, allowing full...

7.5CVSS7AI score0.00677EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/03/17 12:0 a.m.5 views

PT-2026-25887

Apache Airflow versions 3.1.0 through 3.1.7 session token token in cookies is set to path=/ regardless of the configured webserver base url or api base url. This allows any application co-hosted under the same domain to capture valid Airflow session tokens from HTTP request headers, allowing full...

7.5CVSS5.7AI score0.00677EPSS
Exploits0References13
Tenable Nessus
Tenable Nessus
added 2026/03/06 12:0 a.m.6 views

RHEL 8 : grafana-pcp (RHSA-2026:3815)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:3815 advisory. The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and...

7.5CVSS7.2AI score0.01945EPSS
Exploits2References6
RedHat Linux
RedHat Linux
added 2026/03/05 6:11 a.m.11 views

Important: Red Hat Security Advisory: grafana-pcp security update

An update for grafana-pcp is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

7.5CVSS6.7AI score0.01945EPSS
Exploits2References3
OSV
OSV
added 2026/02/26 8:43 p.m.6 views

RLSA-2026:3187 Important: grafana-pcp security update

The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards. Security Fixes: golang: net/url: Memory exhaustion in query parameter parsing in net/url...

7.5CVSS5.6AI score0.01945EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/02/24 12:0 a.m.6 views

RHEL 8 : grafana-pcp (RHSA-2026:3187)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:3187 advisory. The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and...

10CVSS5.8AI score0.01945EPSS
Exploits1References6
OSV
OSV
added 2026/02/24 12:0 a.m.9 views

ALSA-2026:3187 Important: grafana-pcp security update

The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards. Security Fixes: golang: net/url: Memory exhaustion in query parameter parsing in net/url...

10CVSS5.6AI score0.01945EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2026/02/23 2:14 a.m.16 views

Important: Red Hat Security Advisory: grafana-pcp security update

An update for grafana-pcp is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

10CVSS6.7AI score0.01945EPSS
Exploits3References4
OSV
OSV
added 2026/02/23 12:0 a.m.8 views

ALSA-2026:3040 Important: grafana-pcp security update

The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards. Security Fixes: crypto/x509: golang: Denial of Service due to excessive resource consumption v...

10CVSS7.2AI score0.01945EPSS
Exploits3References8
OSV
OSV
added 2026/02/23 12:0 a.m.8 views

ALSA-2026:3035 Important: grafana-pcp security update

The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards. Security Fixes: crypto/x509: golang: Denial of Service due to excessive resource consumption v...

10CVSS5.9AI score0.01945EPSS
Exploits3References8
Rows per page
Query Builder