Lucene search
K

1086992 matches found

Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.18 views

PT-2026-48454

A potential uncontrolled search path vulnerability was reported in the LanSchool Classic client application that could allow a local authenticated user to execute arbitrary code with elevated privileges...

8.5CVSS6AI score0.0013EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.25 views

Jenkins 代码问题漏洞

Jenkins is an open-source application developed by Jenkins Project. The open-source automation server Jenkins offers hundreds of plugins to support building, deploying, and automating any project. Jenkins versions 2.567 and earlier, as well as LTS 2.555.2 and earlier, have code vulnerabilities...

8.8CVSS5.6AI score0.14907EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.14 views

PT-2026-48412

Ghidra before 12.0.2 contains a path traversal vulnerability in the extension installer that fails to validate ZIP entry names during extraction. Attackers can craft malicious extensions with traversal sequences like ../ in filenames to write arbitrary files outside the intended directory, enabli...

8.4CVSS5.8AI score0.00215EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.13 views

National Security Agency Ghidra 代码问题漏洞

National Security Agency Ghidra is a software reverse-engineering framework developed by the National Security Agency NSA. Previous versions of National Security Agency Ghidra, such as version 12.1, had code vulnerabilities. These vulnerabilities stemmed from insecure deserialization in the RMI...

8.8CVSS6.2AI score0.0071EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.12 views

FrankenPHP 输入验证错误漏洞

FrankenPHP is an open-source PHP application server developed by phpnet. In versions 1.11.2 to 1.2.3 of FrankenPHP, there was a vulnerability related to input validation errors. This vulnerability stemmed from the incorrect use of the splitPos function in cgi.go when the request path contained...

8.1CVSS5.9AI score0.00568EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.10 views

Lenovo Smart Connect 安全漏洞

Lenovo Smart Connect is a cross-device collaboration platform developed by China’s Lenovo Corporation. There is a security vulnerability in Lenovo Smart Connect for Windows. This vulnerability stems from a potential authentication bypass, which may allow locally authenticated users to execute...

7.3CVSS5.9AI score0.00108EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.16 views

Apache OFBiz 代码注入漏洞

Apache OFBiz is an ERP system developed by the Apache Foundation in the United States. This system provides a complete set of Java-based web application components and tools. Versions of Apache OFBiz prior to 24.09.07 had a code injection vulnerability. This vulnerability stemmed from improper co...

8.8CVSS5.8AI score0.00657EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.13 views

Splunk多款产品 代码问题漏洞

Splunk is a product of the American company Splunk. Splunk is a suite of data collection and analysis software. The Splunk Cloud Platform offers powerful services for data collection, processing, and analysis. Splunk Enterprise is also a suite of data collection and analysis software. Several...

8.8CVSS6AI score0.00575EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.12 views

Roxy-WI 输入验证错误漏洞

Roxy-WI is an open-source web interface designed for managing Haproxy, Nginx, and Keepalived servers. Versions of Roxy-WI 8.2.6.4 and earlier contain a vulnerability related to input validation errors. This vulnerability stems from HAProxy saving unvalidated and unescaped JSON field values direct...

9.9CVSS6AI score0.00439EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.11 views

Lenovo LanSchool Classic 代码问题漏洞

Lenovo LanSchool Classic is a classroom teaching management software developed by Lenovo Corporation. Lenovo LanSchool Classic has code vulnerabilities, which stem from potentially uncontrolled search paths. These vulnerabilities may allow locally authenticated users to execute arbitrary code wit...

8.5CVSS6AI score0.0013EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.12 views

Broadcom Layer7 API Gateway 代码问题漏洞

Broadcom Layer7 API Gateway is an enterprise-level API gateway platform provided by Broadcom Corporation. There are code-related vulnerabilities in the Broadcom Layer7 API Gateway. These vulnerabilities originate from the interaction between client applications and the API gateway server...

5.3CVSS6.2AI score0.00317EPSS
Exploits0References2
AlmaLinux
AlmaLinux
added 2026/06/10 12:0 a.m.5 views

Critical: samba security update

Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fixes: samba: Missing access check on reparse point operations...

9.8CVSS6AI score0.12797EPSS
Exploits8References14
Tenable Nessus
Tenable Nessus
added 2026/06/10 12:0 a.m.7 views

EulerOS 2.0 SP13 : libtiff (EulerOS-SA-2026-2300)

According to the versions of the libtiff packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile...

7.8CVSS5.8AI score0.00553EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.15 views

PT-2026-48491

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 10.2.4 Splunk Enterprise versions prior to 10.0.7 Splunk Enterprise versions prior to 9.4.12 Splunk Enterprise versions prior to 9.3.13 Splunk Cloud Platform versions prior to 10.3.2512.12 Splunk Cloud...

8.8CVSS5.9AI score0.00575EPSS
Exploits1References9
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

BoxLite 路径遍历漏洞

BoxLite is an open-source embedded microvirtual machine runtime developed by BoxLite. It provides hardware-isolated secure sandboxes for AI agents and code execution scenarios. Versions of BoxLite prior to 0.9.0 contained a path traversal vulnerability. This vulnerability stemmed from the lack of...

9.6CVSS6.4AI score0.00482EPSS
Exploits0References1
Spring Security Advisories
Spring Security Advisories
added 2026/06/10 12:0 a.m.7 views

CVE-2026-41699: Unsafe Deserialization in Spring GraphQL

Spring for GraphQL applications are vulnerable to Unsafe Deserialization when processing paginated GraphQL queries. More precisely, an application is vulnerable when all the following are true: When all the conditions above are met, an attacker can craft a malicious GraphQL request that can lead ...

8.1CVSS5.9AI score0.0043EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/10 12:0 a.m.8 views

TrueConf Windows Client < 8.5.3.884 Download of Code Without Integrity Check Vulnerability (CVE-2026-3502)

The version of TrueConf Windows Client installed on the remote host is prior to 8.5.3.884. It is, therefore, affected by a vulnerability: — A remote code execution vulnerability exists in the TrueConf Client update mechanism due to lack of cryptographic verification of update packages. An...

7.8CVSS7.2AI score0.0575EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2026/06/10 12:0 a.m.6 views

Splunk Enterprise 9.3.0 < 9.3.13, 9.4.0 < 9.4.12, 10.0.0 < 10.0.7, 10.2.0 < 10.2.4 (SVD-2026-0601)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2026-0601 advisory. - In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, Splunk Cloud Platform versions below 10.3.2512.12,...

8.8CVSS6AI score0.00575EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/06/10 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-7383

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Issue summary: A signed integer overflow when sizing the destination buffer for Unicode output in ASN1mbstringncopy can lead to a heap buffer overflow. Impact...

8.1CVSS6.7AI score0.00358EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/10 12:0 a.m.9 views

Debian dsa-6332 : libokular5core10 - security update

The remote Debian 12 / 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6332 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6332-1 [email protected] https://www.debian.org/security/...

6AI score
Exploits0References3
Rows per page
Query Builder