Lucene search
K

2402 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:23 p.m.11 views

CVE-2026-43948

wger is a free, open-source workout and fitness manager. Prior to 2.6, the resetuserpassword and gympermissionsuseredit views in wger perform a gym-scope authorization check using Python object comparison != that evaluates None != None as False, silently bypassing the guard when both the attacker...

9.9CVSS5.5AI score0.00371EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.18 views

CVE-2026-9102

A path traversal vulnerability exists in the Altium Enterprise Server ComparisonService due to missing filename sanitization in the Gerber file upload APIs. A regular authenticated workspace user can supply a crafted filename in the multipart Content-Disposition header to escape the intended...

9.4CVSS6.5AI score0.00563EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/06/05 4:3 p.m.19 views

NocoDB: Plaintext Password Comparison in Shared Views

Summary The shared-view password check fell back to strict-equality === comparison for legacy plaintext passwords, leaking the password's length and per-character prefix through response timing. Details The bcrypt branch hashes starting with $2a$/$2b$ was unaffected. The legacy fallback in View.t...

6.9CVSS5.5AI score0.00253EPSS
Exploits0References3Affected Software1
GithubExploit
GithubExploit
added 2026/06/04 8:9 p.m.94 views

Exploit for Use After Free in Redis

redis-cve-2026-23479-check A safe, read-only version chec...

8.8CVSS6.6AI score0.01286EPSS
Exploits4
Packet Storm News
Packet Storm News
added 2026/06/04 12:0 a.m.14 views

Exploring the Connection between Coding Habits and Cognitive Styles in Malware Developers

Malware research primarily studies the results, the methods, and the impact. Even from an offensive security perspective, what is examined is the method, not the development strategy of the offender. This study investigates the behavioral signatures and coding patterns embedded in the malware...

5.4AI score
Exploits0
Snyk
Snyk
added 2026/06/03 4:25 p.m.12 views

Incomplete Comparison with Missing Factors

Overview Affected versions of this package are vulnerable to Incomplete Comparison with Missing Factors in the hasvaryheader function. An attacker can gain access to cached responses intended for other users by sending requests with whitespace-padded Vary header values. Remediation Upgrade django...

5.9CVSS5.4AI score0.00354EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/03 12:0 a.m.10 views

RockyLinux 9 : gnutls (RLSA-2026:20612)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:20612 advisory. gnutls: Fix qsort comparator in DTLS reassembly CVE-2026-42009 gnutls: Fix crashing on an underflow with a DTLS datagram CVE-2026-33845 gnutls: Fix...

9.8CVSS6AI score0.01335EPSS
Exploits2References27
BDU FSTEC
BDU FSTEC
added 2026/06/03 12:0 a.m.2 views

The vulnerability of the modular interface of the Ruby-based Rack web server allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Ruby-based Rack web server’s modular interface is related to partial comparison. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

7.8CVSS5.9AI score0.00387EPSS
Exploits0References7Affected Software4
OSV
OSV
added 2026/06/02 6:3 p.m.12 views

RLSA-2026:20612 Important: gnutls security update

The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Security Fixes: gnutls: Fix qsort comparator in DTLS reassembly CVE-2026-42009 gnutls: Fix crashing on an underflow with a DTLS datagram...

8.2CVSS6AI score0.01335EPSS
Exploits2References14
hivepro
hivepro
added 2026/06/02 10:6 a.m.16 views

Zafran vs Hive Pro: CTEM Platform Comparison

Persistent exposure backlogs do not shrink when teams chase every critical finding. Buyers need a CTEM platform that shows which risks demand action right now. Evaluate Uni5 Xposure for a threat-informed CTEM program. Zafran vs Hive Pro compares two CTEM platforms designed to focus security teams...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/01 12:0 a.m.9 views

Gate AI: LLM Security Benchmark Evaluation Methodology and Results

Published evaluations of prompt-injection and jailbreak detectors for Large Language Models often suffer from two systematic weaknesses: per-dataset threshold tuning and undisclosed operating points. We describe an evaluation harness that addresses both. The detector under evaluation is scored...

5.8AI score
Exploits0
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.10 views

FlexRIC 安全漏洞

FlexRIC is an open-source RAN intelligent controller developed by Mosaic5G. The FlexRIC v2.0.0 version contains a security vulnerability. This vulnerability stems from an authorization bypass in the iApp’s xApp isolation mechanism. The comparison function incorrectly compares xappid with itself...

7.5CVSS5.2AI score0.00454EPSS
Exploits1References3
Wired Threat Level
Wired Threat Level
added 2026/05/29 8:53 p.m.30 views

The White House’s Aliens.gov Site Brags That ICE Arrested More Than 700 US Citizens

The website, which compares human beings to extraterrestrials, touts arrest numbers from the Trump administration’s sweeping immigration crackdown. But some of its details are really out there...

5.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/05/29 12:16 p.m.12 views

CVE-2026-33489

A flaw was found in CoreDNS. An unauthorized remote client can exploit a vulnerability in the transfer plugin's Access Control List ACL stanza selection. This occurs when both a parent zone and a more-specific subzone are configured, and the longestMatch function incorrectly uses a lexicographic...

8.2CVSS5.8AI score0.00388EPSS
Exploits1References5
EUVD
EUVD
added 2026/05/28 9:23 p.m.12 views

EUVD-2026-33070

TREK is a collaborative travel planner. Prior to 3.0.18, early return on missing user during login flow allowed an attacker to enumerate valid user accounts via response timing discrepancy. When an email address existed in the database, the backend performed a bcrypt password comparison before...

5.3CVSS5.8AI score0.00205EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/28 5:22 p.m.11 views

Symfony's Mailjet Mailer Webhook Parser Never Verifies the Configured Secret — Unauthenticated Webhook Event Injection

Description The Mailjet mailer bridge and the LOX24 SMS notifier bridge both ship webhook request parsers used to authenticate and decode the event callbacks each provider POSTs to an application's webhook endpoint. Their doParseRequest $request, \SensitiveParameter string $secret methods receive...

5.7AI score0.00103EPSS
Exploits0References7Affected Software3
OSV
OSV
added 2026/05/28 2:2 p.m.11 views

CLSA-2026-1779968889 Fix of 7 CVEs

SECURITY UPDATE: Authentication Bypass in digest authentication - debian/patches/CVE-2026-43512.patch: reject digest authentication attempts for unknown users in getDigest - CVE-2026-43512 SECURITY UPDATE: Account lockout bypass in LockOutRealm via case variation of user names -...

9.8CVSS5.8AI score0.01339EPSS
Exploits2References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.11 views

Hono 安全漏洞

Hono is a web framework written in TypeScript for the Hono community. Versions of Hono prior to 4.12.21 contained security vulnerabilities. These vulnerabilities stemmed from the ip-restriction middleware using string equality comparisons when comparing IP addresses after some normalization,...

5.3CVSS5.8AI score0.00244EPSS
Exploits0References1
OSV
OSV
added 2026/05/27 2:47 p.m.10 views

CLSA-2026-1779893247 Fix of 5 CVEs

SECURITY UPDATE: add case sensitive attribute to LockOutRealm - debian/patches/CVE-2026-43513.patch: add case sensitive attribute to LockOutRealm - CVE-2026-43513 SECURITY UPDATE: fix the handling of invalid users with DIGEST authentication - debian/patches/CVE-2026-43512.patch: fix the handling ...

9.8CVSS6.7AI score0.01233EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 5:31 a.m.10 views

CVE-2026-8698

The Cryptocurrency Prijsvergelijking Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting in version 1.0. This is due to insufficient output escaping in the asgetcoinshortcode function, which renders the 'width' and 'height' shortcode attribute directly into the style attribut...

6AI score0.00187EPSS
Exploits0References4
Rows per page
Query Builder