Lucene search
K

1754 matches found

CVE
CVE
added 2026/05/20 10:54 p.m.22 views

CVE-2026-47782

Technical details about CVE-2026-47782 are not publicly provided in the supplied documents; monitor for updates.

4.6CVSS5.8AI score0.00132EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/20 10:54 p.m.32 views

CVE-2026-47782

Android App "RoboForm Password Manager" provided by Siber Systems, Inc. handles Android intents without sufficient URL validation, user confirmation nor notification. If a URL to some malicious web page is given through an intent, RoboForm may silently download files without user confirmation nor...

4.6CVSS0.00132EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/20 7:57 a.m.11 views

CVE-2026-45035

Tabby formerly Terminus is a highly configurable terminal emulator. Prior to 1.0.233, Tabby registers itself as the handler for the tabby:// URL scheme on all platforms. The URL scheme handler supports a run command that directly executes OS commands with no user confirmation, sanitization, or...

9.4CVSS5.9AI score0.0038EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.14 views

PT-2026-42271

Android App "RoboForm Password Manager" provided by Siber Systems, Inc. handles Android intents without sufficient URL validation, user confirmation nor notification. If a URL to some malicious web page is given through an intent, RoboForm may silently download files without user confirmation nor...

4.6CVSS5.8AI score0.00132EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/05/19 6:37 p.m.12 views

OpenSSH: OpenSSH: Low integrity impact from unconfirmed proxy-mode multiplexing sessions

A flaw was found in OpenSSH. This vulnerability allows for a low integrity impact due to the omission of connection multiplexing confirmation for proxy-mode multiplexing sessions. A local user, under specific and complex conditions requiring user interaction, could potentially establish a...

2.5CVSS5.8AI score0.0013EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/05/19 1:38 p.m.12 views

OpenSSH: OpenSSH: Low integrity impact from unconfirmed proxy-mode multiplexing sessions

A flaw was found in OpenSSH. This vulnerability allows for a low integrity impact due to the omission of connection multiplexing confirmation for proxy-mode multiplexing sessions. A local user, under specific and complex conditions requiring user interaction, could potentially establish a...

2.5CVSS5.8AI score0.0013EPSS
Exploits0References7
Snyk
Snyk
added 2026/05/18 9:45 a.m.5 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the invite confirmation process due to insufficient validation of the RefreshedToken. An attacker can bypass intended token rotation and reuse an original invite token by sending a crafted invite confirmation...

6.3CVSS5.8AI score0.00142EPSS
Exploits0References2
NVD
NVD
added 2026/05/18 8:16 a.m.13 views

CVE-2026-4273

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to validate that the RefreshedToken differs from the original invite token during remote cluster invite confirmation which allows an authenticated attacker to bypass token rotation and reuse the original invite token via sending a craft...

4.3CVSS0.00142EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/18 6:56 a.m.14 views

CVE-2026-4273 Insufficient token rotation validation in remote cluster invite confirmation

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to validate that the RefreshedToken differs from the original invite token during remote cluster invite confirmation which allows an authenticated attacker to bypass token rotation and reuse the original invite token via sending a craft...

3.7CVSS5.8AI score0.00142EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/18 6:56 a.m.10 views

CVE-2026-4273

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to validate that the RefreshedToken differs from the original invite token during remote cluster invite confirmation which allows an authenticated attacker to bypass token rotation and reuse the original invite token via sending a craft...

3.7CVSS5.8AI score0.00142EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.12 views

PT-2026-41643

Name of the Vulnerable Software and Affected Versions Mattermost versions 11.5.0 through 11.5.1 Mattermost versions 10.11.0 through 10.11.13 Description Insufficient token rotation validation occurs during remote cluster invite confirmation. An authenticated attacker can bypass token rotation and...

4.3CVSS5.9AI score0.00142EPSS
Exploits0References9
NVD
NVD
added 2026/05/15 5:16 p.m.53 views

CVE-2026-45035

Tabby formerly Terminus is a highly configurable terminal emulator. Prior to 1.0.233, Tabby registers itself as the handler for the tabby:// URL scheme on all platforms. The URL scheme handler supports a run command that directly executes OS commands with no user confirmation, sanitization, or...

9.4CVSS0.0038EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/15 4:47 p.m.12 views

CVE-2026-45036 Tabby auto-confirms ZMODEM detection on terminal output, leading to shell command execution from displayed file content under fish, bash, and zsh

Tabby formerly Terminus is a highly configurable terminal emulator. Prior to 1.0.233, Tabby before 1.0.233 automatically confirms ZMODEM protocol detection on all terminal session output without user interaction, enabling shell command execution when a user displays attacker-controlled content. T...

7CVSS6.2AI score0.0013EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/15 4:41 p.m.78 views

CVE-2026-45035 Tabby: RCE via `tabby://run` URL Scheme

Tabby formerly Terminus is a highly configurable terminal emulator. Prior to 1.0.233, Tabby registers itself as the handler for the tabby:// URL scheme on all platforms. The URL scheme handler supports a run command that directly executes OS commands with no user confirmation, sanitization, or...

9.4CVSS0.0038EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/15 4:41 p.m.7 views

CVE-2026-45035 Tabby: RCE via `tabby://run` URL Scheme

Tabby formerly Terminus is a highly configurable terminal emulator. Prior to 1.0.233, Tabby registers itself as the handler for the tabby:// URL scheme on all platforms. The URL scheme handler supports a run command that directly executes OS commands with no user confirmation, sanitization, or...

9.4CVSS5.9AI score0.0038EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/15 4:41 p.m.14 views

CVE-2026-45035

Tabby formerly Terminus is a highly configurable terminal emulator. Prior to 1.0.233, Tabby registers itself as the handler for the tabby:// URL scheme on all platforms. The URL scheme handler supports a run command that directly executes OS commands with no user confirmation, sanitization, or...

9.4CVSS5.9AI score0.0038EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/15 12:0 a.m.12 views

PT-2026-41320

Tabby formerly Terminus is a highly configurable terminal emulator. Prior to 1.0.233, Tabby registers itself as the handler for the tabby:// URL scheme on all platforms. The URL scheme handler supports a run command that directly executes OS commands with no user confirmation, sanitization, or...

9.4CVSS5.9AI score0.0038EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2026/05/11 8:36 p.m.13 views

OpenSSH: OpenSSH: Low integrity impact from unconfirmed proxy-mode multiplexing sessions

A flaw was found in OpenSSH. This vulnerability allows for a low integrity impact due to the omission of connection multiplexing confirmation for proxy-mode multiplexing sessions. A local user, under specific and complex conditions requiring user interaction, could potentially establish a...

2.5CVSS5.8AI score0.0013EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.10 views

Claude Code 输入验证错误漏洞

Claude Code is a native AI programming tool developed by Anthropic. In versions 2.1.63 to 2.1.83 of Claude Code, there is a vulnerability related to input validation errors. This vulnerability arises from the lack of validation for the content of the git worktree commondir file in the folder trus...

8.8CVSS5.9AI score0.00281EPSS
Exploits0References1
Oracle linux
Oracle linux
added 2026/05/05 12:0 a.m.16 views

openssh security update

8.7p1-49.0.1 - Upstream references found with /usr/bin/ssh Orabug: 37814929 - upstream: fix AuthorizedPrincipalsCommand when AuthorizedKeysCommand Orabug: 37647064 - Update upstream references Orabug: 36564626 8.7p1-49 - CVE-2026-35385: Fix privilege escalation via scp legacy protocol when not in...

8.1CVSS6AI score0.00419EPSS
Exploits0
Rows per page
Query Builder