Lucene search
+L

29840 matches found

nvd
nvd
added yesterday6 views

CVE-2026-50148

Metabase is an open-source business intelligence and embedded analytics tool. From 1.54.0 until 1.54.24, 1.55.24, 1.56.25, 1.57.19, 1.58.14, 1.59.10, and 1.60.4, a Metabase user with permission to add or edit a database connection can achieve remote code execution on the Metabase server by...

10CVSS0.00338EPSS
Exploits0References1
redhat
redhat
added yesterday2 views

kernel: nvmet-tcp: fix race between ICReq handling and queue teardown

A flaw was found in the Linux kernel's NVMe over TCP nvmet-tcp implementation. A race condition exists between the handling of an Initialization Connection Request ICReq and the teardown of a queue. A remote attacker, by sending an ICReq and immediately closing the connection, could trigger a...

9.8CVSS6.1AI score0.00353EPSS
Exploits0References5
redhat
redhat
added yesterday3 views

kernel: netfilter: nf_conntrack_helper: pass helper to expect cleanup

A flaw was found in the Linux kernel's netfilter subsystem, specifically within the nfconntrackhelper. When a connection tracking helper is unregistered, its associated expectations are not properly cleaned up. This oversight can lead to a use-after-free vulnerability, where the system attempts t...

7.8CVSS6AI score0.00131EPSS
Exploits0References5
euvd
euvd
added yesterday4 views

EUVD-2026-44702

Metabase is an open-source business intelligence and embedded analytics tool. From 1.57.0 until 1.57.19.1, 1.58.14.1, 1.59.10, and 1.60.4, an attacker who can configure a Metabase database connection can read arbitrary files from the Metabase server's filesystem by adding unsafe JDBC parameters t...

7.6CVSS6.2AI score0.00037EPSS
Exploits0References1
cvelist
cvelist
added yesterday21 views

CVE-2026-50147 Metabase: Arbitrary File Read via MySQL Connection Property Injection

Metabase is an open-source business intelligence and embedded analytics tool. From 1.57.0 until 1.57.19.1, 1.58.14.1, 1.59.10, and 1.60.4, an attacker who can configure a Metabase database connection can read arbitrary files from the Metabase server's filesystem by adding unsafe JDBC parameters t...

7.6CVSS0.00037EPSS
Exploits0References1
cve
cve
added yesterday6 views

CVE-2026-50147

Summary : Metabase contains an arbitrary file-read vulnerability in multiple affected releases. From 1.57.0 through 1.57.19.1, 1.58.14.1, 1.59.10, and 1.60.4, an attacker who can configure a Metabase database connection can read arbitrary files on the Metabase host by injecting unsafe JDBC parame...

7.6CVSS6.2AI score0.00037EPSS
Exploits0References1
redhat
redhat
added yesterday3 views

undici: undici: Information disclosure and data integrity issues due to incorrect Socks5ProxyAgent connection routing

A flaw was found in undici. When using Socks5ProxyAgent, undici incorrectly reuses a single connection pool across different origins. This can lead to cross-origin request routing, where sensitive credentials and data intended for one destination are sent to another. Consequently, responses from...

8.8CVSS6.6AI score0.00358EPSS
Exploits0References6
cisa_kev
cisa_kev
added yesterday6 views

KNX Association KNX Protocol Connection Authorization Option 1 Overly Restrictive Account Lockout Mechanism Vulnerability

KNX Association KNX Protocol Connection Authorization Option 1 contains an overly restrictive account lockout mechanism vulnerability that could allow an attacker to purge all devices without additional security options enabled and set a BCU key to lock the device...

7.5CVSS6.1AI score0.00483EPSS
In wildExploits0
redhat
redhat
added 2 days ago5 views

kernel: Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold

A flaw was found in the Linux kernel's Bluetooth SCO Synchronous Connection-Oriented protocol implementation. The scorecvframe function fails to properly hold a reference to a socket after releasing a lock. This oversight allows a concurrent operation to free the socket while it is still being...

8.8CVSS6.3AI score0.003EPSS
Exploits0References5
redhat
redhat
added 2 days ago5 views

kernel: nvmet-tcp: fix race between ICReq handling and queue teardown

A flaw was found in the Linux kernel's NVMe over TCP nvmet-tcp implementation. A race condition exists between the handling of an Initialization Connection Request ICReq and the teardown of a queue. A remote attacker, by sending an ICReq and immediately closing the connection, could trigger a...

9.8CVSS6.1AI score0.00353EPSS
Exploits0References5
cvelist
cvelist
added 2 days ago28 views

CVE-2026-52840 Easy!Appointments has server-side request forgery in CalDAV connection test that exposes the deployment's internal network

Easy!Appointments is a self hosted appointment scheduler. In versions prior to 1.6.0, Caldav::connecttoserver at application/controllers/Caldav.php:60 hands the request's caldavurl to a Guzzle REPORT call without scheme or host validation. A logged-in backend user admin, provider, or secretary...

2.7CVSS0.00186EPSS
Exploits0References2
cve
cve
added 2 days ago11 views

CVE-2026-12707

CVE-2026-12707 affects Cloudflare quiche. After QUIC handshakes, an attacker can trigger unbounded queuing of PathEvent::ReusedSourceConnectionId during rapid source address migration, causing memory resource exhaustion. Affected component is quiche’s PathEvents collection (path_event_next() drai...

7.5CVSS6.1AI score0.00252EPSS
Exploits0References1
nvd
nvd
added 2 days ago6 views

CVE-2026-15736

Snowflake SQLAlchemy versions prior to 1.11.0 contain several security vulnerabilities, including: Improper handling of user-supplied column identifiers in merge operations could allow SQL injection through attacker-controlled input keys. An attacker may be able to exploit this through request...

8.3CVSS0.00267EPSS
Exploits0References1
cve
cve
added 2 days ago5 views

CVE-2026-9653

The vulnerability CVE-2026-9653 affects Rockwell Automation 1756-EN2, EN3, and ENBT communication modules. It stems from improper validation of CIP Implicit Connection packets, enabling network-remote denial-of-service when an attacker sends crafted packets; device connections recover immediately...

8.7CVSS6.1AI score0.00178EPSS
Exploits0References1
cve
cve
added 2 days ago8 views

CVE-2026-15736

Snowflake SQLAlchemy

8.3CVSS6.1AI score0.00267EPSS
Exploits0References1
cve
cve
added 2 days ago9 views

CVE-2026-10051

CVE-2026-10051 concerns Eclipse Jetty: the first HTTP/1.1 request with trailers is retained on the same connection, making subsequent requests either report the first request’s trailers or their union with the current request. This implies a potential confidentiality impact on trailer data (per C...

7.5CVSS6.1AI score0.00253EPSS
Exploits1References1Affected Software1
osv
osv
added 2 days ago2 views

CVE-2026-10051

In Eclipse Jetty, a first HTTP/1.1 request with trailers causes the server to retain the trailers in subsequent requests performed over the same connection. Subsequent request that do not have trailers report the trailers of the first request. Subsequent request that do have trailers report the...

6.9CVSS6.1AI score0.00253EPSS
Exploits1References4
euvd
euvd
added 2 days ago6 views

EUVD-2026-43645

In Eclipse Jetty, a first HTTP/1.1 request with trailers causes the server to retain the trailers in subsequent requests performed over the same connection. Subsequent request that do not have trailers report the trailers of the first request. Subsequent request that do have trailers report the...

7.5CVSS6.1AI score0.00253EPSS
Exploits1References1
redhatcve
redhatcve
added 2 days ago7 views

CVE-2026-51537

A flaw was found in OpENer. An out-of-bounds read vulnerability exists in the Connection Manager when processing malformed ForwardOpen requests. A remote attacker can send a specially crafted Ethernet/IP ENIP frame with an insufficient Common Industrial Protocol CIP ForwardOpen/LargeForwardOpen...

9.1CVSS6.1AI score0.00434EPSS
Exploits0References5
euvd
euvd
added 2 days ago4 views

EUVD-2026-43603

EIPStackGroup OpENer 2.3.0 commit 76b95cf has an out-of-bounds read issue in Connection Manager handling of ForwardOpen requests when processing short malformed packets. An attacker can send a valid ENIP outer frame carrying a malformed CIP ForwardOpen/LargeForwardOpen request, causing the parser...

9.1CVSS6.1AI score0.00434EPSS
Exploits0References3
Rows per page
Query Builder