Lucene search
+L

3962 matches found

Vulnrichment
Vulnrichment
added 2026/04/03 8:10 p.m.2 views

CVE-2026-35562 Allocation of resources without limits in parsing components in Amazon Athena ODBC driver

Allocation of resources without limits in the parsing components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to cause a denial of service by delivering crafted input that triggers excessive resource consumption during the driver's parsing operations. To remediate this...

8.7CVSS5.9AI score0.00379EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/04/03 8:10 p.m.2 views

CVE-2026-35561

Insufficient authentication security controls in the browser-based authentication components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to intercept or hijack authentication sessions due to insufficient protections in the browser-based authentication flows. To remediat...

9.1CVSS5.9AI score0.00473EPSS
Exploits0References7
EUVD
EUVD
added 2026/04/03 9:30 a.m.5 views

EUVD-2025-209201

Incorrect Default Permissions vulnerability in AIRBUS PSS TETRA Connectivity Server on Windows Server OS allows Privilege Abuse. An attacker may execute arbitrary code with SYSTEM privileges if a user is tricked or directed to place a crafted file into the vulnerable directory. This issue affects...

8.6CVSS6.3AI score0.00135EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/03 7:30 a.m.3 views

CVE-2025-7024 Local privilege escalation in Windows Server OS through installed Tetra Connectivity Server (TCS)

Incorrect Default Permissions vulnerability in AIRBUS PSS TETRA Connectivity Server on Windows Server OS allows Privilege Abuse. An attacker may execute arbitrary code with SYSTEM privileges if a user is tricked or directed to place a crafted file into the vulnerable directory. This issue affects...

8.6CVSS6.3AI score0.00135EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/03 7:30 a.m.25 views

CVE-2025-7024 Local privilege escalation in Windows Server OS through installed Tetra Connectivity Server (TCS)

Incorrect Default Permissions vulnerability in AIRBUS PSS TETRA Connectivity Server on Windows Server OS allows Privilege Abuse. An attacker may execute arbitrary code with SYSTEM privileges if a user is tricked or directed to place a crafted file into the vulnerable directory. This issue affects...

8.6CVSS0.00135EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/03 7:30 a.m.7 views

CVE-2025-7024

Incorrect Default Permissions vulnerability in AIRBUS PSS TETRA Connectivity Server on Windows Server OS allows Privilege Abuse. An attacker may execute arbitrary code with SYSTEM privileges if a user is tricked or directed to place a crafted file into the vulnerable directory. This issue affects...

8.6CVSS6.3AI score0.00135EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/04/03 7:30 a.m.11 views

CVE-2025-7024

CVE-2025-7024 affects AIRBUS PSS TETRA Connectivity Server on Windows Server. The issue is an Incorrect Default Permissions vulnerability in the TETRA Connectivity Server, enabling a local attacker to place a crafted file in a vulnerable directory to execute arbitrary code with SYSTEM privileges ...

8.6CVSS6.3AI score0.00135EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/04/03 12:0 a.m.12 views

Airbus AIRBUS PSS TETRA Connectivity Server 安全漏洞

Airbus AIRBUS PSS TETRA Connectivity Server is a communication software developed by Airbus. Version 7.0 of Airbus AIRBUS PSS TETRA Connectivity Server contains a security vulnerability. This vulnerability stems from improper default permission settings, which may lead to unauthorized access and...

8.6CVSS6.1AI score0.00135EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/03 12:0 a.m.5 views

PT-2026-29994

Name of the Vulnerable Software and Affected Versions AIRBUS PSS TETRA Connectivity Server version 7.0 Description A flaw exists in AIRBUS PSS TETRA Connectivity Server on Windows Server OS that could allow an attacker to execute arbitrary code with SYSTEM privileges if a user is tricked into...

8.6CVSS6.2AI score0.00135EPSS
Exploits0References5
Qualys Blog
Qualys Blog
added 2026/03/30 3:0 p.m.8 views

Optimizing Risk Discovery and Remediation with Qualys Gateway Service (QGS)

Unpatched vulnerabilities remain one of the largest drivers of cyber risk, accounting for nearly 60% of cyber compromises. Modern security programs are therefore measured not only by how quickly they discover risk, but also by how efficiently they remediate it. As organizations scale vulnerabilit...

5.8AI score
Exploits0
Fedora
Fedora
added 2026/03/25 1:39 a.m.9 views

[SECURITY] Fedora 43 Update: containernetworking-plugins-1.9.1-1.fc43

Reference and example networking plugins, maintained by the CNI team. The CNI Container Network Interface project consists of a specification and libraries for writing plugins to configure network interfaces in Linux containers, along with a number of supported plugins. CNI concerns itself only...

7.5CVSS7AI score0.00523EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/03/24 9:31 a.m.4 views

CVE-2026-32942

A flaw was found in PJSIP, a multimedia communication library. A remote attacker could exploit a heap use-after-free vulnerability in the Interactive Connectivity Establishment ICE session. This occurs due to race conditions between session destruction and callbacks, potentially allowing for...

9.3CVSS6.5AI score0.00319EPSS
Exploits0References2
CVE
CVE
added 2026/03/20 8:25 a.m.13 views

CVE-2026-3550

CVE-2026-3550 – RockPress (WordPress) vulnerability : RockPress

5.3CVSS5.8AI score0.00402EPSS
Exploits0References16
Vulnrichment
Vulnrichment
added 2026/03/20 8:25 a.m.6 views

CVE-2026-3550 RockPress <= 1.0.17 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Modification via AJAX Actions

The RockPress plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.17. This is due to missing capability checks on multiple AJAX actions rockpressimport, rockpressimportstatus, rockpresslastimport, rockpressresetimport, and rockpresscheckservices...

5.3CVSS5.8AI score0.00402EPSS
Exploits0References16
EUVD
EUVD
added 2026/03/20 3:43 a.m.4 views

EUVD-2026-13520

PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below contain a heap use-after-free vulnerability in the ICE session that occurs when there are race conditions between session destruction and the callbacks. This issue has been fixed in version 2.17...

9.3CVSS5.7AI score0.00319EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/20 3:27 a.m.3 views

CVE-2026-32939

DataEase is an open source data visualization analysis tool. Versions 2.10.19 and below have inconsistent Locale handling between the JDBC URL validation logic and the H2 JDBC engine's internal parsing. DataEase uses String.toUpperCase without specifying an explicit Locale, causing its security...

7.7CVSS5.8AI score0.00447EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/20 12:0 a.m.8 views

PT-2026-26591

The RockPress plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.17. This is due to missing capability checks on multiple AJAX actions rockpress import, rockpress import status, rockpress last import, rockpress reset import, and rockpress check...

5.3CVSS5.8AI score0.00402EPSS
Exploits0References18
Vulnrichment
Vulnrichment
added 2026/03/11 4:31 p.m.7 views

CVE-2026-20074 Cisco IOS XR Software Multi-Instance Intermediate System-to-Intermediate System Denial of Service Vulnerability

A vulnerability in the Intermediate System-to-Intermediate System IS-IS multi-instance routing feature of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the IS-IS process to restart unexpectedly. This vulnerability is due to insufficient input validation of ingre...

7.4CVSS5.8AI score0.0016EPSS
Exploits0References1
Wired Threat Level
Wired Threat Level
added 2026/03/06 8:6 p.m.8 views

The Future of Iran’s Internet Is More Uncertain Than Ever

Iran’s internet shutdown has reduced connectivity by 99 percent, with air strikes likely causing additional outages, and few workarounds remaining...

5.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/02/19 12:0 a.m.5 views

Amazon Linux 2 : freerdp, --advisory ALAS2-2026-3166 (ALAS-2026-3166)

The version of freerdp installed on the remote host is prior to 2.11.7-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3166 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a malicious RDP server can trigger a...

9.8CVSS6AI score0.00756EPSS
Exploits6References14
Rows per page
Query Builder