Lucene search
+L

4780 matches found

euvd
euvd
added 2 hours ago3 views

EUVD-2026-44895

A local privilege escalation vulnerability in ESET Inspect Connector. The vulnerability was caused by improper authentication in an IPC channel...

8.5CVSS6.1AI score
Exploits0References2
euvd
euvd
added 2 hours ago3 views

EUVD-2026-44869

Improper TLS hostname verification in Snowflake Connector for Python versions prior to 4.7.1 may have allowed a network-positioned attacker to bypass certificate hostname validation on HTTPS connections made by the connector. An attacker with on-path network access could exploit this by...

9.2CVSS6.2AI score
Exploits0References2
cve
cve
added 3 hours ago11 views

CVE-2026-6423

CVE-2026-6423 concerns a local privilege escalation in the ESET Inspect Connector caused by improper authentication on an ALPC IPC channel. The CVSS 4.0 vector (AV:L/AC:L/PR:L/UI:N/ATT:N/VC:H/VI:H/SA:N/SI:N/VA:H) yields a base score of 8.5 (HIGH). Reported impact indicates elevated confidentialit...

8.5CVSS6.1AI score
Exploits0References1
cve
cve
added 6 hours ago11 views

CVE-2026-15925

The CVE-2026-15925 entry describes an Improper TLS hostname verification vulnerability in Snowflake Connector for Python and affects versions prior to 4.7.1. An on-path attacker who can intercept traffic could bypass hostname validation during HTTPS connections by presenting a certificate from an...

9.2CVSS6.2AI score
Exploits0References2
cvelist
cvelist
added 6 hours ago8 views

CVE-2026-15925 Improper TLS Hostname Verification in Snowflake Connector for Python

Improper TLS hostname verification in Snowflake Connector for Python versions prior to 4.7.1 and 3.18.1 may have allowed a network-positioned attacker to bypass certificate hostname validation on HTTPS connections made by the connector. An attacker with on-path network access could exploit this b...

9.2CVSS
Exploits0References2
euvd
euvd
added yesterday5 views

EUVD-2026-44716

A vulnerability in Cisco Identity Services Engine ISE and Cisco ISE Passive Identity Connector ISE-PIC could allow an authenticated, remote attacker to perform path traversal attacks on the underlying operating system to either read or delete arbitrary files. To exploit this vulnerability, the...

5.5CVSS6.2AI score
Exploits0References1
nuclei
nuclei
added yesterday78 views

iTop Hub Connector - Information Disclosure

Combodo iTop is a simple, web based IT Service Management tool. Server, OS, DBMS, PHP, and iTop info name, version and parameters can be read by anyone having access to iTop URI. This issue has been patched in versions 2.7.11, 3.0.5, 3.1.2, and 3.2.0. id: CVE-2024-32870 info: name: iTop Hub...

5.8CVSS6.9AI score0.00731EPSS
Exploits0References3
nvd
nvd
added 2 days ago5 views

CVE-2026-15183

Multiple input validation vulnerabilities in the Snowflake Spark Connector spark-snowflake versions prior to 3.2.1 can allow attackers to exfiltrate OAuth client credentials, execute arbitrary SQL with the connector's Snowflake role, or redirect COPY operations to attacker-controlled storage. An...

9.2CVSS0.00208EPSS
Exploits0References1
cvelist
cvelist
added 2 days ago26 views

CVE-2026-15183 Input Validation Vulnerabilities in Snowflake Spark Connector

Multiple input validation vulnerabilities in the Snowflake Spark Connector spark-snowflake versions prior to 3.2.1 can allow attackers to exfiltrate OAuth client credentials, execute arbitrary SQL with the connector's Snowflake role, or redirect COPY operations to attacker-controlled storage. An...

9.2CVSS0.00208EPSS
Exploits0References1
euvd
euvd
added 2 days ago7 views

EUVD-2026-43644

Multiple input validation vulnerabilities in the Snowflake Spark Connector spark-snowflake versions prior to 3.2.1 can allow attackers to exfiltrate OAuth client credentials, execute arbitrary SQL with the connector's Snowflake role, or redirect COPY operations to attacker-controlled storage. An...

9.2CVSS6.3AI score0.00208EPSS
Exploits0References1
cve
cve
added 2 days ago7 views

CVE-2026-15183

The CVE concerns the Snowflake Spark Connector (spark-snowflake) prior to version 3.2.1, where multiple input-validation issues enable attackers to exfiltrate OAuth client credentials, run arbitrary SQL under the connector’s Snowflake role, or redirect COPY operations to attacker-controlled stora...

9.2CVSS6.3AI score0.00208EPSS
Exploits0References1
nuclei
nuclei
added 2 days ago569 views

elFinder <= 2.1.47 - Command Injection

elFinder before 2.1.48 has a command injection vulnerability in the PHP connector. The vulnerability occurs when performing image operations on JPEG files, where the filename is passed to the exiftran utility without proper sanitization, allowing command injection. id: CVE-2019-9194 info: name:...

9.8CVSS7AI score0.96633EPSS
Exploits11References5
redhat
redhat
added last week3 views

apache-cxf: org.apache.cxf/cxf-integration-jca: Apache CXF: Arbitrary code execution via JNDI Injection

A flaw was found in Apache CXF's JCA integration module. This Java Naming and Directory Interface JNDI Injection vulnerability allows for arbitrary code execution. A remote attacker could exploit this by manipulating the Java EE Connector Architecture JCA deployment descriptor ra.xml or runtime...

8.1CVSS6.4AI score0.0083EPSS
Exploits0References6
cve
cve
added last week14 views

CVE-2026-59207

The CVE covers n8n (open source workflow automation) where, prior to versions 2.27.4 and 2.28.1, the AI Agents feature did not enforce the Allowed HTTP Request Domains restriction configured on credentials when an MCP tool targeted an arbitrary URL. This allowed a member-level user with use-only ...

7.1CVSS6.1AI score0.00263EPSS
Exploits0References3Affected Software1
osv
osv
added last week7 views

CVE-2026-59207 n8n: "Allowed HTTP Request Domains" Restriction Bypass via AI Agents MCP Connector

n8n is an open source workflow automation platform. Prior to 2.27.4 and 2.28.1, the AI Agents feature did not enforce the Allowed HTTP Request Domains restriction configured on credentials when an MCP tool was pointed at an arbitrary URL, allowing a member-level user with use-only access to a...

7.1CVSS6.2AI score0.00263EPSS
Exploits0References5
redhat
redhat
added 2026/07/08 4:38 p.m.4 views

tomcat: Client certificate verification bypass due to virtual host mapping

A certificate validation flaw has been found in Apache Tomcat. omcat did not validate that the host name provided via the SNI extension was the same as the host name provided in the HTTP host header field. If Tomcat was configured with more than one virtual host and the TLS configuration for one ...

9.1CVSS6.9AI score0.00235EPSS
Exploits0References5
nuclei
nuclei
added 2026/07/07 4:50 p.m.65 views

Atlassian Confluence Server - Path Traversal

The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 the fixed version for 6.6.x, from version 6.7.0 before 6.12.3 the fixed version for 6.12.x, from version 6.13.0 before 6.13.3 the fixed version for 6.13.x, and from version 6.14.0 before 6.14.2 the fixed version for...

10CVSS8AI score0.99913EPSS
Exploits20References5
ossf
ossf
added 2026/07/07 6:25 a.m.8 views

Malicious code in zluri-ad-connector (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1b7a807f066f0255f7480ebd7d445043282260b464b0ef54a32a2d022c93bbf7 The package declares a preinstall hook node index.js that runs automatically on npm install. index.js requires os, dns, https, querystring, and the...

6AI score
Exploits0References1
osv
osv
added 2026/07/07 6:25 a.m.6 views

MAL-2026-6910 Malicious code in zluri-ad-connector (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1b7a807f066f0255f7480ebd7d445043282260b464b0ef54a32a2d022c93bbf7 The package declares a preinstall hook node index.js that runs automatically on npm install. index.js requires os, dns, https, querystring, and the...

6.1AI score
Exploits0References1
osv
osv
added 2026/07/06 4:18 p.m.6 views

BIT-TOMCAT-2026-53434 Apache Tomcat: Invalid CRL configuration doesn't trigger failure for FFM Connector

Detection of Error Condition Without Action vulnerability in Apache Tomcat when configuring CRLs for a FFM based connector. This issue affects Apache Tomcat: from 11.0.0 through 11.0.22, from 10.1.0 through 10.1.55, from 9.0.83 through 9.0.118. Users are recommended to upgrade to version 11.0.23,...

9.1CVSS6AI score0.00368EPSS
Exploits0References3
Rows per page
Query Builder