Lucene search
K

544 matches found

Nuclei
Nuclei
added 5 hours ago32 views

Apache NiFi - Information Disclosure

Apache NiFi 1.10.0 through 2.0.0 are missing fine-grained authorization checking for Parameter Contexts, referenced Controller Services, and referenced Parameter Providers, when creating new Process Groups. Creating a new Process Group can include binding to a Parameter Context, but in cases wher...

5.4CVSS6.2AI score0.03095EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/07/06 5:32 a.m.11 views

Node.js: Node.js: Trust-policy bypass due to hostname matching inconsistency

A flaw was found in Node.js. An inconsistency in how Node.js matches hostnames can be exploited by a remote attacker in multi-context mTLS mutual Transport Layer Security setups. This vulnerability allows for a trust-policy bypass, potentially leading to unauthorized access to sensitive informati...

5.4CVSS6AI score0.00256EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/26 12:44 p.m.10 views

CVE-2026-53085

A flaw was found in the Linux kernel's Berkeley Packet Filter BPF subsystem. This use-after-free vulnerability occurs when the taskvma iterator reads task memory without properly acquiring a reference, allowing the memory structure to be freed concurrently while still in use. This can lead to...

7.8CVSS5.7AI score0.00113EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/23 8:59 p.m.28 views

CVE-2026-41862

Spring Statemachine's Kryo-based persistence backends JPA, MongoDB, Redis and ZooKeeper deserialise persisted state-machine contexts without enforcing a class allowlist CWE-502, deserialisation of untrusted data, which can lead to remote code execution inside the application JVM. Affected version...

8.8CVSS0.00423EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/23 8:59 p.m.8 views

EUVD-2026-38596

Spring Statemachine's Kryo-based persistence backends JPA, MongoDB, Redis and ZooKeeper deserialise persisted state-machine contexts without enforcing a class allowlist CWE-502, deserialisation of untrusted data, which can lead to remote code execution inside the application JVM. Affected version...

8.8CVSS6.5AI score0.00423EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.15 views

PT-2026-51593

Name of the Vulnerable Software and Affected Versions Spring Statemachine versions 4.0.0 through 4.0.1 Spring Statemachine versions 3.2.0 through 3.2.4 Description Kryo-based persistence backends, including JPA, MongoDB, Redis, and ZooKeeper, deserialize persisted state-machine contexts without...

8.8CVSS6.4AI score0.00423EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 p.m.13 views

CVE-2026-41852

A flaw was found in Spring Framework. A vulnerability in the Spring Expression Language SpEL evaluation logic allows an attacker to invoke arbitrary zero-argument methods, even in restricted contexts. This can lead to the execution of unintended application logic, potentially resulting in a Denia...

5.3CVSS6AI score0.00164EPSS
Exploits0References4
Snyk
Snyk
added 2026/06/11 12:0 a.m.6 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data. The Kryo-based persistence serializers KryoStateMachineSerialisationService / AbstractKryoStateMachineSerialisationService deserialise persisted state-machine contexts without enabling...

8.8CVSS6.5AI score0.00423EPSS
Exploits0References2
Spring Security Advisories
Spring Security Advisories
added 2026/06/11 12:0 a.m.19 views

cve-2026-41862 - HIGH - Kryo deserialization of persisted context without class allowlist

cve-2026-41862 - HIGH - Kryo deserialization of persisted context without class allowlist...

8.8CVSS6.1AI score0.00423EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/06/09 5:16 a.m.18 views

CVE-2026-41852

A vulnerability in Spring Expression Language SpEL evaluation logic allows for arbitrary zero-argument method invocation, even within restricted or read-only contexts, which may allow an attacker to invoke unintended application logic. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2....

5.3CVSS0.00164EPSS
Exploits0References1
OSV
OSV
added 2026/06/09 5:16 a.m.10 views

UBUNTU-CVE-2026-41852

A vulnerability in Spring Expression Language SpEL evaluation logic allows for arbitrary zero-argument method invocation, even within restricted or read-only contexts, which may allow an attacker to invoke unintended application logic. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2....

5.3CVSS5.6AI score0.00164EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/09 3:51 a.m.48 views

CVE-2026-41852 Spring Framework Arbitrary Method Invocation in SpEL Expressions

A vulnerability in Spring Expression Language SpEL evaluation logic allows for arbitrary zero-argument method invocation, even within restricted or read-only contexts, which may allow an attacker to invoke unintended application logic. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2....

3.7CVSS0.00164EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 3:51 a.m.44 views

CVE-2026-41852

The CVE affects Spring Framework via SpEL evaluation allowing arbitrary zero-argument method invocation in restricted/read-only contexts across multiple versions (7.0.0–7.0.7; 6.2.0–6.2.18; 6.1.0–6.1.27; 5.3.0–5.3.48). Root cause is the SpEL evaluation logic, enabling invocation of unintended app...

5.3CVSS5.6AI score0.00164EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/09 3:51 a.m.12 views

CVE-2026-41852 Spring Framework Arbitrary Method Invocation in SpEL Expressions

A vulnerability in Spring Expression Language SpEL evaluation logic allows for arbitrary zero-argument method invocation, even within restricted or read-only contexts, which may allow an attacker to invoke unintended application logic. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2....

3.7CVSS5.6AI score0.00164EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 3:51 a.m.16 views

EUVD-2026-35340

A vulnerability in Spring Expression Language SpEL evaluation logic allows for arbitrary zero-argument method invocation, even within restricted or read-only contexts, which may allow an attacker to invoke unintended application logic. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2....

3.7CVSS5.6AI score0.00164EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.17 views

PT-2026-47663

Name of the Vulnerable Software and Affected Versions Spring Framework versions 7.0.0 through 7.0.7 Spring Framework versions 6.2.0 through 6.2.18 Spring Framework versions 6.1.0 through 6.1.27 Spring Framework versions 5.3.0 through 5.3.48 Description A flaw in the Spring Expression Language SpE...

5.3CVSS5.4AI score0.00164EPSS
Exploits0References9
OPENSUSE Linux
OPENSUSE Linux
added 2026/06/08 12:0 a.m.9 views

Security update for epiphany (important)

openSUSE Security Update: Security update for epiphany Announcement ID: openSUSE-SU-2026:0193-1 Rating: important References: 1208472 Cross-References: CVE-2023-26081 Affected Products: openSUSE Backports SLE-15-SP7 An update that fixes one vulnerability is now available. Description: This update...

7.5CVSS6.9AI score0.01228EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2026/06/02 10:15 p.m.9 views

OpenSSH: OpenSSH: Security bypass via mishandling of authorized_keys principals option

A flaw was found in OpenSSH. This vulnerability arises from the incorrect handling of the authorizedkeys principals option in uncommon scenarios. Specifically, when a principals list is used with a Certificate Authority that includes comma characters, OpenSSH may misinterpret the input. This coul...

8.1CVSS5.9AI score0.00176EPSS
Exploits0References7
Packet Storm News
Packet Storm News
added 2026/06/02 12:0 a.m.18 views

WebADM Security Auditor and Content Exposure Scanner

This Python script is a defensive security auditing tool designed to analyze a target web application for potential information exposure and security misconfigurations, specifically focusing on environments resembling WebADM. This was tested on version 2.4.17-1...

5.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-45913

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: bridge: mcast: always update mdbnentries for vlan contexts syzbot triggered a warning1 about the number of mdb entries in a context. It turned out that the...

5.5CVSS6.2AI score0.00155EPSS
Exploits0References3
Rows per page
Query Builder