Lucene search
+L

817 matches found

cve
cve
added yesterday6 views

CVE-2026-38974

CVE-2026-38974 affects Dulwich up to version 1.1.0. The issue is in the SSH-related code path at contrib/paramiko_vendor.py, where SSH host key verification is missing. This absence can allow an attacker to perform a man-in-the-middle potentially compromising authenticity checks during SSH sessio...

6.1AI score
Exploits0References2
ptsecurity
ptsecurity
added yesterday5 views

PT-2026-60333

Name of the Vulnerable Software and Affected Versions Dulwich versions prior to 1.1.0 Description Dulwich fails to perform SSH host key verification within the contrib/paramiko vendor.py file. This lack of verification allows for potential man-in-the-middle attacks during SSH connections...

6.1AI score
Exploits0References4
cvelist
cvelist
added 6 days ago32 views

CVE-2026-11915 Brute force attack protection - Critical - Unsupported - SA-CONTRIB-2026-047

vulnerability in Drupal Brute force attack protection allows . This issue affects Brute force attack protection versions:...

0.00192EPSS
Exploits0References1
cvelist
cvelist
added 6 days ago33 views

CVE-2026-15087 Clean RESTful - Critical - Unsupported - SA-CONTRIB-2026-078

vulnerability in Drupal Clean RESTful allows . This issue affects Clean RESTful versions:...

0.00392EPSS
Exploits0References1
cvelist
cvelist
added 6 days ago31 views

CVE-2026-15086 Raw Formatter [Meta Tag Formatter] - Critical - Unsupported - SA-CONTRIB-2026-077

vulnerability in Drupal Raw Formatter Meta Tag Formatter allows . This issue affects Raw Formatter Meta Tag Formatter versions:...

0.00414EPSS
Exploits0References1
cve
cve
added 6 days ago10 views

CVE-2026-15089

The CVE-2026-15089 entry concerns a vulnerability in Drupal Commerce guest registration. Affected component: Drupal Commerce guest registration feature; details on affected versions are not provided beyond “. ” in the documents. The CVSS 3.1 base score is listed as 9.1 (CRITICAL) with high confid...

9.1CVSS6.1AI score0.00508EPSS
Exploits0References1
osv
osv
added 6 days ago3 views

CVE-2026-13243 Salesforce Suite - Moderately critical - Cross-site request forgery - SA-CONTRIB-2026-063

Cross-Site Request Forgery CSRF vulnerability in Drupal Salesforce Suite allows Cross Site Request Forgery. This issue affects Salesforce Suite versions: from 0.0.0 to 5.1.3...

4.8CVSS6.1AI score0.0009EPSS
Exploits0References5
cve
cve
added 6 days ago16 views

CVE-2026-10770

The CVE-2026-10770 entry corresponds to a Reflected XSS in Drupal Anti-Spam by CleanTalk, affecting versions 0.0.0 through 9.7.1. The root cause is improper neutralization of input in the module’s HTML output, where CleanTalk API response content is echoed directly via _cleantalk_die() and ct_die...

6.1CVSS6.1AI score0.00181EPSS
Exploits0References1
redhat
redhat
added 2026/06/25 5:48 a.m.7 views

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: opentelemetry-collector-contrib: opentelemetry-collector-contrib-0.155.0-0.1.hum1 aarch64, x8664 opentelemetry-collector-contrib-0.155.0-0.1.hum1.src src...

8.1CVSS5.8AI score0.00761EPSS
Exploits0References5
drupal
drupal
added 2026/06/24 12:0 a.m.11 views

Geolocation Field - Critical - SQL Injection - SA-CONTRIB-2026-062

Geolocation modules adds a field to store coordinates and provides supporting plumbing for views and other modules. One of the provided views filters does not sufficiently sanitize values if exposed to user input resulting in a SQL injection vulnerability. This vulnerability is mitigated by the...

6.5CVSS5.9AI score0.00165EPSS
Exploits0References2
osv
osv
added 2026/06/19 4:51 p.m.3 views

OPENSUSE-SU-2026:21102-1 Security update for postgresql14

This update for postgresql14 fixes the following issues Security issues: - CVE-2026-6472: ensure the user has CREATE privilege on the schema specified bsc1265172. - CVE-2026-6473: integer overflows in memory-allocation calculations bsc1265173. - CVE-2026-6474: Guard against malicious time zone...

8.8CVSS6.9AI score0.00668EPSS
Exploits0References17
osv
osv
added 2026/06/18 3:5 p.m.8 views

GHSA-W5CV-PW74-4RXC opentelemetry-collector-contrib: githubreceiver silently ignores configured required_headers authentication

githubreceiver Silently Ignores Configured requiredheaders Authentication Summary The githubreceiver webhook handler does not enforce the requiredheaders configuration. Headers are validated at startup config rejects empty keys/values but never checked on incoming requests. This follows the same...

6.9CVSS5.5AI score
Exploits0References2
redhat
redhat
added 2026/06/12 12:27 p.m.6 views

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: opentelemetry-collector-contrib: opentelemetry-collector-contrib-0.153.0-1.hum1 aarch64, x8664 opentelemetry-collector-contrib-0.153.0-1.hum1.src src...

7.5CVSS5.8AI score0.00326EPSS
Exploits0References3
osv
osv
added 2026/06/10 5:10 p.m.9 views

DRUPAL-CONTRIB-2026-047

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466s-becoming-owner-maintainer-or-co-mai...

5.9CVSS5.5AI score0.00192EPSS
Exploits0References1
drupal
drupal
added 2026/06/10 12:0 a.m.9 views

Mother May I - Critical - Unsupported - SA-CONTRIB-2026-045

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466s-becoming-owner-maintainer-or-co-mai...

9.8CVSS5.2AI score0.0032EPSS
Exploits0References2
osv
osv
added 2026/06/08 2:1 p.m.10 views

CLEANSTART-2026-MC76610 Security fixes for CVE-2026-27145, CVE-2026-33816, CVE-2026-34986, CVE-2026-39821, CVE-2026-39824, CVE-2026-39883, CVE-2026-41602, CVE-2026-42504, CVE-2026-42507, CVE-2026-46595, ghsa-6g7g-w4f8-9c9x, ghsa-p77j-4mvh-x3m3, ghsa-xmrv-pmrh-hhx2 applied in versions: 0.144.0-r3, 0.144.0-r4, 0.150.0-r0, 0.150.0-r1

Multiple security vulnerabilities affect the opentelemetry-collector-contrib package. These issues are resolved in later releases. See references for individual vulnerability details...

10CVSS7.2AI score0.01163EPSS
Exploits1References24
suse
suse
added 2026/05/29 3:30 p.m.15 views

Security update for postgresql14

This update for postgresql14 fixes the following issues Update to version 14.23. Security issues: CVE-2026-6472: ensure the user has CREATE privilege on the schema specified bsc1265172. CVE-2026-6473: integer overflows in memory-allocation calculations bsc1265173. CVE-2026-6474: Guard against...

8.8CVSS6.1AI score0.00668EPSS
Exploits0References36
suse
suse
added 2026/05/27 7:56 a.m.15 views

Security update for postgresql14

This update for postgresql14 fixes the following issues Security issues: CVE-2026-6472: ensure the user has CREATE privilege on the schema specified bsc1265172. CVE-2026-6473: integer overflows in memory-allocation calculations bsc1265173. CVE-2026-6474: Guard against malicious time zone names...

8.8CVSS6AI score0.00668EPSS
Exploits0References36
cnnvd
cnnvd
added 2026/05/26 12:0 a.m.11 views

OpenTelemetry Collector Contrib 信任管理问题漏洞

OpenTelemetry Collector Contrib is an extensible telemetry data collection component library developed by OpenTelemetry - CNCF. Versions of OpenTelemetry Collector Contrib prior to 1.1.0 contained a trust management vulnerability. This vulnerability stemmed from the lack of validation of HTTPS/TL...

6.5CVSS5.8AI score0.00207EPSS
Exploits0References1
suse
suse
added 2026/05/19 8:20 a.m.22 views

Security update for postgresql15

This update for postgresql15 fixes the following issues Update to version 15.18. Security issues: CVE-2026-6472: ensure the user has CREATE privilege on the schema specified bsc1265172. CVE-2026-6473: integer overflows in memory-allocation calculations bsc1265173. CVE-2026-6474: Guard against...

8.8CVSS6.1AI score0.00668EPSS
Exploits0References36
Rows per page
Query Builder