Lucene search
K

689 matches found

Wolfi
Wolfi
added 2026/04/17 8:0 p.m.13 views

CVE-2026-5878 vulnerabilities

Vulnerabilities for packages: chromium...

4.3CVSS5.7AI score0.00191EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/16 12:20 p.m.8 views

Security Bulletin: IBM SOAR QRadar Plugin App is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM SOAR QRadar Plugin App has addressed the applicable CVEs with an update. Vulnerability Details CVEID:CVE-2025-68146 DESCRIPTION: filelock is a...

6.5CVSS5.9AI score0.00184EPSS
Exploits1Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/14 1:1 a.m.5 views

Sigstore Timestamp Authority has Improper Certificate Validation in verifier

Authorization bypass via certificate bag manipulation in sigstore/timestamp-authority verifier An authorization bypass vulnerability exists in sigstore/timestamp-authority verifier timestamp-authority/v2/pkg/verification: VerifyTimestampResponse function correctly verifies the certificate chain b...

7.5CVSS5.7AI score0.00188EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.9 views

PT-2026-32578

MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, the chat export feature is vulnerable to Improper Neutralization of Formula Elements in a CSV File. When an administrator exports the application chat history to an Excel file .xlsx via the...

8.8CVSS5.8AI score0.00553EPSS
Exploits1References4
Circl
Circl
added 2026/04/13 6:1 p.m.3 views

CVE-2026-30804

creationtimestamp| type| source ---|---|--- 2026-04-13 18:01:43+00:00| seen| Telegram/mgx4OESgILIX0WlIlJJnUrKrutJBiy7rqG6NL0bWgANWmeU 2026-04-13 18:20:44+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjfi7bk2e52m...

8.6CVSS4.8AI score0.00432EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/04/09 3:4 p.m.98 views

cybersentinel-agent

CyberSentinel Agent Defensive cybersecurity agent framework w...

6.1AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/03 9:47 p.m.5 views

angorapy (>=0.9.1 <=0.10.8), apple-hdr-heic (=0.1.0) +66 more potentially affected by CVE-2026-34544 via openexr (>=3.4.12 <=3.4.4)

openexr PYPI version =3.4.12, =0.9.1, =0.5.0, =0.2.5, =0.1.0rc1, =0.0.1, =0.1.0, =0.2.1, =0.0.4, =0.1.7, =0.0.1, =0.1.1, =0.0.0, =0.0.4 and more Source cves: CVE-2026-34544 Source advisory: OSV:GHSA-H762-RHV3-H25V...

8.4CVSS5.7AI score0.00244EPSS
Exploits1
NVD
NVD
added 2026/03/31 10:16 p.m.3 views

CVE-2026-34406

APTRS Automated Penetration Testing Reporting System is a Python and Django-based automated reporting tool designed for penetration testers and security organizations. Prior to version 2.0.1, the edituser endpoint POST /api/auth/edituser/ allows Any user who can reach that endpoint and submit...

9.4CVSS0.00505EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/03/31 1:46 p.m.2 views

CVE-2026-34165 go-git: Maliciously crafted idx file can cause asymmetric memory consumption

go-git is an extensible git implementation library written in pure Go. From version 5.0.0 to before version 5.17.1, a vulnerability has been identified in which a maliciously crafted .idx file can cause asymmetric memory consumption, potentially exhausting available memory and resulting in a...

5CVSS5.7AI score0.00147EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/27 8:33 p.m.22 views

Home Assistant has stored XSS in Map-card through malicious device name

Summary An authenticated party can add a malicious name to their device entity, allowing for Cross-Site Scripting attacks against anyone who can see a dashboard with a Map-card which includes that entity. It requires that the victim hovers over an information point The lines or the dots...

8.8CVSS5.9AI score0.00241EPSS
Exploits1References3Affected Software1
Circl
Circl
added 2026/03/19 12:0 a.m.4 views

CVE-2026-23217

creationtimestamp| type| source ---|---|--- 2026-03-19 00:00:00+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/...

5.5CVSS5.7AI score0.0008EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/03/17 8:16 p.m.10 views

aana (>=0.2.1 <=0.2.4), abao-ai (=0.0.5) +1094 more potentially affected by CVE-2026-32981 via ray (>=0.5.0 <=2.8.0)

ray PYPI version =0.5.0, =0.2.1, =0.0.6, =0.0.1b1, =0.1.1, =0.2.0, =0.0.2, =0.1.1, =0.2.0, =0.0.1, =0.0.0, =0.2.11 and more Source cves: CVE-2026-32981 Source advisory: OSV:PYSEC-2026-130...

8.7CVSS7.2AI score0.00929EPSS
Exploits1
NVD
NVD
added 2026/03/16 2:20 p.m.3 views

CVE-2026-4214

A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This issue affects the function...

9.8CVSS0.00791EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.8 views

编号撤回

“ring”(Brian Smith)。“ring”。 “The R Foundation”“R”(The R Foundation)。“R”。“Supabase Auth”(Supabase)。“Auth”。CVE。...

5.8AI score0.0003EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/08 1:2 p.m.37 views

CVE-2026-3735 code-projects Simple Flight Ticket Booking System SearchResultOneway.php sql injection

A vulnerability has been found in code-projects Simple Flight Ticket Booking System 1.0. Affected by this vulnerability is an unknown functionality of the file SearchResultOneway.php. Such manipulation of the argument from leads to sql injection. The attack can be launched remotely. The exploit h...

7.5CVSS0.00345EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/03/04 10:59 p.m.4 views

CVE-2026-27802

A flaw was found in Vaultwarden. A manager, an authorized user, can exploit this vulnerability by performing a bulk permission update to collections they are not authorized to access. This can lead to privilege escalation, allowing the manager to gain unauthorized access and control over these...

8.3CVSS5.8AI score0.00293EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/03/02 12:0 a.m.3 views

IBM WebSphere Application Server Liberty 17.0.0.3 < 26.0.0.3 (7261761)

The version of IBM WebSphere Application Server Liberty running on the remote host is affected by a vulnerability as referenced in the 7261761 advisory. - IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.2 IBM WebSphere Application Server Liberty could provide weaker than expect...

9.8CVSS5.9AI score0.00173EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/02/24 8:10 p.m.9 views

@01.software/sdk (>=0.0.1-251008.90016 <=0.1.4), @adenta/cms (>=0.0.6 <=1.1.1-0) +32 more potentially affected by CVE-2026-27567 via payload (>=3.0.0-alpha.46 <=3.75.0-internal.8e0f8ba)

payload NPM version =3.0.0-alpha.46, =0.0.1-251008.90016, =0.0.6, =0.0.3, =1.0.1-beta.0, =1.0.0, =0.1.0, =1.0.0, =1.0.0, =3.64.0, =0.0.1-beta.0, =0.2.0, =0.2.14 - @remy90/payload-conditions-plugin =0.2.2 and more Source cves: CVE-2026-27567 Source advisory: SNYK:JS-PAYLOAD-15344407...

6.5CVSS5.8AI score0.00288EPSS
Exploits0
Cvelist
Cvelist
added 2026/02/23 4:13 p.m.27 views

CVE-2026-22567 ZIA Admin UI Input Validation Bug

Improper validation of user-supplied input in the ZIA Admin UI could allow an authenticated administrator to initiate backend functions through specific input fields in limited scenarios...

7.6CVSS0.00196EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/20 11:9 p.m.5 views

CVE-2018-2266

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none...

5.5AI score
Exploits0References1
Rows per page
Query Builder