Lucene search
K

196 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in the 389-DS-base

A flaw was discovered in RHDS 11 and RHDS 12. While browsing entries using LDAP, the system attempts to decode the userPassword attribute instead of the userCertificate attribute, which could lead to sensitive information being leaked. An attacker with a local account where cockpit-389-ds is...

5.5CVSS6AI score0.00188EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/05/27 10:1 a.m.20 views

OpenSSH: OpenSSH: Information disclosure due to unintended cryptographic algorithm usage

A flaw was found in OpenSSH. This vulnerability allows the system to use unintended Elliptic Curve Digital Signature Algorithm ECDSA algorithms. This occurs because the configuration for accepted public key algorithms is misinterpreted, leading to the use of weaker cryptographic methods than...

6.5CVSS5.7AI score0.00237EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.7 views

MB Connect Line mbCONNECT24和MB Connect Line mymbCONNECT24 SQL注入漏洞

MB Connect Line mbCONNECT24 and MB Connect Line mymb CONNECT24 are products of the German company MB Connect Line. MB Connect Line mbCONNECT24 is a remote service portal. This product supports features such as remote access, data recording, and alerts. MB Connect Line mymbCONNECT24 is an internal...

8.7CVSS5.9AI score0.0032EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.8 views

Unity Linux 20.1060e / 20.1070e Security Update: samba (UTSA-2026-017656)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017656 advisory. A flaw was found in samba. The Samba smbd file server must map Windows group identities SIDs into unix group ids gids. The code that performs this had a flaw that...

6.8CVSS6.8AI score0.01616EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/06 1:47 p.m.56 views

CVE-2025-31959 HCL BigFix Service Management (SM) application fails to strip EXIF metadata from uploaded images.

HCL BigFix Service Management SM application fails to strip EXIF metadata from uploaded images. This could lead to confidentiality and privacy risks if sensitive location information is unintentionally shared...

3.5CVSS0.00143EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/04 2:16 p.m.10 views

CVE-2026-6500

Plaintext storage of a password vulnerability in ILM Informatique OpenConcerto allows Retrieve Embedded Sensitive Data. This issue affects OpenConcerto: 1.7.5...

4.8CVSS5.8AI score0.00096EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/21 8:0 p.m.5 views

Use of a Broken or Risky Cryptographic Algorithm

Overview Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm in the cryptographic algorithm implementation. An attacker can compromise the confidentiality of sensitive information by exploiting weak or insufficient cryptographic algorithms...

2.9CVSS7.2AI score0.00124EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/02 8:59 a.m.1 views

CVE-2026-33616 MB connect line mbCONNECT24 vulnerable to an unauthenticated SQL injection in the mb24api Endpoint

An unauthenticated remote attacker can exploit an unauthenticated blind SQL Injection vulnerability in the mb24api endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

7.5CVSS6.1AI score0.00339EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/13 12:0 a.m.6 views

PT-2026-7956

A vulnerability in the certificate validation logic may allow applications to accept untrusted or improperly validated server identities during TLS communication. An attacker in a privileged network position may be able to intercept or modify traffic if they can position themselves within the...

7.7CVSS5.5AI score0.00224EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/10 7:15 p.m.7 views

CVE-2025-29946

Insufficient or Incomplete Data Removal in Hardware Component in SEV firmware doesn't fully flush IOMMU. This can potentially lead to a loss of confidentiality and integrity in guest memory...

4.5CVSS5.5AI score0.0014EPSS
Exploits0References1
CVE
CVE
added 2026/02/03 6:5 p.m.13 views

CVE-2026-0620

The CVE-2026-0620 entry concerns the TP-Link Archer AXE75 V1 when configured as an L2TP/IPSec VPN server. Affected component: L2TP/IPSec VPN server handling; root cause: L2TP connections may be accepted without IPSec protection even if IPSec is enabled, leading to unencrypted VPN sessions and exp...

6CVSS5.3AI score0.00247EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/27 4:30 p.m.5 views

CVE-2026-1477

An out-of-band SQL injection vulnerability OOB SQLi has been detected in the Performance Evaluation EDD application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'Idusuario' and 'Idevaluacion’ in ‘/evaluacioncompetenciasevaluaold.aspx’, could allow ...

9.3CVSS5.8AI score0.00327EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.3 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001504)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001504 advisory. A race problem was seen in the vtkioctl in drivers/tty/vt/vtioctl.c in the Linux kernel, which may cause an out of bounds read in vt as the write access to vcmode is...

4.7CVSS6.5AI score0.00364EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.5 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-004096)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004096 advisory. A flaw was found in the Linux kernel. An index buffer overflow during Direct IO write leading to the NFS client to crash. In some cases, a reach out of the index aft...

6CVSS7.3AI score0.00263EPSS
Exploits0References4
EUVD
EUVD
added 2025/12/09 6:30 p.m.5 views

EUVD-2025-201916

A vulnerability has been identified in SIMATIC CN 4100 All versions V4.0.1. The affected application exhibits inconsistent SNMP behavior, such as unexpected service availability and unreliable configuration handling across protocol versions. This could allow an attacker to access sensitive data,...

6.9CVSS6.3AI score0.00308EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/01 12:55 p.m.6 views

CVE-2025-27232 Frontend arbitrary file read in oauth.authorize action

An authenticated Zabbix Super Admin can exploit the oauth.authorize action to read arbitrary files from the webserver leading to potential confidentiality loss...

6.8CVSS0.00311EPSS
Exploits0References1
OSV
OSV
added 2025/11/18 7:15 p.m.6 views

AZL-70529 CVE-2025-61664 affecting package grub2 for versions less than 2.06-16

A vulnerability in the GRUB2 bootloader has been identified in the normal module. This flaw, a memory Use After Free issue, occurs because the normalexit command is not properly unregistered when its related module is unloaded. An attacker can exploit this condition by invoking the command after...

4.9CVSS5.6AI score0.00121EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/17 6:4 a.m.7 views

CVE-2021-4471

TG8 Firewall exposes a directory such as /data/ over HTTP without authentication. This directory stores credential files for previously logged-in users. A remote unauthenticated attacker can enumerate and download files within the directory to obtain valid account usernames and passwords, leading...

8.7CVSS7AI score0.00592EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-26742

Malware in sbrugna...

8.1CVSS8AI score0.00562EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-26901

Malware in sbrugna...

3.8CVSS6.2AI score0.00326EPSS
Exploits0References14
Rows per page
Query Builder