Lucene search
K

8952 matches found

Redos
Redos
added 2026/06/05 12:0 a.m.5 views

ROS-20260605-73-0056

The vulnerabilities of Mozilla Firefox, Firefox ESR, and the email client Thunderbird are related to insufficient validation of input data. Exploiting these vulnerabilities can allow an attacker to compromise the confidentiality, integrity, and accessibility of protected information...

10CVSS5.5AI score0.00487EPSS
Exploits0
Snyk
Snyk
added 2026/06/04 2:26 p.m.13 views

Use of Weak Hash

Overview streamlit is a The fastest way to build data apps in Python Affected versions of this package are vulnerable to Use of Weak Hash due to the use of a weak hash algorithm in the hashing.py process of the Palette Handler component. An attacker can compromise data integrity or cause unintend...

5.7CVSS4.9AI score0.00083EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/04 2:25 p.m.7 views

Use of Weak Hash

Overview mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Use of Weak Hash in the mlflow.data.digestutils function. An...

3.6CVSS5.5AI score0.00103EPSS
Exploits1References2
Snyk
Snyk
added 2026/06/04 2:25 p.m.9 views

Use of Weak Hash

Overview Affected versions of this package are vulnerable to Use of Weak Hash in the mlflow.data.digestutils function. An attacker can compromise data integrity or cause unexpected behavior by exploiting the use of a weak hash algorithm during dataset digest computation. PoC python import pandas ...

3.6CVSS5.4AI score0.00103EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/01 5:34 p.m.10 views

EUVD-2026-33726

A flaw was found in rrdcached, a component of rrdtool. A local attacker with access to a rrdcached socket can exploit a stack-based buffer overflow by sending an oversized CREATE request. This vulnerability can lead to a denial of service by crashing the daemon or potentially allow for arbitrary...

7.8CVSS6.3AI score0.00132EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/01 5:34 p.m.30 views

CVE-2026-43958 Rrdtool: rrdtool: stack buffer overflow allows local code execution or denial of service

A flaw was found in rrdcached, a component of rrdtool. A local attacker with access to a rrdcached socket can exploit a stack-based buffer overflow by sending an oversized CREATE request. This vulnerability can lead to a denial of service by crashing the daemon or potentially allow for arbitrary...

7.8CVSS0.00132EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/01 11:5 a.m.9 views

CVE-2026-42000

A flaw was found in pdns. This vulnerability, stemming from insufficient validation of names during an Asynchronous Zone Transfer AXFR, allows a remote attacker to compromise the integrity of DNS data. By sending specially crafted requests, an attacker could potentially poison DNS caches or make...

8.6CVSS5.8AI score0.00242EPSS
Exploits0References2
Redos
Redos
added 2026/05/29 12:0 a.m.11 views

ROS-20260529-73-0004

The vulnerability of the GNOME Remote Desktop remote desktop service is related to pointer assignment errors. Exploiting this vulnerability can allow a malicious actor to compromise data integrity and cause service failures through a specially created RDP packet...

6.5CVSS5.8AI score0.00416EPSS
Exploits0
Redos
Redos
added 2026/05/29 12:0 a.m.12 views

ROS-20260529-73-0019

The vulnerability of the software for interacting with servers via CURL is related to the storage of dangerous files. Exploiting this vulnerability allows a remote attacker to compromise the integrity of data...

6.5CVSS7.3AI score0.04313EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/05/28 8:21 p.m.12 views

CVE-2026-46115

A flaw was found in the Linux kernel's block subsystem. The biovecphysmergeable function, which combines physically contiguous memory segments, lacked a check to ensure these segments belonged to the same device page map devpagemap. This omission could result in the incorrect identification of th...

9.8CVSS5.8AI score0.00491EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/28 5:17 p.m.11 views

CVE-2026-45787 electerm's encrypt method not safe enough

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to 3.9.5, deterministic AES-192-CBC with a fixed zero IV, constant KDF salt, and no MAC leads to confidentiality and integrity failures for synced bookmark/profile data. Attackers can crack common...

6CVSS5.8AI score0.00105EPSS
Exploits0References2
CVE
CVE
added 2026/05/28 5:17 p.m.21 views

CVE-2026-45787

The CVE-2026-45787 entry concerns electerm, an open-source terminal/SSH/etc. client. Technical details in connected sources show that versions prior to 3.9.5 use deterministic AES-192-CBC with a fixed zero IV, a constant KDF salt, and no MAC, causing confidentiality and integrity failures for syn...

9.1CVSS5.8AI score0.00105EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/05/28 5:16 a.m.17 views

CVE-2026-9793

A flaw was found in Keycloak. When a JSON Web Encryption JWE encrypted request object is submitted, Keycloak may incorrectly process unsigned claims if the decrypted content is raw JSON, bypassing the configured signature policy. This allows a remote attacker to submit unauthorized claims, leadin...

7.5CVSS0.0012EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/28 3:44 a.m.12 views

CVE-2026-9793 Keycloak: keycloak: security policy bypass in jwe-encrypted request object processing

A flaw was found in Keycloak. When a JSON Web Encryption JWE encrypted request object is submitted, Keycloak may incorrectly process unsigned claims if the decrypted content is raw JSON, bypassing the configured signature policy. This allows a remote attacker to submit unauthorized claims, leadin...

5.9CVSS5.8AI score0.0012EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/28 3:44 a.m.12 views

EUVD-2026-32707

A flaw was found in Keycloak. When a JSON Web Encryption JWE encrypted request object is submitted, Keycloak may incorrectly process unsigned claims if the decrypted content is raw JSON, bypassing the configured signature policy. This allows a remote attacker to submit unauthorized claims, leadin...

5.9CVSS5.8AI score0.0012EPSS
Exploits0References2
CVE
CVE
added 2026/05/28 3:44 a.m.47 views

CVE-2026-9793

Keycloak vulnerability CVE-2026-9793: when a JSON Web Encryption (JWE) encrypted request object is submitted, Keycloak may incorrectly process unsigned claims if the decrypted content is raw JSON, bypassing the configured signature policy. This can lead to unauthorized claims and data integrity c...

7.5CVSS5.8AI score0.0012EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/28 3:44 a.m.10 views

CVE-2026-9793

A flaw was found in Keycloak. When a JSON Web Encryption JWE encrypted request object is submitted, Keycloak may incorrectly process unsigned claims if the decrypted content is raw JSON, bypassing the configured signature policy. This allows a remote attacker to submit unauthorized claims, leadin...

5.9CVSS5.8AI score0.0012EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/28 3:44 a.m.31 views

CVE-2026-9793 Keycloak: keycloak: security policy bypass in jwe-encrypted request object processing

A flaw was found in Keycloak. When a JSON Web Encryption JWE encrypted request object is submitted, Keycloak may incorrectly process unsigned claims if the decrypted content is raw JSON, bypassing the configured signature policy. This allows a remote attacker to submit unauthorized claims, leadin...

5.9CVSS0.0012EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/28 3:44 a.m.18 views

CVE-2026-9793

A flaw was found in Keycloak. When a JSON Web Encryption JWE encrypted request object is submitted, Keycloak may incorrectly process unsigned claims if the decrypted content is raw JSON, bypassing the configured signature policy. This allows a remote attacker to submit unauthorized claims, leadin...

7.5CVSS5.7AI score0.0012EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/28 3:0 a.m.14 views

CVE-2026-45892

A flaw was found in the Linux kernel's ext4 filesystem. This vulnerability occurs during certain buffered write operations when splitting unwritten data blocks, known as extents. A logic error can lead to an inconsistency where the filesystem's internal record of data blocks the extent status tre...

7CVSS5.7AI score0.00155EPSS
Exploits0References4
Rows per page
Query Builder