Lucene search
K

20676 matches found

CNNVD
CNNVD
added 2026/04/28 12:0 a.m.12 views

XXL-JOB 加密问题漏洞

XXL-JOB is a distributed task scheduling platform developed by xuxueli as an individual project. Versions of XXL-JOB 3.3.2 and earlier contained a security vulnerability related to encryption. This vulnerability stemmed from an unknown function parameter in the component’s OpenAPI Endpoint,...

6.3CVSS6.2AI score0.00327EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/27 11:40 p.m.7 views

CVE-2026-32644

Specific firmware versions of Milesight AIOT cameras use SSL certificates with default private keys...

9.8CVSS5.1AI score0.00218EPSS
Exploits0References4
CVE
CVE
added 2026/04/27 11:40 p.m.12 views

CVE-2026-32644

Affected product. Milesight AIOT cameras running susceptible firmware versions. Vulnerability. SSL certificates are issued with default private keys due to the firmware allowing use of such keys, creating a risk to confidentiality, integrity and availability. The CVSS scores indicate a CRITICAL i...

9.8CVSS5.2AI score0.00218EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/27 11:40 p.m.14 views

EUVD-2026-25957

Specific firmware versions of Milesight AIOT cameras use SSL certificates with default private keys...

9.8CVSS5.1AI score0.00218EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/27 11:34 p.m.3 views

CVE-2026-40976

In certain circumstances, Spring Boot's default web security is ineffective allowing unauthorized access to all endpoints. For an application to be vulnerable, it must: be a servlet-based web application; have no Spring Security configuration of its own and rely on the default web security filter...

9.1CVSS5.3AI score0.00489EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/27 11:34 p.m.2 views

CVE-2026-40976

In certain circumstances, Spring Boot's default web security is ineffective allowing unauthorized access to all endpoints. For an application to be vulnerable, it must: be a servlet-based web application; have no Spring Security configuration of its own and rely on the default web security filter...

9.1CVSS5.3AI score0.00489EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/04/27 11:34 p.m.6 views

EUVD-2026-25940

In certain circumstances, Spring Boot's default web security is ineffective allowing unauthorized access to all endpoints. For an application to be vulnerable, it must: be a servlet-based web application; have no Spring Security configuration of its own and rely on the default web security filter...

9.1CVSS5.3AI score0.00489EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/27 11:34 p.m.30 views

CVE-2026-40976

In certain circumstances, Spring Boot's default web security is ineffective allowing unauthorized access to all endpoints. For an application to be vulnerable, it must: be a servlet-based web application; have no Spring Security configuration of its own and rely on the default web security filter...

9.1CVSS0.00489EPSS
Exploits0References1
CVE
CVE
added 2026/04/27 11:34 p.m.203 views

CVE-2026-40976

CVE-2026-40976 affects Spring Boot 4.0.0–4.0.5. In vulnerable configurations, a servlet-based web application that relies on Spring Boot’s default web security (no custom Spring Security config), depends on spring-boot-actuator-autoconfigure, and does not rely on spring-boot-health can experience...

9.1CVSS5.3AI score0.00489EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/04/27 6:33 p.m.9 views

JLSEC-2026-236 Applications that use a non-default option when verifying certificates may be vulnerable to an...

Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that...

5.3CVSS6.3AI score0.01583EPSS
Exploits0References12
OSV
OSV
added 2026/04/27 6:33 p.m.9 views

JLSEC-2026-249 Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when...

Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a Denial of Service This problem can occur in...

5.9CVSS6.9AI score0.54026EPSS
Exploits0References12
OSV
OSV
added 2026/04/27 6:33 p.m.14 views

JLSEC-2026-215 OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include...

OpenSSL 1.1.1 introduced a rewritten random number generator RNG. This was intended to include protection in the event of a fork system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A...

5.3CVSS6.3AI score0.06232EPSS
Exploits0References25
OSV
OSV
added 2026/04/27 6:33 p.m.10 views

JLSEC-2026-271 Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key...

Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the 'DEFAULT' keyword. Impact summary: A less preferred key exchange may be used even when a more preferred group is...

7.5CVSS5.6AI score0.00435EPSS
Exploits0References6
GithubExploit
GithubExploit
added 2026/04/27 6:18 p.m.113 views

Exploit for Improper Authentication in Adguard Adguardhome

CVE-2026-32136exploit - AdGuard Home h2c Upgrade Auth Bypass...

9.8CVSS7.9AI score0.00735EPSS
Exploits2
OSV
OSV
added 2026/04/27 3:30 p.m.9 views

GHSA-82FM-WPC2-5PMP Apache Storm Prometheus Reporter vulnerable to Improper Certificate Validation via Global SSL Context Downgrade

Improper Certificate Validation via Global SSL Context Downgrade in Apache Storm Prometheus Reporter Versions Affected: from 2.6.3 to 2.8.6 Description: In production deployments where an administrator enables storm.daemon.metrics.reporter.plugin.prometheus.skiptlsvalidation by default it is...

4.8CVSS5.8AI score0.00193EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/27 11:13 a.m.8 views

Authentication Bypass Using an Alternate Path or Channel

Overview Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel via the default authentication path to / when not explicitly configured in BasicAuthenticationConfigurer and JWTAuthenticationConfigurer. An attacker can access protected business...

8.3CVSS5.8AI score0.00622EPSS
Exploits0References2
Oracle linux
Oracle linux
added 2026/04/27 12:0 a.m.13 views

firefox security update

140.10.0-1.0.1 - Fix firefox-oracle-default-prefs.js for new nss Orabug: 37079773 - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file 140.10.0-1 - Update to 140.10.0 ESR...

9.8CVSS5.2AI score0.04938EPSS
Exploits1
Oracle linux
Oracle linux
added 2026/04/27 12:0 a.m.10 views

firefox security update

140.10.0-1.0.1 - Fix firefox-oracle-default-prefs.js for new nss Orabug: 37079789 140.10.0 - Add debranding patches Mustafa Gezen - Add OpenELA default preferences Louis Abel 140.10.0-1 - Update to 140.10.0 ESR...

9.8CVSS5.2AI score0.04938EPSS
Exploits1
Snyk
Snyk
added 2026/04/27 12:0 a.m.3 views

Insufficiently Protected Credentials

Overview org.springframework.ai:spring-ai-autoconfigure-model-transformers is a Spring AI ONNX Transformers Auto Configuration Affected versions of this package are vulnerable to Insufficiently Protected Credentials via the default cache directory used by TransformersEmbeddingModel. An attacker c...

6.9CVSS5.5AI score0.00105EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/25 11:30 p.m.3 views

Interpretation Conflict

Overview Affected versions of this package are vulnerable to Interpretation Conflict due to case-sensitive handling of the host matching process. An attacker can bypass access control policies by sending requests with hostnames that differ only in letter casing, potentially gaining unauthorized...

9.1CVSS5.8AI score0.00301EPSS
Exploits0References3
Rows per page
Query Builder