Lucene search
K

510 matches found

Cvelist
Cvelist
added 2026/06/26 4:14 a.m.38 views

CVE-2026-8797

An access control deficiency vulnerability exists in ExpressUpdate Agent for Windows. If a malicious user gains access to the product, arbitrary code could be executed with SYSTEM privileges...

8.5CVSS0.00122EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/16 6:22 a.m.6 views

Security Bulletin: IBM Cloud Pak for Data System (CPDS 1.0) is affected by insufficient verification of data authenticity in PyJWT

Summary IBM Cloud Pak for Data System CPDS 1.0 uses the PyJWT library, a JSON Web Token implementation in Python. CVE-2026-32597 affects PyJWT's validation of the crit Critical Header Parameter as defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT do...

7.5CVSS5.4AI score0.00269EPSS
Exploits1Affected Software1
Redos
Redos
added 2026/06/05 12:0 a.m.9 views

ROS-20260605-73-0026

The vulnerability in Tomcat10 is related to deficiencies in the authentication process. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

9.1CVSS7.7AI score0.01136EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.21 views

PT-2026-44493

Name of the Vulnerable Software and Affected Versions Kibana affected versions not specified Description Improper neutralization of input during web page generation allows for stored HTML injection. A user with write access to an Elasticsearch index can persist crafted markup that is not...

5.4CVSS5.7AI score0.00141EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.9 views

Summarize 安全漏洞

Summarize is a multi-source rapid summarization tool developed by Peter Steinberger. Versions of Summarize prior to 0.15.1 contain security vulnerabilities. These vulnerabilities stem from an issue with authorization deficiencies, which could allow attackers to execute browser automation operatio...

5.4CVSS5.9AI score0.00227EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2026/05/18 12:0 a.m.89 views

Vinyl/Varnish -- HTTP/2 parsing deficiency

Vinyl Development Team reports: A deficiency in HTTP/2 request parsing can be exploited to launch a backend request desync attack request smuggling, which in turn can be used for cache poisoning, authentication bypass or possibly even information disclosure and manipulation...

5.8AI score
Exploits0References1
Redos
Redos
added 2026/05/05 12:0 a.m.7 views

ROS-20260505-73-0056

Vulnerability in python3.10 related to insufficient neutralization of special elements in a request. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

5.9CVSS7.5AI score0.00463EPSS
Exploits0
OSV
OSV
added 2026/05/01 4:0 p.m.1 views

CVE-2026-7586 Open5GS AMF nudm-handler.c ogs_id_get_value denial of service

A weakness has been identified in Open5GS up to 2.7.7. Affected is the function ogsidgetvalue of the file /src/amf/nudm-handler.c of the component AMF. This manipulation causes denial of service. Remote exploitation of the attack is possible. The exploit has been made available to the public and...

5.3CVSS5.6AI score0.00299EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/04/20 2:48 a.m.11 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS7.4AI score0.00728EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/04/15 12:0 a.m.10 views

WordPress plugin VI: Include Post By 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

6.4CVSS5.7AI score0.00248EPSS
Exploits0References1
NVD
NVD
added 2026/04/01 11:17 p.m.4 views

CVE-2025-66487

IBM Aspera Shares 1.9.9 through 1.11.0 does not properly rate limit the frequency that an authenticated user can send emails, which could result in email flooding or a denial of service...

6.5CVSS0.00333EPSS
Exploits0References1
OSV
OSV
added 2026/03/26 8:32 p.m.4 views

GO-2026-4704 IncusOS has a LUKS encryption bypass due to insufficient TPM policy in github.com/lxc/incus-os/incus-osd

IncusOS has a LUKS encryption bypass due to insufficient TPM policy in github.com/lxc/incus-os/incus-osd...

7.6CVSS5.9AI score0.0014EPSS
Exploits0References6
OSV
OSV
added 2026/03/20 9:21 a.m.7 views

BIT-PYTHON-2026-3479 pkgutil.get_data() does not enforce documented restrictions

pkgutil.getdata did not validate the resource argument as documented, allowing path traversals...

5.8AI score0.00238EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/20 12:0 a.m.4 views

PT-2026-31533

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 147.0.7727.55 Description Improper input validation within the WebML component in Google Chrome could lead to an out-of-bounds memory write. This issue was discovered in versions of Google Chrome before...

9.8CVSS5.8AI score0.00608EPSS
Exploits0References68
Cvelist
Cvelist
added 2026/03/19 8:55 p.m.23 views

CVE-2026-32622 SQLBot: Remote Code Execution via Terminology Poisoning

SQLBot is an intelligent data query system based on a large language model and RAG. Versions 1.5.0 and below contain a Stored Prompt Injection vulnerability that chains three flaws: a missing permission check on the Excel upload API allowing any authenticated user to upload malicious terminology,...

8.6CVSS0.00562EPSS
Exploits1References2
CNVD
CNVD
added 2026/03/19 12:0 a.m.7 views

WordPress Plugin Avada Core Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress plugin Avada Core, which stems fro...

6.5CVSS5.6AI score0.00129EPSS
Exploits0References1
CNVD
CNVD
added 2026/03/19 12:0 a.m.4 views

HCL AION SQL Injection Vulnerability

HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements, which can be exploited by an attacker to steal sensitive database data by injecting a...

9.8CVSS6AI score0.00281EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/16 2:29 p.m.3 views

CVE-2025-52644

HCL AION is affected by a vulnerability where certain user actions are not adequately audited or logged. The absence of proper auditing mechanisms may reduce traceability of user activities and could potentially impact monitoring, accountability, or incident investigation processes...

5.8CVSS5.8AI score0.00141EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.9 views

PT-2026-25749

HCL AION is affected by a vulnerability where certain user actions are not adequately audited or logged. The absence of proper auditing mechanisms may reduce traceability of user activities and could potentially impact monitoring, accountability, or incident investigation processes...

5.8CVSS5.8AI score0.00141EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/06 3:5 p.m.4 views

CVE-2026-20882 Mobiliti e-mobi.hu Improper Restriction of Excessive Authentication Attempts

The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain...

8.7CVSS5.8AI score0.00437EPSS
Exploits0References3
Rows per page
Query Builder