Lucene search
K

7873 matches found

Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.9 views

PT-2026-52207

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 9.3 through 18.11.5 GitLab CE/EE versions 19.0 through 19.0.2 GitLab CE/EE versions 19.1 through 19.1.0 Description Insufficient filtering in a CI/CD API endpoint could allow sensitive information to be written to...

4.4CVSS5.7AI score0.0013EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.11 views

Oracle Siebel Server <= 26.5 (June 2026 CSPU)

The versions of Oracle Siebel CRM installed on the remote host are affected by multiple vulnerabilities as referenced in the June 2026 CSPU advisory. - Vulnerability in the Siebel Apps - Marketing product of Oracle Siebel CRM component: Marketing. Supported versions that are affected are 17.0-26....

9.8CVSS5.9AI score0.00483EPSS
Exploits0References14
CVE
CVE
added 2026/06/24 2:8 p.m.18 views

CVE-2026-12986

Technical details are not publicly available in the provided documents. Monitor for updates.

8.8CVSS6.6AI score0.00181EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.8 views

pgAdmin < 9.16 HTML Injection (CVE-2026-12047)

The version of pgAdmin installed on the remote host is prior to 9.16. It is, therefore, affected by an HTML injection vulnerability: - Cloud deployment endpoints forward SDK exception text directly into JSON fields without HTML-encoding. The Cloud Wizard frontend renders these responses through...

5.4CVSS6AI score0.00137EPSS
Exploits0References3
NVD
NVD
added 2026/06/23 6:18 p.m.9 views

CVE-2026-54157

LobeHub is a work-and-lifestyle space to find, build, and collaborate with agent teammates that grow with you. Prior to 2.1.57, the /webapi/proxy endpoint on app.lobehub.com accepts a URL in the POST body and fetches it server-side without any authentication. An attacker can use this to make...

9CVSS0.0178EPSS
Exploits0References1
NVD
NVD
added 2026/06/23 3:16 p.m.9 views

CVE-2026-56815

pwnlift before d7a9544, in a privileged deployment, contains a symlink following vulnerability in the upload handler in Components/Pages/Home.razor...

7.4CVSS0.00142EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/23 1:57 p.m.48 views

CVE-2026-56815

pwnlift before d7a9544, in a privileged deployment, contains a symlink following vulnerability in the upload handler in Components/Pages/Home.razor...

7.4CVSS0.00142EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/23 1:57 p.m.7 views

EUVD-2026-38454

pwnlift before d7a9544, in a privileged deployment, contains a symlink following vulnerability in the upload handler in Components/Pages/Home.razor...

7.4CVSS5.9AI score0.00142EPSS
Exploits0References2
CVE
CVE
added 2026/06/23 1:57 p.m.13 views

CVE-2026-56815

The CVE-2026-56815 entry concerns the pwnlift project, specifically a symlink following vulnerability in the upload handler located at Components/Pages/Home.razor, exploitable in a privileged deployment. Root cause is described as a symlink following issue within the upload handler. The CVSS 3.1 ...

7.4CVSS5.9AI score0.00142EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.11 views

PT-2026-51524

Name of the Vulnerable Software and Affected Versions pwnlift versions prior to d7a9544 Description In a privileged deployment, the upload handler in 'Components/Pages/Home.razor' contains a symlink following issue. This occurs when the application follows symbolic links files that point to anoth...

7.4CVSS5.9AI score0.00142EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/22 9:55 p.m.27 views

CVE-2026-53923 vLLM GGUF Kernels: int64_t to int truncation of tensor dimensions causes GPU buffer overflow

vLLM is an inference and serving engine for large language models LLMs. From 0.5.5 until 0.23.1rc0, integer truncation of tensor dimensions in vLLM's GGUF dequantize kernels csrc/quantization/gguf/ggufkernel.cu causes partial tensor processing. The output tensor is allocated at full size via...

5.3CVSS0.00281EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/22 9:4 p.m.6 views

EUVD-2026-38371

Capgo before 12.128.12 fails to filter deleted app versions when joining channels during /updates resolution, allowing deleted bundles to remain selectable. Attackers can continue deploying deleted bundles to devices by exploiting the missing appversions.deleted filter in channel version joins...

7.1CVSS5.8AI score0.00302EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/22 5:25 p.m.3 views

Security Bulletin: SPSS Collaboration and Deployment Services is affected by Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc

Summary SPSS Collaboration and Deployment Services is affected by Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2026-3505 DESCRIPTION: Allocation of resources without limits o...

8.7CVSS5.7AI score0.00758EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/06/20 5:16 p.m.32 views

CVE-2026-5366

Prefect version 3.6.23 is vulnerable to remote code execution due to improper handling of user-controlled input in the GitRepository storage class. The commitsha parameter, which is passed to git commands, lacks validation and does not include a -- separator to distinguish user input from git...

9.9CVSS0.00874EPSS
Exploits3References1
CVE
CVE
added 2026/06/20 4:43 p.m.50 views

CVE-2026-5366

CVE-2026-5366 affects Prefect v3.6.23, where the vulnerability resides in the GitRepository storage class. The commit_sha parameter passed to git commands lacks validation and does not use a -- separator, enabling an attacker to inject git flags (e.g., --upload-pack) and potentially execute arbit...

9.9CVSS8.1AI score0.00874EPSS
Exploits3References1Affected Software1
EUVD
EUVD
added 2026/06/20 4:43 p.m.11 views

EUVD-2026-38128

Prefect version 3.6.23 is vulnerable to remote code execution due to improper handling of user-controlled input in the GitRepository storage class. The commitsha parameter, which is passed to git commands, lacks validation and does not include a -- separator to distinguish user input from git...

9.9CVSS8.2AI score0.00874EPSS
Exploits3References1
ATTACKERKB
ATTACKERKB
added 2026/06/20 4:43 p.m.7 views

CVE-2026-5366

Prefect version 3.6.23 is vulnerable to remote code execution due to improper handling of user-controlled input in the GitRepository storage class. The commitsha parameter, which is passed to git commands, lacks validation and does not include a -- separator to distinguish user input from git...

9.9CVSS6.8AI score0.00874EPSS
Exploits3References2
RedhatCVE
RedhatCVE
added 2026/06/19 3:49 a.m.8 views

CVE-2026-12047

A flaw was found in pgAdmin 4. An authenticated pgAdmin user can exploit an HTML injection vulnerability in the cloud deployment module. By submitting a crafted input that triggers an SDK exception, an attacker can embed structural HTML directly into the Cloud Wizard's interface. This can lead to...

5.4CVSS5.4AI score0.00137EPSS
Exploits0References5
NVD
NVD
added 2026/06/19 12:16 a.m.16 views

CVE-2026-12047

HTML injection in pgAdmin 4's cloud deployment module. The verifycredentials, deploy, regions, and update-server endpoints under /rds/, /azure/, /google/, and the top-level /cloud/ blueprint propagated AWS / Azure / Google SDK exception text — and the related file-resolution and database-commit...

5.4CVSS0.00137EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 5:16 p.m.11 views

CVE-2026-20181

A vulnerability in Cisco ISE and ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to...

9.1CVSS0.00748EPSS
Exploits0References1
Rows per page
Query Builder