Lucene search
K

7860 matches found

EUVD
EUVD
added 2026/04/15 6:31 p.m.7 views

EUVD-2026-22970

A vulnerability in Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have at least Read Only Admin credentials. This vulnerabilit...

9.9CVSS6.2AI score0.05972EPSS
Exploits1References2
EUVD
EUVD
added 2026/04/15 6:31 p.m.4 views

EUVD-2026-22973

A vulnerability in Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have at least Read Only Admin credentials. This vulnerabilit...

9.9CVSS6.2AI score0.06315EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/15 4:3 p.m.3 views

CVE-2026-20147

A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to...

9.9CVSS6.2AI score0.10944EPSS
Exploits0References2Affected Software2
CVE
CVE
added 2026/04/15 4:3 p.m.98 views

CVE-2026-20147

Cisco CVE-2026-20147 affects Cisco Identity Services Engine (ISE) and ISE-PIC. An authenticated, remote attacker with valid administrative credentials can exploit insufficient input validation via a crafted HTTP request to execute arbitrary commands on the device’s underlying OS, potentially gain...

9.9CVSS6.2AI score0.10944EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/15 4:3 p.m.52 views

CVE-2026-20147 Cisco Identity Services Engine Remote Code Execution Vulnerability

A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to...

9.9CVSS0.10944EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/15 5:25 a.m.8 views

Security Bulletin: SPSS Collaboration and Deployment Services is affected by non-blocking (async) JSON parser in jackson-core (WS-2026-0003)

Summary SPSS Collaboration and Deployment Services is affected by non-blocking async JSON parser in jackson-core WS-2026-0003. This has been addressed in the remediation section. Vulnerability Details ID:WS-2026-0003 DESCRIPTION: The non-blocking async JSON parser in jackson-core bypasses the...

5.7AI score
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/04/15 12:0 a.m.12 views

BentoML < 1.4.38 Multiple Vulnerabilities (GHSA-fgv4-6jr3-jgfw, GHSA-v959-cwq9-7hr6)

The version of the BentoML library installed on the remote host is prior to 1.4.38. It is, therefore, affected by multiple vulnerabilities: - The cloud deployment path in deployment.py was not included in the fix for CVE-2026-33744. The systempackages field is interpolated directly into a shell...

9.6CVSS6.5AI score0.00392EPSS
Exploits3References4
CVE
CVE
added 2026/04/14 3:0 a.m.24 views

CVE-2026-40288

PraisonAI and praisonaiagents prior to versions 4.5.139 and 1.5.140 are exposed to a critical RCE via untrusted workflow YAML. When a YAML file for type: job is loaded, the JobWorkflowExecutor (job_workflow.py) processes steps allowing run (subprocess.run), script (inline Python via exec), and py...

9.8CVSS6.4AI score0.00609EPSS
Exploits1References1Affected Software2
Packet Storm News
Packet Storm News
added 2026/04/14 12:0 a.m.5 views

Honeypot Protocol

Trusted monitoring, the standard defense in AI control, is vulnerable to adaptive attacks, collusion, and strategic attack selection. All of these exploit the fact that monitoring is passive: it observes model behavior but never probes whether the model would behave differently under different...

5.8AI score
Exploits0
EUVD
EUVD
added 2026/04/13 3:31 p.m.2 views

EUVD-2025-209413

Before Airflow 3.2.0, it was unclear that secure Airflow deployments require the Deployment Manager to take appropriate actions and pay attention to security details and security model of Airflow. Some assumptions the Deployment Manager could make were not clear or explicit enough, even though...

5.8AI score0.00439EPSS
Exploits0References3
OSV
OSV
added 2026/04/13 3:31 p.m.3 views

GHSA-J86X-FWP2-QH7V Apache Airflow: Secrets from Airflow config file logged in plain text in DAG run logs UI

Before Airflow 3.2.0, it was unclear that secure Airflow deployments require the Deployment Manager to take appropriate actions and pay attention to security details and security model of Airflow. Some assumptions the Deployment Manager could make were not clear or explicit enough, even though...

5.3CVSS5.8AI score0.00439EPSS
Exploits0References7
OSV
OSV
added 2026/04/13 3:17 p.m.7 views

PYSEC-2026-8

Before Airflow 3.2.0, it was unclear that secure Airflow deployments require the Deployment Manager to take appropriate actions and pay attention to security details and security model of Airflow. Some assumptions the Deployment Manager could make were not clear or explicit enough, even though...

7.5CVSS5.8AI score0.00439EPSS
Exploits0References4
PyPA
PyPA
added 2026/04/13 3:17 p.m.10 views

PYSEC-2026-8

Before Airflow 3.2.0, it was unclear that secure Airflow deployments require the Deployment Manager to take appropriate actions and pay attention to security details and security model of Airflow. Some assumptions the Deployment Manager could make were not clear or explicit enough, even though...

7.5CVSS5.8AI score0.00439EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/04/13 3:17 p.m.2 views

CVE-2025-66236

Before Airflow 3.2.0, it was unclear that secure Airflow deployments require the Deployment Manager to take appropriate actions and pay attention to security details and security model of Airflow. Some assumptions the Deployment Manager could make were not clear or explicit enough, even though...

7.5CVSS0.00439EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/13 12:31 p.m.9 views

Apache Storm UI: Stored Cross-Site Scripting (XSS) via Unsanitized Topology Metadata

Stored Cross-Site Scripting XSS via Unsanitized Topology Metadata in Apache Storm UI Versions Affected: before 2.8.6 Description: The Storm UI visualization component interpolates topology metadata including component IDs, stream names, and grouping values directly into HTML via innerHTML in...

5.4CVSS5.9AI score0.00466EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/13 8:35 a.m.2 views

CVE-2026-4810 Remote Code Execution in Google Agent Development Kit (ADK)

A Code Injection and Missing Authentication vulnerability in Google Agent Development Kit ADK versions 1.7.0 and 2.0.0a1 through 1.28.1 and 2.0.0a2 on Python OSS, Cloud Run, and GKE allows an unauthenticated remote attacker to execute arbitrary code on the server hosting the ADK instance. This...

10CVSS6.3AI score0.01816EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.5 views

PT-2026-32406

Uncontrolled Resource Consumption CWE-400 in Kibana can lead to denial of service via Excessive Allocation CAPEC-130. An authenticated user with access to the automatic import feature can submit specially crafted requests with excessively large input values. When multiple such requests are sent...

6.5CVSS5.8AI score0.0024EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/13 12:0 a.m.6 views

Apache Airflow 安全漏洞

Apache Airflow is the United States Apache Apache Foundation's set of open source platform with the creation, management and monitoring of workflow functions. The platform is scalable and dynamic monitoring and other features. Apache Airflow has a security bypass vulnerability that stems from...

7.5CVSS5.8AI score0.00439EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.4 views

PT-2026-32366

Name of the Vulnerable Software and Affected Versions Airflow versions prior to 3.2.0 Description Lack of clarity regarding the responsibilities of the Deployment Manager in ensuring secure deployments. Certain assumptions about the security model, workload isolation, and JWT authentication were...

7.5CVSS5.7AI score0.00439EPSS
Exploits0References11
Github Security Blog
Github Security Blog
added 2026/04/10 9:0 p.m.9 views

gramps-webapi: Zip Slip Path Traversal in Media Archive Import

Summary A path traversal vulnerability Zip Slip exists in the media archive import feature. An authenticated user with owner-level privileges can craft a malicious ZIP file with directory-traversal filenames to write arbitrary files outside the intended temporary extraction directory on the...

9.1CVSS5.9AI score0.00401EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder