Lucene search
K

7867 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/20 5:25 a.m.3 views

CVE-2026-33037

WWBN AVideo is an open source video platform. In versions 25.0 and below, the official Docker deployment files docker-compose.yml, env.example ship with the admin password set to "password", which is automatically used to seed the admin account during installation, meaning any instance deployed...

8.1CVSS6.3AI score0.00672EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/20 5:25 a.m.8 views

CVE-2026-33037 WWBN AVideo has predictable default admin credentials in official Docker deployment path

WWBN AVideo is an open source video platform. In versions 25.0 and below, the official Docker deployment files docker-compose.yml, env.example ship with the admin password set to "password", which is automatically used to seed the admin account during installation, meaning any instance deployed...

8.1CVSS6.5AI score0.00672EPSS
Exploits1References2
CVE
CVE
added 2026/03/20 5:25 a.m.22 views

CVE-2026-33037

The CVE concerns WWBN AVideo. In versions ≤25.0, the official Docker deployment files ship with the admin password set to “password,” which is used to seed the admin account during installation unless SYSTEM_ADMIN_PASSWORD is overridden. This creates immediate administrative takeover risk, with f...

8.1CVSS6.3AI score0.00672EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/03/20 5:25 a.m.3 views

CVE-2026-33037 WWBN AVideo has predictable default admin credentials in official Docker deployment path

WWBN AVideo is an open source video platform. In versions 25.0 and below, the official Docker deployment files docker-compose.yml, env.example ship with the admin password set to "password", which is automatically used to seed the admin account during installation, meaning any instance deployed...

8.1CVSS6.3AI score0.00672EPSS
Exploits1References4
Fedora
Fedora
added 2026/03/20 1:3 a.m.7 views

[SECURITY] Fedora 43 Update: bpfman-0.5.4-4.fc43

bpfman operates as an eBPF manager, focusing on simplifying the deployment and administration of eBPF programs...

8.7CVSS5.8AI score0.005EPSS
Exploits0
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.9 views

Stirling-PDF 安全漏洞

Stirling-PDF is a powerful, locally hosted web-based PDF manipulation tool developed by Stirling Tools and open source using Docker. Versions of Stirling-PDF prior to 2.5.2 contained a security vulnerability due to the lack of path checking in the/api/v1/convert/markdown/pdf endpoint, which could...

8.1CVSS5.8AI score0.00462EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/19 10:7 p.m.16 views

CVE-2026-32025 OpenClaw < 2026.2.25 - Password Brute-Force via Browser-Origin WebSocket Authentication Bypass

OpenClaw versions prior to 2026.2.25 contain an authentication hardening gap in browser-origin WebSocket clients that allows attackers to bypass origin checks and auth throttling on loopback deployments. An attacker can trick a user into opening a malicious webpage and perform password brute-forc...

7.5CVSS0.00294EPSS
Exploits0References3
CVE
CVE
added 2026/03/19 10:7 p.m.9 views

CVE-2026-32025

OpenClaw versions prior to 2026.2.25 expose an authentication hardening gap in browser-origin WebSocket clients that bypasses origin checks and auth throttling on loopback deployments. An attacker enticed to visit a malicious page can perform password brute-force against the gateway to establish ...

7.5CVSS5.8AI score0.00294EPSS
Exploits0References3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/19 9:2 p.m.7 views

Security Bulletin: Communications Server (CS) for Data Center Deployment and CS for AIX are affected by: IBM SDK, Java Technology Edition Quarterly CPU - Jan 2026 - Includes Oracle January 2026 CPU

Summary Communications Server CS for Data Center Deployment and CS for AIX install a local Java JRE in its product directories. This JRE is used solely for the IBM Key Manager ikeyman tool which is called by the snakeyman script used for managing the SSL key database used by the TN3270 Server and...

7.5CVSS5.9AI score0.00864EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/19 8:57 p.m.4 views

Security Bulletin: Communications Server (CS) for Data Center Deployment, CS for Linux, and CS for Linux on System z are affected by: IBM SDK, Java Technology Edition Quarterly CPU - Oct 2025 - Includes Oracle October 2025 CPU

Summary Communications Server CS for Data Center Deployment, CS for Linux, and CS for Linux on System z install a local Java JRE in its product directories. This JRE is used solely for the IBM Key Manager ikeyman tool which is called by the snakeyman script used for managing the SSL key database...

7.5CVSS5.9AI score0.00633EPSS
Exploits0Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/19 8:53 p.m.6 views

Security Bulletin: Communications Server (CS) for Data Center Deployment and CS for AIX are affected by: IBM SDK, Java Technology Edition Quarterly CPU - Jul 2025 - Includes Oracle July 2025 CPU

Summary Communications Server CS for Data Center Deployment and CS for AIX install a local Java JRE in its product directories. This JRE is used solely for the IBM Key Manager ikeyman tool which is called by the snakeyman script used for managing the SSL key database used by the TN3270 Server and...

8.1CVSS5.9AI score0.01058EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/19 8:52 p.m.9 views

Security Bulletin: Communications Server (CS) for Data Center Deployment, CS for Linux, and CS for Linux on System z are affected by: IBM SDK, Java Technology Edition Quarterly CPU - Jul 2025 - Includes Oracle July 2025 CPU

Summary Communications Server CS for Data Center Deployment, CS for Linux, and CS for Linux on System z install a local Java JRE in its product directories. This JRE is used solely for the IBM Key Manager ikeyman tool which is called by the snakeyman script used for managing the SSL key database...

8.1CVSS5.9AI score0.01058EPSS
Exploits1Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/19 8:50 p.m.6 views

Security Bulletin: Communications Server (CS) for Data Center Deployment and CS for AIX are affected by: IBM SDK, Java Technology Edition Quarterly CPU - Apr 2025 - Includes Oracle April 2024 CPU plus CVE-2025-4447

Summary Communications Server CS for Data Center Deployment and CS for AIX install a local Java JRE in its product directories. This JRE is used solely for the IBM Key Manager ikeyman tool which is called by the snakeyman script used for managing the SSL key database used by the TN3270 Server and...

7.8CVSS7.5AI score0.00688EPSS
Exploits0Affected Software2
Github Security Blog
Github Security Blog
added 2026/03/19 7:13 p.m.8 views

AVideo has Unauthenticated SSRF via `webSiteRootURL` Parameter in saveDVR.json.php, Chaining to Verification Bypass

Summary A Server-Side Request Forgery SSRF vulnerability exists in plugin/Live/standAloneFiles/saveDVR.json.php. When the AVideo Live plugin is deployed in standalone mode the intended configuration for this file, the $REQUEST'webSiteRootURL' parameter is used directly to construct a URL that is...

9.1CVSS5.8AI score0.00431EPSS
Exploits1References4Affected Software1
The Hacker News
The Hacker News
added 2026/03/19 6:52 p.m.7 views

54 EDR Killers Use BYOVD to Exploit 35 Signed Vulnerable Drivers and Disable Security

A new analysis of endpoint detection and response EDR killers has revealed that 54 of them leverage a technique known as bring your own vulnerable driver BYOVD by abusing a total of 35 vulnerable drivers. EDR killer programs have been a common presence in ransomware intrusions as they offer a way...

5.9AI score
Exploits0
OSV
OSV
added 2026/03/18 5:26 p.m.3 views

GHSA-762R-27W2-Q22J Avo has a XSS vulnerability on `return_to` param

Description A reflected cross-site scripting XSS vulnerability exists in the returnto query parameter used in the avo interface. An attacker can craft a malicious URL that injects arbitrary JavaScript, which is executed when he clicks a dynamically generated navigation button. Impact This...

5.3CVSS5.9AI score0.00264EPSS
Exploits0References7
OSV
OSV
added 2026/03/18 4:16 p.m.4 views

CVE-2026-33001

Jenkins 2.554 and earlier, LTS 2.541.2 and earlier does not safely handle symbolic links during the extraction of .tar and .tar.gz archives, allowing crafted archives to write files to arbitrary locations on the filesystem, restricted only by file system access permissions of the user running...

8.8CVSS6AI score
Exploits0References1
Hacker One
Hacker One
added 2026/03/18 7:47 a.m.29 views

curl: Exposed .git/config File Leading to Potential Sensitive Information Disclosure

Summary: The .git/config file is publicly accessible on the target server, which may expose sensitive repository configuration details. This indicates that the .git directory is improperly exposed, potentially allowing attackers to reconstruct the entire source code repository and extract sensiti...

5.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/03/18 12:0 a.m.5 views

PT-2026-26217

Name of the Vulnerable Software and Affected Versions NLTK versions 3.9.3 and prior Description NLTK Natural Language Toolkit contains a reflected cross-site scripting XSS issue in the lookup ... route of nltk.app.wordnet app. A crafted lookup URL can inject arbitrary HTML/JavaScript into the...

7.5CVSS6.1AI score0.00855EPSS
Exploits2References30
ATTACKERKB
ATTACKERKB
added 2026/03/17 10:45 p.m.2 views

CVE-2026-22727

Unprotected internal endpoints in Cloud Foundry Capi Release 1.226.0 and below, and CF Deployment v54.9.0 and below on all platforms allows any user who has bypassed the firewall to potentially replace droplets and therefore applications allowing them to access secure application information...

7.5CVSS5.8AI score0.00199EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder