Lucene search
K

1584 matches found

Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.9 views

PT-2026-47571

Impact The Ironic Standalone Operator IRSO is the operator to maintain an Ironic deployment for Metal3. IRSO controller automatically adds its environment label to user-provided Secrets and ConfigMaps without the resource owner's consent. A high-privilege controller modifying user-owned resources...

4.3CVSS5.5AI score
Exploits0References6
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.11 views

ai-goofish-monitor 安全漏洞

ai-goofish-monitor is an AI-based multi-task real-time monitoring and web management tool developed by Usagi-org. There is a security vulnerability in ai-goofish-monitor. This vulnerability stems from the GET /api/prompts/filename endpoint in Windows deployments, which contains an unvalidated...

8.2CVSS6AI score0.006EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/27 2:20 p.m.44 views

CVE-2026-1248 IBM Business Automation Workflow information leak

IBM Business Automation Workflow containers and traditional may leak information about its database structure in error messages...

0.00219EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 2:20 p.m.11 views

CVE-2026-1248 IBM Business Automation Workflow information leak

IBM Business Automation Workflow containers and traditional may leak information about its database structure in error messages...

5.8AI score0.00219EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2026/05/27 10:6 a.m.26 views

Gitea Vulnerability Exposes Private Container Images without Authentication

Cybersecurity researchers have disclosed a security flaw in Gitea, an open-source, self-hosted platform for version control, that allows unauthenticated remote attackers to pull private container images from Gitea deployments without requiring an account, password, or other credentials. The...

5.8AI score0.40738EPSS
Exploits1
The Hacker News
The Hacker News
added 2026/05/27 7:45 a.m.18 views

AI Chatbot Recommendations Redirect Users to Cryptojacking Malware Sites

Microsoft has warned of an active cryptojacking campaign that makes use of artificial intelligence AI chatbot interactions as a mechanism for surfacing malicious download sites. "This emerging delivery technique extends social engineering beyond conventional search results and increases the...

8.8CVSS7.8AI score0.64987EPSS
Exploits6
Cvelist
Cvelist
added 2026/05/26 8:59 p.m.36 views

CVE-2026-47672 epa4all-client: Unauthenticated REST API for Patient Record Writes

epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. In 1.2.4 and earlier, any network-reachable caller can write arbitrary documents to any patient's electronic health record accessible by the institution's SMC-B card. In a misconfigured deployment e.g.,...

6.5CVSS0.00162EPSS
Exploits0References2
OSV
OSV
added 2026/05/23 12:16 a.m.9 views

GHSA-JPJH-JM2P-39HH Arcane: Missing admin authorization on global variables endpoint

Summary The PUT /api/environments/id/templates/variables endpoint, which writes the system-wide .env.global file used for variable substitution in every project's compose file, is missing an admin authorization check. Any authenticated non-admin user can call this endpoint with their bearer token...

8.8CVSS6AI score0.00245EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/21 12:47 a.m.47 views

EUVD-2026-31205

A missing authentication vulnerability exists in the Altium 365 SearchService. A legacy SOAP endpoint exposes search index operations without requiring authentication, session tokens, or any form of identity verification. An unauthenticated network attacker who can reference a target workspace's...

10CVSS5.8AI score0.00339EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/21 12:47 a.m.7 views

CVE-2026-9152

A missing authentication vulnerability exists in the Altium 365 SearchService. A legacy SOAP endpoint exposes search index operations without requiring authentication, session tokens, or any form of identity verification. An unauthenticated network attacker who can reference a target workspace's...

10CVSS5.8AI score0.00339EPSS
Exploits0References2
CVE
CVE
added 2026/05/20 6:5 p.m.13 views

CVE-2026-9129

The CVE-2026-9129 entry concerns Altium Enterprise Server Viewer StorageController. On on‑prem deployments using local filesystem storage, an authenticated user can supply a URL-encoded absolute path in a Viewer storage API request, causing the storage root to be discarded and enabling arbitrary ...

9.4CVSS5.9AI score0.00239EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/20 6:5 p.m.7 views

CVE-2026-9129

A path traversal vulnerability exists in the Altium Enterprise Server Viewer StorageController due to improper handling of file path route parameters. On on-premise deployments that use local filesystem storage, a regular authenticated user can supply a URL-encoded absolute path such as an encode...

9.4CVSS5.9AI score0.00239EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in openjdk-11

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition products of Oracle Java SE component: Security. The supported versions affected by this vulnerability are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9,...

7.4CVSS6.8AI score0.00911EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in openjdk-11

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, and Oracle GraalVM for JDK products of Oracle Java SE component: Networking. The supported versions affected by this vulnerability are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3....

3.1CVSS6.4AI score0.00866EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in openjdk-11

Vulnerability in the Oracle Java SE and Oracle GraalVM Enterprise Edition products of Oracle Java SE component: Libraries. The supported versions affected include Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1, and 22.0.0.2. This easily...

7.5CVSS7.1AI score0.03825EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in openjdk-11

Vulnerability in the Oracle Java SE and Oracle GraalVM Enterprise Edition products of Oracle Java SE component: Concurrency. The supported versions affected by this vulnerability are Oracle Java SE: 8u411, 8u411-perf, 11.0.23; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. The...

3.7CVSS6AI score0.01056EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.10 views

PT-2026-42246

A path traversal vulnerability exists in the Altium Enterprise Server Viewer StorageController due to improper handling of file path route parameters. On on-premise deployments that use local filesystem storage, a regular authenticated user can supply a URL-encoded absolute path such as an encode...

9.4CVSS5.9AI score0.00239EPSS
Exploits0References2
NVD
NVD
added 2026/05/19 10:16 a.m.14 views

CVE-2026-31388

Improper Access Control vulnerability in Apache OFBiz in multi-tenant deployments. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

5.3CVSS0.00416EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/19 9:28 a.m.42 views

CVE-2026-31388 Apache OFBiz: Cross-Tenant Data Exposure via Program Export Feature

Improper Access Control vulnerability in Apache OFBiz in multi-tenant deployments. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

0.00416EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/19 9:28 a.m.6 views

CVE-2026-31388

Improper Access Control vulnerability in Apache OFBiz in multi-tenant deployments. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

5.8AI score0.00416EPSS
Exploits0References2
Rows per page
Query Builder