Lucene search
K

102 matches found

ATTACKERKB
ATTACKERKB
added 2026/07/06 9:41 p.m.7 views

CVE-2026-43925

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, an unauthenticated mass assignment vulnerability in the client self-registration endpoint allows any visitor to assign themselves to an arbitrary client group during sign-up. Because client groups can...

6.9CVSS6.1AI score0.00298EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/06 7:27 p.m.6 views

CVE-2026-41516

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 4.5.0 and prior to version 4.11.0, the RSA PKCS1 v1.5 decryption implementation in the Hisilicon HPRE crypto driver...

2.5CVSS6AI score0.00099EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/06 7:6 p.m.5 views

CVE-2026-41514

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 4.5.0 and prior to version 4.11.0, the RSA-OAEP decryption implementation in the Hisilicon HPRE crypto driver uses...

2.5CVSS6AI score0.00095EPSS
Exploits0References2Affected Software1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in freerdp2

FreeRDP is a free implementation of the Remote Desktop Protocol. Clients that use versions of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read vulnerabilities. Versions 3.5.0 and 2.11.6 address this issue. As a workaround, deactivate /gfx which is enabled by default; instead,...

9.8CVSS7.1AI score0.0195EPSS
Exploits1References2
OSV
OSV
added 2026/04/21 1:16 a.m.6 views

DEBIAN-CVE-2026-39378

The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. In versions 6.5 through 7.17.0, when HTMLExporter.embedimages=True, nbconvert's markdown renderer allows arbitrary file read via path traversal in image references. A malicious notebook...

6.5CVSS5.5AI score0.00306EPSS
Exploits0References1
OSV
OSV
added 2026/04/16 8:45 p.m.5 views

GHSA-F8HV-G549-HWG2 Weblate: SSRF via the webhook add-on using unprotected fetch_url()

Impact The webhook add-on did not utilize existing SSRF protection. Patches https://github.com/WeblateOrg/weblate/pull/18815 Workarounds Disabling the add-on would avoid misusing this. References Thanks to @Lihfdgjr for reporting this via GitHub...

4.1CVSS5.8AI score0.00275EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/03/28 4:56 a.m.4 views

CVE-2026-33725

Metabase is an open source business intelligence and embedded analytics tool. In Metabase Enterprise prior to versions 1.54.22, 1.55.22, 1.56.22, 1.57.16, 1.58.10, and 1.59.4, authenticated admins on Metabase Enterprise Edition can achieve Remote Code Execution RCE and Arbitrary File Read via the...

7.2CVSS6.2AI score0.00763EPSS
Exploits1References1
NVD
NVD
added 2026/03/27 1:16 a.m.10 views

CVE-2026-33701

OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. In versions prior to 2.26.1, the RMI instrumentation registered a custom endpoint that deserialized incoming data without applying serialization filters. On JDK version 16 and...

9.8CVSS0.00933EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2026/03/27 12:1 a.m.4 views

CVE-2026-33701

OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. In versions prior to 2.26.1, the RMI instrumentation registered a custom endpoint that deserialized incoming data without applying serialization filters. On JDK version 16 and...

9.3CVSS6.6AI score0.00933EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2026/03/27 12:1 a.m.27 views

CVE-2026-33701

OpenTelemetry Java instrumentation (opentelemetry-javaagent) contains an unsafe deserialization flaw in its RMI integration prior to version 2.26.1. If the agent is attached on a JDK 16 or earlier, and an RMI/JMX port is network-reachable with a gadget-chain–compatible library on the application ...

9.8CVSS6.6AI score0.00933EPSS
Exploits1References6Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/26 3:4 p.m.4 views

CVE-2026-26207 DIscourse's discourse-policy plugin lacks post access check

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, discourse-policy plugin allows any authenticated user to interact with policies on posts they do not have permission to view. The PolicyController loads posts by ID without verifying the current...

5.4CVSS6AI score0.00151EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/02/07 12:25 a.m.11 views

SUSE CVE-2026-23518

Fleet is open source device management software. In versions prior to 4.78.3, 4.77.1, 4.76.2, 4.75.2, and 4.53.3, a vulnerability in Fleet's Windows MDM enrollment flow could allow an attacker to submit forged authentication tokens that are not properly validated. Because JWT signatures were not...

9.8CVSS5.5AI score0.00226EPSS
Exploits0References3
OSV
OSV
added 2026/01/22 10:16 p.m.4 views

DEBIAN-CVE-2026-24117

Rekor is a software supply chain transparency log. In versions 1.4.3 and below, attackers can trigger SSRF to arbitrary internal services because /api/v1/index/retrieve supports retrieving a public key via user-provided URL. Since the SSRF only can trigger GET requests, the request cannot mutate...

5.3CVSS8.4AI score0.00332EPSS
Exploits0References1
Snyk
Snyk
added 2026/01/20 8:55 p.m.5 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via the JWT verification process. An attacker can gain unauthorized enrollment of rogue devices by submitting a forged JWT with arbitrary identity claims, as the system fails to verify th...

9.8CVSS5.8AI score0.00226EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 9:27 a.m.10 views

CVE-2023-45150

Nextcloud calendar is a calendar app for the Nextcloud server platform. Due to missing precondition checks the server was trying to validate strings of any length as email addresses even when megabytes of data were provided, eventually making the server busy and unresponsive. It is recommended th...

4.3CVSS6.8AI score0.00386EPSS
Exploits1References1
Nextcloud
Nextcloud
added 2025/12/05 8:4 a.m.15 views

Tables app share information not limited to relevant users

None...

5.3CVSS5.2AI score0.00249EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
added 2025/12/05 7:54 a.m.25 views

Tables app allowed users to view columns metadata information of any table

None...

4.3CVSS5.2AI score0.0024EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-29216

Malicious code in bioql PyPI...

5.4CVSS6.3AI score0.00222EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-32042

Malicious code in bioql PyPI...

6.2CVSS6.4AI score0.00189EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/08/28 2:57 p.m.9 views

Contao discloses sensitive information in the front end search index

Impact Protected content elements that are rendered as fragments are indexed and become publicly available in the front end search. Patches Update to Contao 4.13.56, 5.3.38 or 5.6.1. Workarounds Disable the front end search. For more information If you have any questions or comments about this...

5.3CVSS7AI score0.00266EPSS
Exploits0References5Affected Software2
Rows per page
Query Builder