Lucene search
K

9198 matches found

Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.11 views

PT-2026-49590

Name of the Vulnerable Software and Affected Versions AIOHTTP versions prior to 3.14.1 Description DigestAuthMiddleware can send an authentication response after following a cross-origin redirect. If a client follows a redirect to an attacker-controlled domain, the attacker may be able to extract...

6.3CVSS5.8AI score0.00323EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.9 views

PT-2026-49192

The Wertheim SafeController 5400, Controller 5400 - AssemblyVersion 6.11.8130.22320, uses RS-485 communication between the server and the microcontroller without cryptographic protection. An attacker with access to the communication path between the server and the microcontroller can sniff RS-485...

8.6CVSS5.4AI score0.00196EPSS
Exploits0References3
VulnCheck KEV
VulnCheck KEV
added 2026/06/15 12:0 a.m.11 views

VulnCheck KEV: CVE-2026-20253

In Splunk Enterprise 10.2 versions below 10.2.4 and 10 versions below 10.0.7, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint. The vulnerability exists because the PostgreSQL sidecar service endpoint lacks authentication controls,...

9.8CVSS5.9AI score0.88171EPSS
In wildExploits5References5
OSV
OSV
added 2026/06/13 8:46 a.m.12 views

BIT-MYSQL-CLIENT-2026-49261 MariaDB server has unsafe parameter handling in `wsrep_notify_cmd`

MariaDB server is a community developed fork of MySQL server. Versions 10.6.1 through 10.6.26, 10.11.1 through 10.11.17, 11.4.1 through 11.4.11, 11.8.1 through 11.8.7, and 12.3.1 with wsrepnotifycmd enabled would execute shell commands embedded in the name of the joiner node. This is fixed in...

10CVSS5.5AI score0.00703EPSS
Exploits0References3
OSV
OSV
added 2026/06/13 8:44 a.m.9 views

BIT-MARIADB-MIN-2026-49261 MariaDB server has unsafe parameter handling in `wsrep_notify_cmd`

MariaDB server is a community developed fork of MySQL server. Versions 10.6.1 through 10.6.26, 10.11.1 through 10.11.17, 11.4.1 through 11.4.11, 11.8.1 through 11.8.7, and 12.3.1 with wsrepnotifycmd enabled would execute shell commands embedded in the name of the joiner node. This is fixed in...

10CVSS5.5AI score0.00703EPSS
Exploits0References3
OSV
OSV
added 2026/06/13 8:44 a.m.11 views

BIT-MARIADB-2026-49261 MariaDB server has unsafe parameter handling in `wsrep_notify_cmd`

MariaDB server is a community developed fork of MySQL server. Versions 10.6.1 through 10.6.26, 10.11.1 through 10.11.17, 11.4.1 through 11.4.11, 11.8.1 through 11.8.7, and 12.3.1 with wsrepnotifycmd enabled would execute shell commands embedded in the name of the joiner node. This is fixed in...

10CVSS5.5AI score0.00703EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/12 6:30 p.m.10 views

Tornado has out-of-bounds memory access via C extension

Summary Tornado's optional native extension tornado.speedups implements websocketmask without validating that the mask argument is exactly four bytes long. The C function reads four bytes from mask unconditionally, even when Python passes a shorter byte string. This can read beyond the provided...

5.3AI score0.00027EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/12 12:27 p.m.17 views

OESA-2026-2674 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: btrfs: qgroup: fix race between quota disable and quota rescan ioctl There's a race between a task disabling quotas and another running the rescan ioctl that can...

9.8CVSS6AI score0.00514EPSS
Exploits6References74
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.16 views

RHEL 8 : kernel (RHSA-2026:25533)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:25533 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: nvme: avoid double free speci...

9.8CVSS5.8AI score0.00563EPSS
Exploits0References35
EUVD
EUVD
added 2026/06/11 5:13 p.m.83 views

EUVD-2026-36269

MariaDB server is a community developed fork of MySQL server. Versions 10.6.1 through 10.6.26, 10.11.1 through 10.11.17, 11.4.1 through 11.4.11, 11.8.1 through 11.8.7, and 12.3.1 with wsrepnotifycmd enabled would execute shell commands embedded in the name of the joiner node. This is fixed in...

10CVSS5.6AI score0.00703EPSS
Exploits0References2
CVE
CVE
added 2026/06/11 5:13 p.m.478 views

CVE-2026-49261

Summary: CVE-2026-49261 affects MariaDB Galera cluster where enabling wsrep_notify_cmd allows shell commands to be executed via the joiner node name. Affected versions include MariaDB 10.6.1–10.6.26, 10.11.1–10.11.17, 11.4.1–11.4.11, 11.8.1–11.8.7, and 12.3.1. Impact: potential remote command exe...

10CVSS5.6AI score0.00703EPSS
Exploits0References10Affected Software1
EUVD
EUVD
added 2026/06/11 12:32 a.m.12 views

EUVD-2026-36135

An information exposure vulnerability in the Palo Alto Networks GlobalProtect app on macOS enables a local user to learn the configured passcodes for disabling, disconnecting, or uninstalling the GlobalProtect app. After the passcode is known, the user can perform these actions even if the...

7.1CVSS6.7AI score0.00405EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.15 views

PT-2026-48683

Impact Element Call versions 0.5.17 through 0.19.3 report analytics data to a PostHog server, when configured to by a posthog key in config.json or by the posthogApiHost and posthogApiKey URL parameters. Several fields of this data $initial person info, $session entry url, and $current url were...

8.6CVSS5.5AI score0.00023EPSS
Exploits0References4
Snyk
Snyk
added 2026/06/11 12:0 a.m.6 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Spring TX transaction instrumentation classes in this package. A remote user can issue calls that drive the transaction instrumentation to allocate resources without limits or...

8.7CVSS5.4AI score0.00278EPSS
Exploits0References2
NVD
NVD
added 2026/06/10 10:16 p.m.9 views

CVE-2026-0267

An information exposure vulnerability in the Palo Alto Networks GlobalProtect app on macOS enables a local user to learn the configured passcodes for disabling, disconnecting, or uninstalling the GlobalProtect app. After the passcode is known, the user can perform these actions even if the...

6.9CVSS0.0011EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/10 8:31 p.m.27 views

CVE-2026-0267 GlobalProtect App: Information Exposure Vulnerability on macOS

An information exposure vulnerability in the Palo Alto Networks GlobalProtect app on macOS enables a local user to learn the configured passcodes for disabling, disconnecting, or uninstalling the GlobalProtect app. After the passcode is known, the user can perform these actions even if the...

6.9CVSS0.0011EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/10 8:31 p.m.8 views

CVE-2026-0267 GlobalProtect App: Information Exposure Vulnerability on macOS

An information exposure vulnerability in the Palo Alto Networks GlobalProtect app on macOS enables a local user to learn the configured passcodes for disabling, disconnecting, or uninstalling the GlobalProtect app. After the passcode is known, the user can perform these actions even if the...

6.9CVSS5.5AI score0.0011EPSS
Exploits0References2
CVE
CVE
added 2026/06/10 8:31 p.m.16 views

CVE-2026-0267

CVE-2026-0267 affects the Palo Alto Networks GlobalProtect app on macOS. It is described as an information exposure vulnerability where a local user can learn the passcodes used to disable, disconnect, or uninstall the app, enabling those actions despite configuration restrictions. The provided d...

6.9CVSS5.5AI score0.0011EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.11 views

PT-2026-48528

An information exposure vulnerability in the Palo Alto Networks GlobalProtect app on macOS enables a local user to learn the configured passcodes for disabling, disconnecting, or uninstalling the GlobalProtect app. After the passcode is known, the user can perform these actions even if the...

6.9CVSS5.5AI score0.0011EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/10 12:0 a.m.7 views

Use of RSA Algorithm without OAEP

Overview Affected versions of this package are vulnerable to Use of RSA Algorithm without OAEP via the Wss4jSecurityInterceptor class, in the Wss4jSecurityInterceptor.java file due to defaulting allowRSA15KeyTransportAlgorithm to true when building the validation RequestData. This overrides Apach...

6.3CVSS5.4AI score0.00129EPSS
Exploits0References2
Rows per page
Query Builder