Lucene search
K

939 matches found

NVD
NVD
added 2026/05/10 9:16 a.m.13 views

CVE-2026-8242

A vulnerability was found in Industrial Application Software IAS Canias ERP 8.03. The impacted element is the function doAction of the component Login RMI Interface. Performing a manipulation results in observable response discrepancy. The attack is possible to be carried out remotely. A high...

6.3CVSS0.00289EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/10 8:15 a.m.6 views

CVE-2026-8242 Industrial Application Software IAS Canias ERP Login RMI doAction response discrepancy

A vulnerability was found in Industrial Application Software IAS Canias ERP 8.03. The impacted element is the function doAction of the component Login RMI Interface. Performing a manipulation results in observable response discrepancy. The attack is possible to be carried out remotely. A high...

6.3CVSS5.2AI score0.00289EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/10 8:15 a.m.40 views

CVE-2026-8242 Industrial Application Software IAS Canias ERP Login RMI doAction response discrepancy

A vulnerability was found in Industrial Application Software IAS Canias ERP 8.03. The impacted element is the function doAction of the component Login RMI Interface. Performing a manipulation results in observable response discrepancy. The attack is possible to be carried out remotely. A high...

6.3CVSS0.00289EPSS
Exploits0References5
CVE
CVE
added 2026/05/10 8:15 a.m.16 views

CVE-2026-8242

Technical details about CVE-2026-8242 are not publicly available in the provided documents. Monitor for updates from the vendor and security advisories.

6.3CVSS5.2AI score0.00289EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/05/08 10:38 p.m.11 views

gitsign verify accepts signatures over go-git-normalized bytes, enabling trust confusion on malformed commits

Summary gitsign verify and gitsign verify-tag re-encode commit/tag objects through go-git's EncodeWithoutSignature before checking the signature, instead of verifying against the raw git object bytes. For malformed objects with duplicate tree headers, git-core and go-git parse different trees:...

5.3CVSS5.8AI score0.00119EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/06 6:13 p.m.13 views

dssrf: every IPv6 category bypasses is_url_safe

A vulnerability on dssrf allow, an attacker to use, one of them following ipv6 rust Input Category http://::1/ IPv6 loopback http://fc00::1/ IPv6 ULA http://fe80::1/ IPv6 link-local http://::ffff:127.0.0.1/ IPv4-mapped loopback http://::ffff:169.254.169.254/ IPv4-mapped IMDS...

8.7CVSS5.2AI score0.00349EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/05/06 6:13 p.m.5 views

GHSA-8P33-Q827-GHJ5 dssrf: every IPv6 category bypasses is_url_safe

A vulnerability on dssrf allow, an attacker to use, one of them following ipv6 rust Input Category http://::1/ IPv6 loopback http://fc00::1/ IPv6 ULA http://fe80::1/ IPv6 link-local http://::ffff:127.0.0.1/ IPv4-mapped loopback http://::ffff:169.254.169.254/ IPv4-mapped IMDS...

8.7CVSS5.3AI score0.00349EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/06 4:14 p.m.8 views

CVE-2026-20195 Cisco Identity Services Engine Observable Response Discrepancy Vulnerability

A vulnerability in an identity management API endpoint of Cisco ISE could allow an unauthenticated, remote attacker to enumerate valid user accounts on an affected device. This vulnerability exists because error messages are observed when the affected API endpoint is called. An attacker could...

5.3CVSS5.8AI score0.00275EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/06 4:14 p.m.31 views

CVE-2026-20195 Cisco Identity Services Engine Observable Response Discrepancy Vulnerability

A vulnerability in an identity management API endpoint of Cisco ISE could allow an unauthenticated, remote attacker to enumerate valid user accounts on an affected device. This vulnerability exists because error messages are observed when the affected API endpoint is called. An attacker could...

5.3CVSS0.00275EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.25 views

PT-2026-38305

Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 1.6.32 Description A logical flaw in the URL checking logic allows attackers to bypass security filters, leading to Server-Side Request Forgery SSRF. The system uses the validate url function to perform security...

9.8CVSS5.8AI score0.00378EPSS
Exploits1References7
OSV
OSV
added 2026/04/27 12:0 p.m.8 views

RUSTSEC-2026-0112 PAX Header Desynchronization in astral-tokio-tar

Versions of astral-tokio-tar prior to 0.6.1 contain a PAX header interpretation bug that allows manipulated entries to be made selectively visible or invisible during extraction with astral-tokio-tar versus other tar implementations. An attacker could use this differential to smuggle unexpected...

5.3AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/04/27 12:0 a.m.6 views

Debian dla-4551 : libmbedcrypto3 - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4551 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4551-1 [email protected]...

6.7CVSS5.7AI score0.0024EPSS
Exploits0References6
EUVD
EUVD
added 2026/04/17 9:1 p.m.6 views

EUVD-2026-23539

HomeBox is a home inventory and organization system. Versions prior to 0.25.0 contain a vulnerability where the defaultGroup ID remained permanently assigned to a user after being invited to a group, even after their access to that group was revoked. While the web interface correctly enforced the...

8.1CVSS5.7AI score0.00247EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/13 7:25 p.m.7 views

CVE-2026-4113

An observable response discrepancy vulnerability in the SonicWall SMA1000 series appliances allows a remote attacker to enumerate SSL VPN user credentials...

7.2CVSS5.8AI score0.00363EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/09 3:35 p.m.3 views

EUVD-2026-20904

An observable response discrepancy vulnerability in the SonicWall SMA1000 series appliances allows a remote attacker to enumerate SSL VPN user credentials...

7.1AI score0.00363EPSS
Exploits0References2
NVD
NVD
added 2026/04/09 3:16 p.m.7 views

CVE-2026-4113

An observable response discrepancy vulnerability in the SonicWall SMA1000 series appliances allows a remote attacker to enumerate SSL VPN user credentials...

7.2CVSS0.00363EPSS
Exploits0References1
CVE
CVE
added 2026/04/09 2:23 p.m.17 views

CVE-2026-4113

Summary : CVE-2026-4113 affects SonicWall SMA1000 series appliances. An observable response discrepancy allows a remote attacker to enumerate SSL VPN user credentials. Affected products (from connected docs) : SonicWall SMA1000 series appliances (SMA 1000). Impact : Credential enumeration via rem...

7.2CVSS7.1AI score0.00363EPSS
Exploits0References1Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/08 12:17 a.m.17 views

Hono: Non-breaking space prefix bypass in cookie name handling in getCookie()

Summary A discrepancy between browser cookie parsing and parse handling allows cookie prefix protections to be bypassed. Cookie names that are treated as distinct by the browser may be normalized to the same key by parse, allowing attacker-controlled cookies to override legitimate ones. Details...

4.8CVSS5.9AI score0.00284EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/04/02 6:59 p.m.20 views

CVE-2026-34760 vLLM: Downmix Implementation Differences as Attack Vectors Against Audio AI Models

vLLM is an inference and serving engine for large language models LLMs. From version 0.5.5 to before version 0.18.0, Librosa defaults to using numpy.mean for mono downmixing tomono, while the international standard ITU-R BS.775-4 specifies a weighted downmixing algorithm. This discrepancy results...

5.9CVSS0.00267EPSS
Exploits0References4
CVE
CVE
added 2026/04/02 6:59 p.m.14 views

CVE-2026-34760

Summary: CVE-2026-34760 concerns vLLM’s audio processing path via Librosa. From version 0.5.5 up to before 0.18.0, Librosa used numpy.mean for mono downmix (to_mono), while ITU-R BS.775-4 specifies a weighted downmix. This mismatch creates inconsistency between audio perceived by humans and audio...

7.1CVSS5.8AI score0.00267EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder