Lucene search
K

7597 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/24 11:53 a.m.5 views

CVE-2026-56262

Crawl4AI before 0.8.7 contains an authentication bypass vulnerability in the monitor router endpoints that allows unauthenticated attackers to access destructive operations. Remote attackers can invoke the /monitor/actions/cleanup endpoint and manipulate monitoring state without authentication,...

6.9CVSS5.9AI score0.00417EPSS
Exploits0References4
Redos
Redos
added 2026/06/24 12:0 a.m.4 views

ROS-20260624-73-0032

The vulnerability in Netty is related to an uncontrolled resource consumption. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

7.5CVSS6.7AI score0.00455EPSS
Exploits0
NVD
NVD
added 2026/06/23 5:16 p.m.6 views

CVE-2025-61027

An issue in the tsetpush component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

7.5CVSS0.0035EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/23 12:12 p.m.5 views

EUVD-2023-60596

Traefik before 2.10.5 and 3.0.0-beta4 is affected by a denial-of-service vulnerability in HTTP/2 request handling inherited from the Go standard library's HTTP/2 implementation CVE-2023-44487 / CVE-2023-39325, the 'Rapid Reset' technique. A remote attacker can rapidly create and cancel HTTP/2...

8.7CVSS5.9AI score0.00566EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.12 views

PT-2026-51471

Name of the Vulnerable Software and Affected Versions OpenSSH affected versions not specified Description A double free flaw exists in the Diffie-Hellman Group Exchange DH-GEX client path. This occurs during FIPS Federal Information Processing Standards mode known-group validation when the client...

6.5CVSS6.1AI score0.00242EPSS
Exploits1References18
RedHat Linux
RedHat Linux
added 2026/06/22 9:1 p.m.4 views

etcd: etcd: Authorization bypass allows information disclosure and denial of service

A flaw was found in etcd, a distributed key-value store. Unauthorized users can bypass authentication or authorization checks when the gRPC API is exposed to untrusted clients. This allows them to access sensitive cluster topology information, disrupt operations through alarms, interfere with lea...

8.8CVSS6.1AI score0.00249EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/22 3:13 p.m.6 views

httpd: httpd: HTTP/2 Remote Denial of Service via compression bomb and Slowloris-style attack

A flaw was found in HTTP/2, affecting various web servers. A remote attacker can exploit this vulnerability by combining an HPACK compression bomb with a zero-byte flow-control window. This technique allows a small amount of data to expand into large memory allocations on the server, which are th...

7.5CVSS7.1AI score0.11471EPSS
Exploits8References6
Cvelist
Cvelist
added 2026/06/22 1:38 p.m.41 views

CVE-2026-6673 Mattermost Jira plugin had unauthenticated {{/ac/installed}} lifecycle callback during pending Jira Cloud install

Mattermost versions 11.7.x = 11.7.0, 11.6.x = 11.6.2, 11.5.x = 11.5.5, 10.11.x = 10.11.17 fail to authenticate Atlassian Connect installed callbacks, allowing a remote unauthenticated attacker to inject a rogue sharedSecret and disrupt the Jira integration via POST to /ac/installed during the...

6.4CVSS0.00177EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/22 5:29 a.m.7 views

kernel: RDMA/iwcm: Fix workqueue list corruption by removing work_list

A flaw was found in the Linux kernel's Remote Direct Memory Access RDMA Internet Wide Area RDMA Protocol iWARP subsystem. Incorrect work submission logic in the iwcm component can lead to multiple queueing of work items. This allows a work item to be processed and freed while still present in the...

9.8CVSS5.7AI score0.00465EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2026/06/22 12:0 a.m.1 views

The vulnerability of the calipso_skbuff_setattr() function in the net/ipv6/calipso.c module of the Linux operating system’s IPv6 kernel implementation allows a malicious actor to trigger a service failure remotely.

The vulnerability of the calipsoskbuffsetattr function in the net/ipv6/calipso.c module of the Linux operating system’s IPv6 kernel implementation is related to integer overflow or cyclic shift vulnerabilities. Exploiting this vulnerability could allow a remote attacker to cause a service failure...

7.8CVSS6.2AI score0.00114EPSS
Exploits0References12Affected Software8
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.1 views

Astra Linux – Vulnerability in libxstream-java

XStream is a Java library for serializing objects to XML and back again. Before version 1.4.16, XStream had a vulnerability that could allow a remote attacker to allocate 100% of the CPU resources on the target system, depending on the CPU type or the parallel execution of certain payloads. This...

7.5CVSS7AI score0.77801EPSS
Exploits1References1
OSV
OSV
added 2026/06/19 6:31 a.m.4 views

GHSA-XG3J-C7Q4-F9PH Canonical MicroCeph: path traversal issue in the remote-import AP

Canonical MicroCeph versions from the squid and tentacle track are vulnerable to a path traversal issue in the remote-import API. Holders of a trusted cluster mTLS certificate such as enrolled cluster members or join token can manipulate files in an imported remote cluster within the...

5CVSS5.9AI score0.00208EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/06/19 6:31 a.m.7 views

Canonical MicroCeph: path traversal issue in the remote-import AP

Canonical MicroCeph versions from the squid and tentacle track are vulnerable to a path traversal issue in the remote-import API. Holders of a trusted cluster mTLS certificate such as enrolled cluster members or join token can manipulate files in an imported remote cluster within the...

5CVSS5.9AI score0.00208EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/06/19 6:17 a.m.13 views

CVE-2026-10720

Canonical MicroCeph versions from the squid and tentacle track are vulnerable to a path traversal issue in the remote-import API. Holders of a trusted cluster mTLS certificate such as enrolled cluster members or join token can manipulate files in an imported remote cluster within the...

5CVSS0.00208EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/19 4:57 a.m.7 views

CVE-2026-10720

Canonical MicroCeph versions from the squid and tentacle track are vulnerable to a path traversal issue in the remote-import API. Holders of a trusted cluster mTLS certificate such as enrolled cluster members or join token can manipulate files in an imported remote cluster within the...

5CVSS5.9AI score0.00208EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/19 4:57 a.m.12 views

EUVD-2026-37990

Canonical MicroCeph versions from the squid and tentacle track are vulnerable to a path traversal issue in the remote-import API. Holders of a trusted cluster mTLS certificate such as enrolled cluster members or join token can manipulate files in an imported remote cluster within the...

5CVSS5.9AI score0.00208EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/19 4:57 a.m.33 views

CVE-2026-10720 MicroCeph path traversal issue in the remote-import API

Canonical MicroCeph versions from the squid and tentacle track are vulnerable to a path traversal issue in the remote-import API. Holders of a trusted cluster mTLS certificate such as enrolled cluster members or join token can manipulate files in an imported remote cluster within the...

5CVSS0.00208EPSS
Exploits0References1
CVE
CVE
added 2026/06/19 4:57 a.m.34 views

CVE-2026-10720

CVE-2026-10720 affects Canonical MicroCeph versions on squid and tentacle tracks. A path traversal in the remote-import API allows holders of a trusted cluster mTLS certificate or a join token to manipulate files inside the imported remote cluster confined at /var/snap/microceph, potentially caus...

5CVSS5.9AI score0.00208EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.23 views

PT-2026-50835

Name of the Vulnerable Software and Affected Versions Canonical MicroCeph versions from the squid and tentacle track Description A path traversal issue exists in the remote-import API. Users possessing a join token or a trusted cluster mTLS certificate, such as enrolled cluster members, can...

5CVSS5.9AI score0.00208EPSS
Exploits0References13
NVD
NVD
added 2026/06/18 8:16 p.m.15 views

CVE-2026-48983

pamusb provides hardware authentication for Linux using ordinary removable media. In versions prior to 0.9.2, a symlink race condition exists in per-device and per-user pad directory creation. pamusb uses a check-then-act pattern: it calls lstat to test for existence and then calls mkdir separate...

5.8CVSS0.00084EPSS
Exploits0References2
Rows per page
Query Builder