Lucene search
K

770 matches found

OSV
OSV
added 2026/02/26 12:27 a.m.9 views

CVE-2026-27840 ZITADEL's truncated opaque tokens are still valid

ZITADEL is an open source identity management platform. Starting in version 2.31.0 and prior to versions 3.4.7 and 4.11.0, opaque OIDC access tokens in the v2 format truncated to 80 characters are still considered valid. Zitadel uses a symmetric AES encryption for opaque tokens. The cleartext...

4.3CVSS5.6AI score0.00142EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/02/26 12:5 a.m.21 views

CVE-2026-26186 Fleet has a SQL injection via backtick escape in ORDER BY parameter

Fleet is open source device management software. A SQL injection vulnerability in versions prior to 4.80.1 allowed authenticated users to inject arbitrary SQL expressions via the orderkey query parameter. Due to unsafe use of goqu.I when constructing the ORDER BY clause, specially crafted input...

7.2CVSS0.00301EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2026/02/25 12:0 a.m.6 views

Socomec DIRIS A-40 HTTP API Authentication Bypass Vulnerability

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Socomec DIRIS A-40 power monitoring devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web API implementation, which listens on TCP po...

6.3CVSS5.6AI score0.00388EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/11 11:4 a.m.5 views

CVE-2026-1094

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.8 before 18.8.4 that could have allowed an authenticated developer to hide specially crafted file changes from the WebUI...

4.6CVSS5.5AI score0.00162EPSS
Exploits0References4Affected Software1
Microsoft Security Update
Microsoft Security Update
added 2026/02/10 10:0 a.m.8 views

2026-02 .NET 10.0.3 Security Update for x86 Client (KB5077862)

2026-02 .NET 10.0.3 Security Update for x86 Client KB5077862...

5.4AI score
Exploits0
RedHat Linux
RedHat Linux
added 2026/02/10 9:11 a.m.4 views

Scrapy: python-scrapy: brotli: Python brotli decompression bomb DoS

Scrapy are vulnerable to a denial of service DoS attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of available memory. This occur...

7.5CVSS5.8AI score0.00509EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/02/10 7:49 a.m.12 views

Scrapy: python-scrapy: brotli: Python brotli decompression bomb DoS

Scrapy are vulnerable to a denial of service DoS attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of available memory. This occur...

7.5CVSS5.8AI score0.00509EPSS
Exploits0References5
NVD
NVD
added 2026/02/04 9:15 p.m.6 views

CVE-2025-13375

IBM Common Cryptographic Architecture CCA 7.5.52 and 8.4.82 could allow an unauthenticated user to execute arbitrary commands with elevated privileges on the system...

9.8CVSS0.00506EPSS
Exploits0References1
CVE
CVE
added 2026/02/04 8:31 p.m.16 views

CVE-2025-13375

IBM Common Cryptographic Architecture (CCA) versions affected: 7.5.52 and 8.4.82. The Red Hat/IBM bulletin and NVD entries indicate an unauthenticated user could execute arbitrary commands with elevated privileges on systems running these CCA releases. Affected platforms include IBM AIX, IBM i, I...

9.8CVSS5.8AI score0.00506EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/03 4:6 p.m.5 views

CVE-2026-24762

RustFS is a distributed object storage system built in Rust. From versions alpha.13 to alpha.81, RustFS logs sensitive credential material access key, secret key, session token to application logs at INFO level. This results in credentials being recorded in plaintext in log output, which may be...

6.9CVSS5.3AI score0.00245EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/01/30 11:5 a.m.4 views

CVE-2025-26385

Johnson Controls Metasys component listed below have Improper Neutralization of Special Elements used in a Command Command Injection Vulnerability . Successful exploitation of this vulnerability could allow remote SQL execution This issue affects Metasys: Application and Data Server ADS installed...

9.5CVSS6AI score0.0144EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/01/29 12:48 a.m.3 views

CGA-HP42-XC84-GHF7

Bulletin has no description...

6.5CVSS6.6AI score0.02587EPSS
Exploits1
OSV
OSV
added 2026/01/29 12:47 a.m.2 views

CGA-83HM-F2HW-QMMG

Bulletin has no description...

4.3CVSS5.8AI score0.01686EPSS
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/29 12:0 a.m.12 views

A Systematic Literature Review on LLM Defenses against Prompt Injection and Jailbreaking: Expanding NIST Taxonomy

The rapid advancement and widespread adoption of generative artificial intelligence GenAI and large language models LLMs has been accompanied by the emergence of new security vulnerabilities and challenges, such as jailbreaking and other prompt injection attacks. These maliciously crafted inputs...

5.4AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/24 3:17 a.m.6 views

CVE-2026-0782

ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability. The specific fla...

8.8CVSS6.5AI score0.0148EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/22 4:51 p.m.6 views

EUVD-2026-4086

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in xtemos WoodMart woodmart allows Code Injection.This issue affects WoodMart: from n/a through = 8.3.7...

5.4AI score0.00336EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/22 12:0 a.m.6 views

PT-2026-3897

AP180 series with firmware versions prior to AP RGOS 11.94B1P8 contains an OS command injection vulnerability. If this vulnerability is exploited, arbitrary commands may be executed on the devices...

8.6CVSS7.3AI score0.0154EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2026/01/21 8:55 a.m.9 views

VoidLink Linux Malware Framework Built with AI Assistance Reaches 88,000 Lines of Code

The recently discovered sophisticated Linux malware framework known as VoidLink is assessed to have been developed by a single person with assistance from an artificial intelligence AI model. That's according to new findings from Check Point Research, which identified operational security blunder...

6AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/16 8:18 p.m.5 views

CVE-2025-59960

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Juniper DHCP service jdhcpd of Juniper Networks Junos OS and Junos OS Evolved allows a DHCP client in one subnet to exhaust the address pools of other subnets, leading to a Denial of Service DoS on the downstream DHCP...

7.4CVSS6.7AI score0.0024EPSS
Exploits0References1
CVE
CVE
added 2026/01/16 4:14 p.m.19 views

CVE-2026-22782

RustFS (RustFS) vulnerability CVE-2026-22782: an invalid RPC signature path in crates/ecstore/src/rpc/http_auth.rs logs the shared HMAC secret and the expected_signature for any invalidly signed request, exposing the secret to log readers and enabling forged RPC calls. Affected versions are 1.0.0...

7.5CVSS6.2AI score0.00472EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder