Lucene search
K

29728 matches found

Tenable Nessus
Tenable Nessus
added 2026/02/05 12:0 a.m.3 views

RHEL 9 : firefox (RHSA-2026:2044)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:2044 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...

9.8CVSS5.6AI score0.0057EPSS
Exploits0References28
Tenable Nessus
Tenable Nessus
added 2026/02/05 12:0 a.m.4 views

RHEL 8 : firefox (RHSA-2026:2070)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:2070 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...

9.8CVSS5.7AI score0.0057EPSS
Exploits0References28
CNNVD
CNNVD
added 2026/02/05 12:0 a.m.9 views

Tanium Reputation 安全漏洞

Tanium Reputation is a threat intelligence integration engine developed by the American company Tanium. Tanium Reputation has a security vulnerability, which stems from improper access control practices...

4.3CVSS5.8AI score0.00209EPSS
Exploits0References1
CNVD
CNVD
added 2026/02/05 12:0 a.m.4 views

Google Chrome Code Execution Vulnerability (CNVD-2026-10652)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a code execution vulnerability that stems from the V8 engine's lack of effective protection against concurrent access to shared resources, which can be exploited by an attacker to execute arbitrary code on...

6.8AI score0.00297EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/02/04 9:48 p.m.4 views

CVE-2026-25546

Godot MCP is a Model Context Protocol MCP server for interacting with the Godot game engine. Prior to version 0.1.1, a command injection vulnerability in godot-mcp allows remote code execution. The executeOperation function passed user-controlled input e.g., projectPath directly to exec, which...

7.8CVSS6.4AI score0.00853EPSS
Exploits1References5Affected Software1
EUVD
EUVD
added 2026/02/04 9:48 p.m.6 views

EUVD-2026-5327

Godot MCP is a Model Context Protocol MCP server for interacting with the Godot game engine. Prior to version 0.1.1, a command injection vulnerability in godot-mcp allows remote code execution. The executeOperation function passed user-controlled input e.g., projectPath directly to exec, which...

7.8CVSS6.4AI score0.00853EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/02/04 9:26 p.m.5 views

CVE-2026-25526 JinJava Bypass through ForTag leads to Arbitrary Java Execution

JinJava is a Java-based template engine based on django template syntax, adapted to render jinja templates. Prior to versions 2.7.6 and 2.8.3, JinJava is vulnerable to arbitrary Java execution via bypass through ForTag. This allows arbitrary Java class instantiation and file access bypassing...

9.8CVSS5.7AI score0.00889EPSS
Exploits1References5
OSV
OSV
added 2026/02/04 9:26 p.m.6 views

CVE-2026-25526 JinJava Bypass through ForTag leads to Arbitrary Java Execution

JinJava is a Java-based template engine based on django template syntax, adapted to render jinja templates. Prior to versions 2.7.6 and 2.8.3, JinJava is vulnerable to arbitrary Java execution via bypass through ForTag. This allows arbitrary Java class instantiation and file access bypassing...

9.8CVSS5.7AI score0.00889EPSS
Exploits1References7
NVD
NVD
added 2026/02/04 5:16 p.m.6 views

CVE-2026-20056

A vulnerability in the Dynamic Vectoring and Streaming DVS Engine implementation of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass the anti-malware scanner, allowing malicious archive files to be downloaded. This vulnerability is du...

4CVSS0.0014EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/04 4:11 p.m.28 views

CVE-2026-20056 Cisco Secure Web Appliance TBD Bypass Vulnerability

A vulnerability in the Dynamic Vectoring and Streaming DVS Engine implementation of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass the anti-malware scanner, allowing malicious archive files to be downloaded. This vulnerability is du...

4CVSS0.0014EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/04 4:11 p.m.6 views

EUVD-2026-5425

A vulnerability in the Dynamic Vectoring and Streaming DVS Engine implementation of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass the anti-malware scanner, allowing malicious archive files to be downloaded. This vulnerability is du...

4CVSS5.6AI score0.0014EPSS
Exploits0References1
OSV
OSV
added 2026/02/04 4:4 p.m.4 views

CVE-2025-71195 dmaengine: xilinx: xdma: Fix regmap max_register

In the Linux kernel, the following vulnerability has been resolved: dmaengine: xilinx: xdma: Fix regmap maxregister The maxregister field is assigned the size of the register memory region instead of the offset of the last register. The result is that reading from the regmap via debugfs can cause...

5.2AI score0.00168EPSS
Exploits0References7
GithubExploit
GithubExploit
added 2026/02/04 2:13 p.m.173 views

Exploit for Reliance on Untrusted Inputs in a Security Decision in Microsoft

Detections for the CVE-2026-21509 vulnerability in MS Office...

8.8CVSS5.5AI score0.96843EPSS
Exploits49
Snyk
Snyk
added 2026/02/04 7:2 a.m.3 views

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview directorytree/imapengine is a fully-featured IMAP library -- without the PHP extension. Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via the id function in ImapConnection.php due to...

7.6CVSS5.7AI score0.00351EPSS
Exploits0References2
EUVD
EUVD
added 2026/02/04 12:30 a.m.6 views

EUVD-2026-5155

Avation Light Engine Pro exposes its configuration and control interface without any authentication or access control...

9.3CVSS5.3AI score0.00494EPSS
Exploits0References2
Exploit DB
Exploit DB
added 2026/02/04 12:0 a.m.158 views

Docker Desktop 4.44.3 - Unauthenticated API Exposure

Exploit Title: Docker Desktop 4.44.3 - Unauthenticated API Exposure Date: 2025-10-06 Exploit Author: OilSeller2001 Vendor Homepage: https://www.docker.com/ Software Link: https://www.docker.com/products/docker-desktop/ Version: Affected on Windows and macOS versions prior to 4.44.3 Tested on:...

9.3CVSS5.6AI score0.01594EPSS
Exploits15
Positive Technologies
Positive Technologies
added 2026/02/04 12:0 a.m.4 views

PT-2026-6079

Name of the Vulnerable Software and Affected Versions Cisco AsyncOS Software for Cisco Secure Web Appliance affected versions not specified Description A flaw in the Dynamic Vectoring and Streaming DVS Engine implementation may allow a remote, unauthenticated attacker to circumvent the anti-malwa...

4CVSS5.5AI score0.0014EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/04 12:0 a.m.6 views

Cisco Secure Web Appliance 安全漏洞

Cisco Secure Web Appliance is an application developed by the American company Cisco. It is used to protect websites. There is a security vulnerability in Cisco Secure Web Appliance, which stems from the dynamic vector and stream engine’s improper handling of certain archive files. This...

4CVSS5.8AI score0.0014EPSS
Exploits0References2
NVD
NVD
added 2026/02/03 10:16 p.m.5 views

CVE-2026-1341

Avation Light Engine Pro exposes its configuration and control interface without any authentication or access control...

9.3CVSS0.00494EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/03 9:26 p.m.30 views

CVE-2026-1341 Missing Authentication for Critical Function in Avation Light Engine Pro

Avation Light Engine Pro exposes its configuration and control interface without any authentication or access control...

9.3CVSS0.00494EPSS
Exploits0References3
Rows per page
Query Builder