Lucene search
K

2489 matches found

NVD
NVD
added 2026/06/25 5:16 a.m.15 views

CVE-2026-0934

GitLab has remediated an issue in GitLab EE affecting all versions from 17.9 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with custom role permissions to view, create, or delete protected environment configuratio...

3.8CVSS0.00201EPSS
Exploits0References3
CVE
CVE
added 2026/06/25 4:35 a.m.102 views

CVE-2026-0934

GitLab Enterprise Edition (GitLab EE) has remediated a privilege‑escalation issue affecting all releases prior to fixed patches: 17.9 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1. An authenticated user with custom role permissions could view, create, or delete protected environment ...

3.8CVSS5.9AI score0.00201EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/06/25 4:35 a.m.32 views

CVE-2026-0934 Incorrect Authorization in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 17.9 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with custom role permissions to view, create, or delete protected environment configuratio...

3.8CVSS0.00201EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.11 views

GitLab 17.9 < 18.11.6 / 19.0 < 19.0.3 / 19.1 < 19.1.1 (CVE-2026-0934)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab EE affecting all versions from 17.9 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticate...

3.8CVSS5.9AI score0.00201EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.14 views

PT-2026-52554

Name of the Vulnerable Software and Affected Versions Podman versions 1.8.1 through 5.8.4 Description A malicious container image can trick Podman into leaking host environment variables into the container. This occurs when an image contains an Env entry consisting of a key without a value...

7.5CVSS5.8AI score0.0026EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.8 views

PT-2026-52194

Name of the Vulnerable Software and Affected Versions GitLab EE versions 17.9 through 18.11.5 GitLab EE versions 19.0 through 19.0.2 GitLab EE versions 19.1 through 19.1.0 Description An incorrect authorization issue exists where an authenticated user with custom role permissions can view, create...

3.8CVSS5.8AI score0.00201EPSS
Exploits0References9
Debian CVE
Debian CVE
added 2026/06/24 4:30 p.m.6 views

CVE-2026-53113

In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix memory leaks in beacon template setup The functions ath11kmacsetupbcntmplema and ath11kmacsetupbcntmplmbssid allocate memory for beacon templates but fail to free it when parameter setup returns an error. Since...

5.7AI score0.00159EPSS
Exploits0
CVE
CVE
added 2026/06/24 1:37 p.m.79 views

CVE-2026-12537

Summary (CVE-2026-12537) : The vulnerability affects Google Gemini CLI container launcher (versions prior to 0.39.1) and the run-gemini-cli GitHub Action (versions prior to 0.1.22) on headless CI platforms. It stems from improper neutralization in an OS command, enabling an unprivileged attacker ...

10CVSS6.3AI score0.00134EPSS
Exploits0References1Affected Software2
OSV
OSV
added 2026/06/24 5:17 a.m.5 views

UBUNTU-CVE-2026-9539

An out-of-bounds heap read and integer underflow in the TCP urgent data handling sosendoob in freedesktop.org libslirp version before v4.9.2 on hypervisor host environments e.g., QEMU allows a privileged guest VM attacker root or CAPNETRAW to leak gigabytes of sensitive host-process heap memory v...

6.5CVSS5.9AI score0.00106EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-51663

Name of the Vulnerable Software and Affected Versions libslirp versions prior to v4.9.2 Description An integer underflow and out-of-bounds heap read exist in the TCP urgent data handling sosendoob within hypervisor host environments, such as QEMU. A privileged guest VM attacker with root or CAP N...

6.5CVSS5.8AI score0.00106EPSS
Exploits0References11
EUVD
EUVD
added 2026/06/20 4:43 p.m.11 views

EUVD-2026-38128

Prefect version 3.6.23 is vulnerable to remote code execution due to improper handling of user-controlled input in the GitRepository storage class. The commitsha parameter, which is passed to git commands, lacks validation and does not include a -- separator to distinguish user input from git...

9.9CVSS8.2AI score0.00874EPSS
Exploits3References1
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.110 views

Juniper J-Web - Remote Code Execution

A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to control certain environments variables to execute remote commands id: CVE-2023-36845 info: name: Juniper J-Web - Remote Code...

9.8CVSS7.9AI score0.93546EPSS
Exploits27References5
RedhatCVE
RedhatCVE
added 2026/06/16 6:39 a.m.6 views

CVE-2026-47137

A flaw was found in vm2, an open-source virtual machine VM sandbox for Node.js. A remote attacker could bypass a security check designed to prevent the combination of nested environments and disabled module loading. This bypass occurs because a strict equality check for the require option can be...

10CVSS5.8AI score0.00382EPSS
Exploits0References8
Imperva Blog
Imperva Blog
added 2026/06/15 8:58 a.m.27 views

Best WAAP Solutions for Enterprise Application Security: How to Choose the Right Platform in 2026

Key Takeaways The major enterprise WAAP solutions evaluated in this guide are Akamai, Cloudflare, F5, Fastly, Fortinet, Imperva, and Radware. In the most recent independent benchmarks, Akamai, Cloudflare, and Imperva were named Leaders in the Forrester Wave: Web Application Firewall Solutions, Q1...

5.8AI score
Exploits0
Debian CVE
Debian CVE
added 2026/06/12 5:31 p.m.10 views

CVE-2026-44169

MariaDB server is a community developed fork of MySQL server. From versions 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, a user getting EXECUTE access to a stored routine via a role, could see the routine definition even without SHOW CREATE ROUTINE privilege. This issue has been...

4.3CVSS5.2AI score0.00161EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/12 3:1 p.m.26 views

CVE-2026-50088 Aqara Developer Portal cross-origin resource sharing

The Aqara Developer Portal developer.aqara.com and shared test environments developer-test.aqara.com, aiot-test.aqara.com exhibit cross-origin request sharing, which is an instance of "CWE-942: Permissive Cross-domain Policy with Untrusted Domains," and has an estimated CVSS of...

8.2CVSS0.00182EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/12 3:1 p.m.11 views

CVE-2026-50088 Aqara Developer Portal cross-origin resource sharing

The Aqara Developer Portal developer.aqara.com and shared test environments developer-test.aqara.com, aiot-test.aqara.com exhibit cross-origin request sharing, which is an instance of "CWE-942: Permissive Cross-domain Policy with Untrusted Domains," and has an estimated CVSS of...

8.2CVSS5.2AI score0.00182EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/06/12 3:47 a.m.69 views

ethical-hacking-security-labs

Ethical Hacking & Network Security Lab Portfolio A hands-on...

10CVSS8AI score0.96184EPSS
Exploits32
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.14 views

PT-2026-48912

The Aqara Developer Portal developer.aqara.com and shared test environments developer-test.aqara.com, aiot-test.aqara.com exhibit cross-origin request sharing, which is an instance of "CWE-942: Permissive Cross-domain Policy with Untrusted Domains," and has an estimated CVSS of...

8.2CVSS5.2AI score0.00182EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/06/11 5:13 p.m.15 views

CVE-2026-49261

MariaDB server is a community developed fork of MySQL server. Versions 10.6.1 through 10.6.26, 10.11.1 through 10.11.17, 11.4.1 through 11.4.11, 11.8.1 through 11.8.7, and 12.3.1 with wsrepnotifycmd enabled would execute shell commands embedded in the name of the joiner node. This is fixed in...

10CVSS5.6AI score0.00998EPSS
Exploits0
Rows per page
Query Builder