Lucene search
K

1080 matches found

NVD
NVD
added 5 days ago6 views

CVE-2026-55212

Pimcore is an Open Source Data & Experience Management Platform. Prior to 2025.4.6 and 2026.1.6, the Studio API class definition creation endpoint POST /pimcore-studio/api/class/definition/configuration-view/detail/create is guarded by the objects permission instead of the classes permission,...

7.1CVSS0.00199EPSS
Exploits0References5
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-432 OpenStack Nova logs sensitive context from notification exceptions

An issue was discovered in exceptionwrapper.py in OpenStack Nova 13.x through 13.1.3, 14.x through 14.0.4, and 15.x through 15.0.1. Legacy notification exception contexts appearing in ERROR level logs may include sensitive information such as account passwords and authorization tokens...

9.8CVSS5.8AI score0.02283EPSS
Exploits0References12
RedhatCVE
RedhatCVE
added 2026/06/29 4:49 a.m.10 views

CVE-2026-54269

A flaw was found in protobufjs, a JavaScript JS library for compiling protobuf definitions. A remote attacker could exploit this vulnerability by providing specially crafted protobuf definitions or message types that contain names colliding with internal protobufjs runtime helpers. This could lea...

5.3CVSS5.8AI score0.00238EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.9 views

Automated Logic WebCTRL Improper Validation of Array Index (CVE-2025-0657)

CWE-129 Improper Validation of Array Index vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products. Software uses an array index that has not been properly validated to ensure it falls within valid array bounds. This can result in out-of-bounds access,...

8.8CVSS5.7AI score0.00291EPSS
Exploits0References2
OSV
OSV
added 2026/06/18 9:37 a.m.2 views

SUSE-SU-2026:22158-1 Security update for python-ecdsa

This update for python-ecdsa fixes the following issue: - CVE-2026-33936: issue in the low-level DER parsing functions can cause unexpected exceptions to be raised from the public API functions bsc1261009...

5.3CVSS5.8AI score0.00476EPSS
Exploits1References3
OSV
OSV
added 2026/06/18 9:36 a.m.2 views

OPENSUSE-SU-2026:21078-1 Security update for python-ecdsa

This update for python-ecdsa fixes the following issue: - CVE-2026-33936: issue in the low-level DER parsing functions can cause unexpected exceptions to be raised from the public API functions bsc1261009...

5.3CVSS5.7AI score0.00476EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.16 views

EulerOS Virtualization 2.13.0 : pyOpenSSL (EulerOS-SA-2026-2414)

According to the versions of the pyOpenSSL packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 0.14.0 and prior to version 26.0.0, if a user...

6.3CVSS5.4AI score0.00241EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.19 views

PT-2026-48686

Name of the Vulnerable Software and Affected Versions joi versions prior to 17.13.4 joi versions prior to 18.2.1 Description A denial of service can occur in services that validate user-supplied JSON or object input using recursive link schemas. When the validate function is called without a...

5.3CVSS5.5AI score0.00039EPSS
Exploits0References8
OSV
OSV
added 2026/06/09 3:59 p.m.11 views

MAL-2026-5396 Malicious code in @sqlite-node/createsql (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6f6f2c4e3192b71fc68681fbb8c8216a5e581e9f2baaa13954172249a8ddf5b6 The package advertises itself as a SQLite toolkit but ships no SQLite functionality. Its main entry index.js is a single heavily obfuscated module...

6.1AI score
Exploits0References17
Hacker One
Hacker One
added 2026/06/04 1:45 a.m.32 views

Node.js: Incomplete Fix for CVE-2026-21637: OCSPRequest and resumeSession Events Crash Node.js TLS Server via Unhandled Synchronous Exceptions

Summary The March 2026 security release patched CVE-2026-21637 by wrapping SNICallback, ALPNCallback, and pskCallback invocations in try/catch blocks inside lib/internal/tls/wrap.js. That fix is present in v26.3.0. However, two other TLS callback paths in the same file were left unprotected: 1...

7.5CVSS6.1AI score0.01056EPSS
Exploits0
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.11 views

HCL iControl 安全漏洞

HCL iControl is an IT infrastructure monitoring and automation platform developed by HCL Company in India. Version 4.0.0 of HCL iControl contains a security vulnerability. This vulnerability arises from unhandled exceptions, which lead to stack trace leaks. It occurs due to accessing the properti...

4.3CVSS5.3AI score0.00157EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/03 12:0 a.m.14 views

pyOpenSSL 0.14.x < 26.0.0 Security Bypass

The version of pyOpenSSL installed on the remote host is prior to 26.0.0. It is, therefore, affected by a security bypass vulnerability: - pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 0.14.0 and prior to version 26.0.0, if a user provided callback to...

6.3CVSS5.5AI score0.00241EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.11 views

Suprema BioStar 安全漏洞

Suprema BioStar is a web-based, open-integrated security platform developed by the South Korean company Suprema. It offers comprehensive features for access control, attendance management, visitor management, and video log maintenance. Versions 2.9.8, 2.9.10, and 2.9.11 of Suprema BioStar contain...

8.7CVSS5.8AI score0.00351EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: dm snapshot: fixed the lockup issue in dmexceptiontableexit. A lockup was reported when exiting a snapshot with many exceptions. This issue has been fixed by adding “condresched” to the loop that frees the exceptions...

5.5CVSS5.8AI score0.0018EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/12 7:44 a.m.17 views

Malicious code in 66o (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c3ba0e9f968d627812a2a4efbb8631d3400b6c19692c7668c8e511e2808aaa62 On require, index.js replaces the global console object with a Proxy index.js:36-73 that intercepts console.error/info/warn calls anywhere in the hos...

5.8AI score
Exploits0References6
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

Modsecurity 数字错误漏洞

Modsecurity is an open-source web traffic security processing library developed by OWASP ModSecurity. Versions of Modsecurity from 3.0.0 to 3.0.15 contained a numerical error vulnerability. This vulnerability stemmed from an unsigned integer underflow, which led to unhandled exceptions and could...

8.2CVSS5.8AI score0.00396EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

multiparty 安全漏洞

multiparty is a Node.js module developed by pillarjs for parsing HTTP multipart/form-data requests. Versions of multiparty 4.2.3 and earlier contain security vulnerabilities; these vulnerabilities stem from unhandled exceptions, which may lead to denial-of-service attacks...

7.5CVSS5.8AI score0.00473EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.12 views

multiparty 安全漏洞

multiparty is a Node.js module developed by pillarjs for parsing HTTP multipart/form-data requests. Versions of multiparty 4.2.3 and earlier contain security vulnerabilities; these vulnerabilities stem from unhandled exceptions, which may lead to denial-of-service attacks...

7.5CVSS5.8AI score0.00279EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/11 4:36 p.m.6 views

CVE-2026-44226

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, pyload-ng WebUI returns full Python traceback details to clients on unhandled exceptions. Because /web/ is reachable without authentication and renders attacker-controlled template names, an...

5.3CVSS5.8AI score0.00336EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/05 10:20 p.m.9 views

ciguard: Web UI is missing HTTP defence-in-depth headers

Summary ciguard's FastAPI Web UI src/ciguard/web/app.py does not set HTTP defence-in-depth headers. OWASP ZAP baseline scan flagged 11 alerts: missing Content-Security-Policy Medium, X-Frame-Options Medium, Sub-Resource-Integrity on /api/docs Medium, COOP / COEP / CORP Low, Permissions-Policy Low...

5.8AI score
Exploits0References4Affected Software1
Rows per page
Query Builder