Lucene search
K

258 matches found

EUVD
EUVD
โ€ขadded 3 days agoโ€ข8 views

EUVD-2026-41545

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an use of externally-controlled format string vulnerability. A high privileg...

5.5CVSS6AI score0.00238EPSS
Exploits0References1
EUVD
EUVD
โ€ขadded 2026/06/24 1:20 p.m.โ€ข9 views

EUVD-2026-38772

Missing permission checks in Jenkins Gitee Plugin 1288.v18bdebc9069b and earlier allow attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method...

5.4CVSS5.8AI score0.00145EPSS
Exploits0References1
Cvelist
Cvelist
โ€ขadded 2026/06/12 6:24 p.m.โ€ข34 views

CVE-2026-50099 Naxclow IoT Platform Insertion of sensitive information into Externally-Accessible file or directory

During WiFi association, Naxclow device firmware prints the host networkโ€™s SSID, PSK, and negotiated WPA keys in cleartext to an exposed UART console on production hardware. The UART pads are labeled, run with default serial settings, and drop to an interactive RT-Thread shell that permits...

5.1CVSS0.00171EPSS
Exploits0References2
OSV
OSV
โ€ขadded 2026/06/11 12:2 p.m.โ€ข7 views

MAL-2026-5649 Malicious code in bibip-bip (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c2b153c90d83d4653660dd79a5a0935af85bd804fd98163c42995403bca240a6 pyproject.toml declares a PEP 517 build requirement that points to an arbitrary tarball hosted on webhook.site, an anonymous request-inspection /...

6.3AI score
Exploits0References2
Positive Technologies
Positive Technologies
โ€ขadded 2026/06/09 12:0 a.m.โ€ข21 views

PT-2026-48313

Name of the Vulnerable Software and Affected Versions Spring Data Relational/JDBC/R2DBC versions 4.0.0 through 4.0.5 Spring Data Relational/JDBC/R2DBC versions 3.5.0 through 3.5.11 Spring Data Relational/JDBC/R2DBC versions 3.4.0 through 3.4.14 Spring Data Relational/JDBC/R2DBC versions 3.3.0...

4.8CVSS5.8AI score0.00227EPSS
Exploits0References3
Snyk
Snyk
โ€ขadded 2026/06/02 12:25 p.m.โ€ข9 views

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

Overview org.apache.calcite:calcite-core is a Core Calcite APIs and engine. Affected versions of this package are vulnerable to Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' via user-controled models. An attacker can achieve arbitrary code execution by supplying...

6.9CVSS6.2AI score0.00436EPSS
Exploits0References2
NVD
NVD
โ€ขadded 2026/06/02 10:16 a.m.โ€ข12 views

CVE-2026-46718

Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' vulnerability in Apache Calcite. This issue affects Apache Calcite: from 1.5.0 before 1.42. Users are recommended to upgrade to version 1.42, which fixes the issue...

6.5CVSS0.00436EPSS
Exploits0References2
Snyk
Snyk
โ€ขadded 2026/05/21 1:56 p.m.โ€ข11 views

Externally Controlled Reference to a Resource in Another Sphere

Overview Affected versions of this package are vulnerable to Externally Controlled Reference to a Resource in Another Sphere via the Build resource creation. An attacker can gain unauthorized control over pod generation in arbitrary Kubernetes namespaces, including the operator namespace, by...

8.6CVSS5.9AI score0.00325EPSS
Exploits0References2
Snyk
Snyk
โ€ขadded 2026/05/14 3:23 p.m.โ€ข9 views

Use of Externally-Controlled Format String

Overview Affected versions of this package are vulnerable to Use of Externally-Controlled Format String in the timeofday function when processing crafted timezone zones. An attacker can access portions of server memory by supplying specially crafted input to the timeofday function. Remediation...

5.3CVSS5.8AI score0.00208EPSS
Exploits0References2
Debian CVE
Debian CVE
โ€ขadded 2026/05/14 1:0 p.m.โ€ข9 views

CVE-2026-6474

Externally-controlled format string in PostgreSQL timeofday function allows an attacker to retrieve portions of server memory, via crafted timezone zones. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected...

4.3CVSS5.8AI score0.00208EPSS
Exploits0
EUVD
EUVD
โ€ขadded 2026/05/11 9:30 a.m.โ€ข9 views

EUVD-2026-29037

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present The DATA-packet handler in rxrpcinputcallevent and the RESPONSE handler in rxrpcverifyresponse copy the skb to a linear one before calling into the security o...

7.8CVSS5.8AI score0.92766EPSS
Exploits20References4
NVD
NVD
โ€ขadded 2026/05/11 8:16 a.m.โ€ข40 views

CVE-2026-43500

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present The DATA-packet handler in rxrpcinputcallevent and the RESPONSE handler in rxrpcverifyresponse copy the skb to a linear one before calling into the security o...

7.8CVSS0.92766EPSS
Exploits20References9
ATTACKERKB
ATTACKERKB
โ€ขadded 2026/05/11 6:26 a.m.โ€ข5 views

CVE-2026-43500

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present The DATA-packet handler in rxrpcinputcallevent and the RESPONSE handler in rxrpcverifyresponse copy the skb to a linear one before calling into the security o...

7.8CVSS5.8AI score0.92766EPSS
Exploits20References6Affected Software1
CVE
CVE
โ€ขadded 2026/05/11 6:26 a.m.โ€ข170 views

CVE-2026-43500

Summary: CVE-2026-43500 affects the Linux kernel RXRPC path for DATA/RESPONSE packets. The issue occurs when skb fragments are externally owned (e.g., via splice() or frag lists) and the code path decrypts in place, binding frag pages into the AEAD/skcipher SGL. The fix extends the gate to unshar...

7.8CVSS5.8AI score0.92766EPSS
In wildExploits20References9Affected Software1
VulnCheck KEV
VulnCheck KEV
โ€ขadded 2026/05/11 12:0 a.m.โ€ข112 views

VulnCheck KEV: CVE-2026-43500

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present The DATA-packet handler in rxrpcinputcallevent and the RESPONSE handler in rxrpcverifyresponse copy the skb to a linear one before calling into the security o...

7.8CVSS5.8AI score0.92766EPSS
In wildExploits20References2
EUVD
EUVD
โ€ขadded 2026/05/08 12:31 a.m.โ€ข10 views

EUVD-2026-28452

Externally controlled reference to a resource in another sphere in Microsoft Partner Center allows an unauthorized attacker to perform spoofing over a network...

8.2CVSS5.8AI score0.00638EPSS
Exploits0References2
NVD
NVD
โ€ขadded 2026/05/07 10:16 p.m.โ€ข19 views

CVE-2026-34327

Externally controlled reference to a resource in another sphere in Microsoft Partner Center allows an unauthorized attacker to perform spoofing over a network...

8.2CVSS0.00638EPSS
Exploits0References1
Positive Technologies
Positive Technologies
โ€ขadded 2026/05/07 12:0 a.m.โ€ข9 views

PT-2026-38581

Name of the Vulnerable Software and Affected Versions Microsoft Partner Center affected versions not specified Description An externally controlled reference to a resource in another sphere allows an unauthorized attacker to perform spoofing over a network. Recommendations At the moment, there is...

8.2CVSS5.8AI score0.00638EPSS
Exploits0References6
Snyk
Snyk
โ€ขadded 2026/05/06 5:54 p.m.โ€ข11 views

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' via the condition process. An attacker can execute arbitrary commands on the server by injecting malicious...

8.6CVSS6.1AI score0.00346EPSS
Exploits0References2
PyPA
PyPA
โ€ขadded 2026/05/05 7:16 p.m.โ€ข13 views

PYSEC-2026-119

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. In versions 6.6.0 through 6.9.12, there is a privilege escalation vulnerability that can be exploited by unauthenticated attackers to query the API as any existing user, including the default admi...

9.8CVSS5.7AI score0.0048EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder