Lucene search
K

13522 matches found

RedhatCVE
RedhatCVE
added 2026/06/15 8:36 a.m.11 views

CVE-2026-47244

A flaw was found in Netty, a network application framework. A remote attacker can exploit this vulnerability by sending a large number of HTTP/2 stream requests to a Netty HTTP/2 server. If the server does not explicitly limit concurrent streams, it can lead to the allocation of numerous long-liv...

5.3CVSS5.3AI score0.00292EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/15 8:35 a.m.9 views

CVE-2026-50011

A flaw was found in Netty, a network application framework. The RedisArrayAggregator component pre-allocates memory based on the declared element count in a Redis array header. A remote attacker can exploit this by sending a small, malicious Redis array header that claims a huge initial capacity,...

7.5CVSS5.3AI score0.00371EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/15 8:35 a.m.8 views

CVE-2026-45832

A flaw was found in ChromaDB. All V1 collection-level endpoints in the Python project pass null values for tenant and database to the authorization layer. This allows a remote attacker to bypass authorization controls by utilizing these V1 endpoints. The primary consequence is unauthorized access...

8.8CVSS5.3AI score0.00284EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.17 views

PT-2026-49231

Name of the Vulnerable Software and Affected Versions Cornerstone versions prior to 7.8.8 Description A flaw allows a user with subscriber privileges to achieve arbitrary code execution, which is the ability to run unauthorized commands or code on the host system. Recommendations Update to versio...

8.5CVSS5.6AI score0.00371EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.19 views

PT-2026-49232

Name of the Vulnerable Software and Affected Versions GPTranslate – Multilingual AI Translation for WordPress versions prior to 2.32.7 Description An unauthenticated SQL Injection exists in the GPTranslate plugin for WordPress. This allows an attacker to execute arbitrary SQL queries on the...

9.3CVSS6.1AI score0.00289EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.17 views

PT-2026-49187

Name of the Vulnerable Software and Affected Versions OttoKit versions prior to 1.1.28 Description Unauthenticated PHP Object Injection occurs in the software. PHP Object Injection is a vulnerability that allows an attacker to pass malicious serialized objects into the application, which can lead...

9.8CVSS6AI score0.00383EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.10 views

PT-2026-49380

Contributor PHP Object Injection in Anti-Malware Security and Brute-Force Firewall = 4.23.87 versions...

8.8CVSS5.3AI score0.00428EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/14 12:0 a.m.11 views

PT-2026-49117

Name of the Vulnerable Software and Affected Versions Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms versions prior to 1.1.2 Description An unauthenticated PHP Object Injection issue exists in the software. PHP Object Injection occurs when user-supplied input i...

9.8CVSS5.8AI score0.00476EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/06/14 12:0 a.m.11 views

PT-2026-49116

Name of the Vulnerable Software and Affected Versions Shared Files versions prior to 1.7.65 Description An unauthenticated path traversal issue exists, allowing an attacker to access files and directories outside the intended folder on the server. Recommendations Update to a version newer than...

7.5CVSS5.2AI score0.00326EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/14 12:0 a.m.10 views

PT-2026-49107

Name of the Vulnerable Software and Affected Versions WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms versions prior to 1.1.5 Description An unauthenticated PHP Object Injection issue exists in the plugin. PHP Object Injection occurs when user-supplied input is...

9.8CVSS5.8AI score0.00476EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/14 12:0 a.m.14 views

PT-2026-49143

Name of the Vulnerable Software and Affected Versions WP Go Maps versions prior to 10.0.10 Description The plugin fails to properly enforce the marker approval filter on the admin-ajax fallback for its datatables route. This allows unauthenticated visitors to retrieve marker records that the site...

5.2AI score0.00192EPSS
Exploits0References3
OSV
OSV
added 2026/06/11 12:42 p.m.7 views

MAL-2026-5643 Malicious code in parket-slot (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6dc700128da5b494d5325086ec183ce7c746d44d88dc7f609bfb9f2eab9fa072 On npm install, the package's postinstall script node test.js auto-executes a multi-stage attack against the installer's machine. It recursively scan...

5.6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 12:42 p.m.14 views

Malicious code in parket-slot (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6dc700128da5b494d5325086ec183ce7c746d44d88dc7f609bfb9f2eab9fa072 On npm install, the package's postinstall script node test.js auto-executes a multi-stage attack against the installer's machine. It recursively scan...

5.5AI score
Exploits0References2
ICS
ICS
added 2026/06/11 6:0 a.m.34 views

Naxclow IoT Platform

ADVISORY SUMMARY Successful exploitation of these vulnerabilities could allow an attacker to impersonate devices, intercept or manipulate communications, harvest sensitive credentials at scale, or gain unauthorized access. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to...

5.7AI score
Exploits0References13
EUVD
EUVD
added 2026/06/11 12:32 a.m.15 views

EUVD-2026-36148

A privilege escalation vulnerability in Palo Alto Networks PAN-OS® software allows an authenticated administrator with access to the Command Line Interface CLI to perform actions on the device with root privileges. The security risk posed by this issue is significantly minimized when CLI access i...

8.5CVSS5.5AI score0.00242EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/11 12:32 a.m.12 views

EUVD-2026-36149

A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be able to exploit this issue, the user must have access to the PAN-OS CLI or Web UI. The security risk posed...

8.6CVSS5.7AI score0.01193EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/10 9:1 p.m.39 views

CVE-2026-0273 PAN-OS: Authenticated Admin Command Injection Vulnerability via CLI or Web UI

A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be able to exploit this issue, the user must have access to the PAN-OS CLI or Web UI. The security risk posed...

8.6CVSS5.7AI score0.01193EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/10 9:1 p.m.11 views

CVE-2026-0272 PAN-OS: Privilege Escalation (PE) Vulnerability in the Command Line Interface (CLI)

A privilege escalation vulnerability in Palo Alto Networks PAN-OS® software allows an authenticated administrator with access to the Command Line Interface CLI to perform actions on the device with root privileges. The security risk posed by this issue is significantly minimized when CLI access i...

8.5CVSS5.5AI score0.00242EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/10 8:54 p.m.7 views

CVE-2026-0269 PAN-OS: Denial of Service (DoS) in Tunnel Traffic Processing

A memory corruption vulnerability in the processing of tunnel traffic in Palo Alto Networks PAN-OS® software allows an authenticated user to initiate system reboots using a maliciously crafted packet. Repeated attempts to initiate a reboot causes the firewall to enter maintenance mode. Panorama,...

6.9CVSS5.5AI score0.00192EPSS
Exploits0References1
CVE
CVE
added 2026/06/10 8:54 p.m.33 views

CVE-2026-0269

CVE-2026-0269 describes a memory corruption vulnerability in the tunnel traffic processing path of Palo Alto Networks PAN-OS software. An authenticated user can trigger system reboots by sending a maliciously crafted packet, and repeated attempts may cause the firewall to enter maintenance mode. ...

6.9CVSS5.5AI score0.00192EPSS
Exploits0References1
Rows per page
Query Builder