Lucene search
K

63 matches found

RedHat Linux
RedHat Linux
added 2026/06/22 3:51 p.m.7 views

Important: Red Hat Security Advisory: OpenShift Virtualization v4.17 Images

Red Hat OpenShift Virtualization release v4.17 is now available with updates to packages and images that fix several bugs and add enhancements. OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift...

7.7CVSS5.8AI score0.00515EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/21 1:27 p.m.8 views

EUVD-2026-38179

Craft CMS versions = 5.0.0-RC1, = 4.0.0-RC1, = 4.17.7 contain an authorization bypass in the assets/preview-file endpoint. The action does not enforce per-asset view authorization before returning preview content, allowing an authenticated low-privileged user to supply a controlled assetId for an...

5.3CVSS5.9AI score0.00221EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/08 12:54 p.m.9 views

Important: Red Hat Security Advisory: RHTAS 1.3.5 - Red Hat Trusted Artifact Signer Release

The 1.3.5 release of Red Hat Trusted Artifact Signer OpenShift Operator. For more details please visit the product documentation at https://access.redhat.com/documentation/en-us/redhattrustedartifactsigner/1.3 The RHTAS Operator can be used with OpenShift Container Platform 4.16, 4.17, 4.18, 4.19...

7.5CVSS6.8AI score0.00651EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/08 12:54 p.m.8 views

Important: Red Hat Security Advisory: RHTAS 1.3.5 - Red Hat Trusted Artifact Signer Release

The 1.3.5 release of Red Hat Trusted Artifact Signer OpenShift Operator. For more details please visit the product documentation at https://access.redhat.com/documentation/en-us/redhattrustedartifactsigner/1.3 The RHTAS Operator can be used with OpenShift Container Platform 4.16, 4.17, 4.18, 4.19...

8.9CVSS6.4AI score0.0068EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/28 9:34 p.m.11 views

EUVD-2026-33073

Better Auth is an authentication and authorization library for TypeScript. Prior to 1.4.17 and 1.5.0-beta.9, Better Auth's HTTP rate limiter keyed each request by the exact textual IP address it received in x-forwarded-for or the configured IP-bearing header. IPv6 clients controlling a typical /6...

7.3CVSS5.8AI score0.00295EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/27 7:26 p.m.8 views

CVE-2026-44724

systeminformation is a System and OS information library for node.js. From 4.17.0 to 5.31.5, on Linux, systeminformation is vulnerable to command injection in networkInterfaces when an active NetworkManager connection profile name contains shell metacharacters. The vulnerable value is obtained...

7.8CVSS5.8AI score0.0062EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2026/05/26 9:41 a.m.10 views

Important: Red Hat Security Advisory: OpenShift Virtualization v4.17 Images

Red Hat OpenShift Virtualization release v4.17 is now available with updates to packages and images that fix several bugs and add enhancements. OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift...

9.9CVSS5.8AI score0.00596EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/05/20 1:28 p.m.21 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.17.54 bug fix and security update

Red Hat OpenShift Container Platform release 4.17.54 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.17. Red Hat Product Security has rated this update as having a...

9.8CVSS7.4AI score0.0218EPSS
Exploits2References12
RedHat Linux
RedHat Linux
added 2026/05/14 11:50 a.m.15 views

Important: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.17.24 security, enhancement & bug fix update

Red Hat OpenShift Data Foundation 4.17.24 security, enhancement & bug fix update Red Hat OpenShift Data Foundation 4.17.24 security, enhancement & bug fix update FIXED BUGS: ========== DFBUGS-6194: Backport to odf-4.17.24 ocs-operator should not use image gcr.io/kubebuilder/kube-rbac-proxy...

9.8CVSS5.8AI score0.01735EPSS
Exploits3References6
EUVD
EUVD
added 2026/04/29 7:24 p.m.8 views

EUVD-2018-21825

Free Download Manager 2.0 Built 417 contains a local buffer overflow vulnerability in the URL import functionality that allows attackers to trigger a structured exception handler SEH chain exploitation. Attackers can craft a malicious URL file that, when imported through the File Import Import...

8.6CVSS6AI score0.00153EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/04/23 12:17 p.m.10 views

Important: Red Hat Security Advisory: RHTAS 1.3.4 - Red Hat Trusted Artifact Signer Release

The 1.3.4 release of Red Hat Trusted Artifact Signer OpenShift Operator. For more details please visit the product documentation at https://access.redhat.com/documentation/en-us/redhattrustedartifactsigner/1.3 The RHTAS Operator can be used with OpenShift Container Platform 4.16, 4.17, 4.18, 4.19...

9.8CVSS7.1AI score0.01735EPSS
Exploits1References6
OSV
OSV
added 2026/04/21 3:21 p.m.5 views

GHSA-XQ8M-7C5P-C2R6 Auth0 Next.js SDK has Improper Proxy Cache Lookup

Description In affected versions of the Next.js SDK, simultaneous requests that trigger a nonce retry may cause the proxy cache fetcher to perform improper lookups for the token request results. Which Projects are Affected? Users are affected if they meet all of the following preconditions: -...

5.4CVSS5.8AI score0.00214EPSS
Exploits0References5
CBLMariner
CBLMariner
added 2026/04/21 1:37 a.m.5 views

CVE-2026-27447 affecting package cups for versions less than 2.4.17-1

CVE-2026-27447 affecting package cups for versions less than 2.4.17-1. An upgraded version of the package is available that resolves this issue...

6.3CVSS5.7AI score0.00317EPSS
Exploits1
OSV
OSV
added 2026/04/09 8:27 a.m.5 views

SUSE-RU-2026:1228-1 Recommended update for shadow

This update for shadow fixes the following issues: shadow is updated to 4.17.2 to bring lots of features and bug fixes. - util-linux-2.41 introduced new variable: LOGINENVSAFELIST. Recognize it and update dependencies. - Set SYSUID,GIDMIN to 201: After repeated similar requests to change the ID...

5.5CVSS6.8AI score0.00308EPSS
Exploits0References17
NVD
NVD
added 2026/03/24 6:16 p.m.3 views

CVE-2026-33160

Craft CMS is a content management system CMS. From version 4.0.0-RC1 to before version 4.17.8 and from version 5.0.0-RC1 to before version 5.9.14, an unauthenticated user can call assets/generate-transform with a private assetId, receive a valid transform URL, and fetch transformed image bytes. T...

6.9CVSS0.00355EPSS
Exploits0References4
OSV
OSV
added 2026/03/24 5:28 p.m.5 views

CVE-2026-33159 Craft CMS: Unauthenticated users could execute project configuration sync operations that should be restricted trusted users

Craft CMS is a content management system CMS. From version 4.0.0-RC1 to before version 4.17.8 and from version 5.0.0-RC1 to before version 5.9.14, guest users can access Config Sync updater index, obtain signed data, and execute state-changing Config Sync actions regenerate-yaml, apply-yaml-chang...

6.9CVSS5.8AI score0.00308EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/03/24 5:26 p.m.2 views

CVE-2026-33158

Craft CMS is a content management system CMS. From version 4.0.0-RC1 to before version 4.17.8 and from version 5.0.0-RC1 to before version 5.9.14, a low-privileged authenticated user can read private asset content by calling assets/edit-image with an arbitrary assetId that they are not authorized...

7.1CVSS5.8AI score0.00353EPSS
Exploits0References5Affected Software1
Snyk
Snyk
added 2026/03/24 4:53 p.m.3 views

Authorization Bypass Through User-Controlled Key

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the assets/edit-image endpoint when processing the assetId parameter. An attacker can access unauthorized private asset contents by supplyi...

7.1CVSS5.9AI score0.00353EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.7 views

PT-2026-24927

A weakness has been identified in CodeGenieApp serverless-express up to 4.17.1. This affects an unknown part of the file utils/dynamodb.ts of the component Users Endpoint. This manipulation of the argument filter causes injection. The attack may be initiated remotely. The exploit has been made...

6.5CVSS5.5AI score0.00232EPSS
Exploits0References5
NVD
NVD
added 2026/03/11 6:16 p.m.4 views

CVE-2026-31857

Craft is a content management system CMS. Prior to 5.9.9 and 4.17.4, a Remote Code Execution vulnerability exists in the Craft CMS 5 conditions system. The BaseElementSelectConditionRule::getElementIds method passes user-controlled string input through renderObjectTemplate -- an unsandboxed Twig...

9.3CVSS0.00665EPSS
Exploits0References2
Rows per page
Query Builder