Lucene search
K

76 matches found

OSV
OSV
added 2026/06/24 10:8 a.m.9 views

RHSA-2026:28740 Red Hat Security Advisory: kpatch-patch-5_14_0-570_116_1, kpatch-patch-5_14_0-570_17_1, kpatch-patch-5_14_0-570_39_1, kpatch-patch-5_14_0-570_66_1, and kpatch-patch-5_14_0-570_94_1 security update

Bulletin has no description...

8.8CVSS5.7AI score0.00563EPSS
Exploits0References8
OSV
OSV
added 2026/06/24 10:8 a.m.7 views

RHSA-2026:28738 Red Hat Security Advisory: kpatch-patch-5_14_0-427_100_1, kpatch-patch-5_14_0-427_113_1, kpatch-patch-5_14_0-427_126_1, kpatch-patch-5_14_0-427_68_2, and kpatch-patch-5_14_0-427_84_1 security update

Bulletin has no description...

8.8CVSS5.8AI score0.00563EPSS
Exploits0References8
Debian CVE
Debian CVE
added 2026/06/23 9:0 p.m.4 views

CVE-2026-50193

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.13.0 until 2.14.0, a potential Denial-of-Service exists when attacker sends deeply nested JSON if and only if the service reads deeply nested 1000s of levels JSON as JsonNode...

7.5CVSS5.8AI score0.00616EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.12 views

PT-2026-51594

Name of the Vulnerable Software and Affected Versions jackson-databind versions 2.13.0 through 2.13.x Description A potential Denial-of-Service exists when a service reads deeply nested JSON thousands of levels as a JsonNode using the readTree function of ObjectMapper and subsequently writes that...

7.5CVSS5.9AI score0.00616EPSS
Exploits1References12
Cvelist
Cvelist
added 2026/06/15 11:44 a.m.33 views

CVE-2026-5482 Remote Code Execution via Unrestricted File Upload in Responsive FileManager

Responsive FileManager's allows an unauthenticated attacker to upload files of any type and extension without restriction using dialog.php endpoint, leading to Remote Code Execution. This project is unmaintained at the time of CVE assignment. The vulnerability was found in the latest release 9.14...

9.3CVSS0.00445EPSS
Exploits0References2
CVE
CVE
added 2026/06/15 11:44 a.m.33 views

CVE-2026-5482

Responsive FileManager (unmaintained at CVE assignment) contains an unauthenticated unrestricted file upload flaw via the dialog.php endpoint in the latest release 9.14.0, enabling Remote Code Execution. Affected component: file upload handling/dialog.php. Impact reported as Remote Code Execution...

9.3CVSS5.5AI score0.00445EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.13 views

PT-2026-49203

Responsive FileManager's allows an unauthenticated attacker to upload files of any type and extension without restriction using dialog.php endpoint, leading to Remote Code Execution. This project is unmaintained at the time of CVE assignment. The vulnerability was found in the latest release 9.14...

9.3CVSS5.4AI score0.00445EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/10 11:12 p.m.11 views

Uncontrolled Recursion

Overview Magick.NET-Q16-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

6.8CVSS5.3AI score0.00107EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/10 11:12 p.m.5 views

Out-of-bounds Write

Overview Magick.NET-Q8-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package ar...

6.8CVSS5.5AI score0.00103EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.10 views

CVE-2026-41149

A flaw was found in Mermaid, a JavaScript tool for creating diagrams and charts. A remote attacker could exploit this vulnerability by injecting malicious HTML through the classDef directive in Mermaid state diagrams. This allows for Document Object Model DOM injection, which escapes the Scalable...

5.4CVSS5.4AI score0.00401EPSS
Exploits0References6
NVD
NVD
added 2026/05/28 2:16 p.m.15 views

CVE-2026-37266

An issue in Responsive File Manager Responsive FileManager Version 9.14.0 allows a remote attacker to execute arbitrary code via the forcedownload.php component...

8CVSS0.00334EPSS
Exploits0References2
OSV
OSV
added 2026/05/21 8:7 a.m.18 views

CLEANSTART-2026-PL75416 Security fixes for CVE-2026-33811, CVE-2026-33814, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499 applied in versions: 4.14.0-r0

Multiple security vulnerabilities affect the metacontroller package. These issues are resolved in later releases. See references for individual vulnerability details...

7.5CVSS5.8AI score0.00813EPSS
Exploits0References17
OSV
OSV
added 2026/05/11 2:42 p.m.3 views

GHSA-Q8W6-W55C-CCV5 Keylime has a hardcoded attestation challenge nonce that allows replay attacks

CVE-2026-6420: Hardcoded attestation challenge nonce allows replay attacks Impact The CertificationParameters.generatechallenge method in the push attestation protocol uses a hardcoded challenge nonce instead of generating a cryptographically random value. This removes the nonce-based replay...

6.3CVSS5.8AI score0.00121EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/07 6:52 p.m.15 views

CVE-2026-39351 Frappe allows unrestricted Doctype access via API exploit

Frappe is a full-stack web application framework. Prior to 16.14.0 and 15.104.0, Frappe allows unrestricted Doctype access via API exploit...

6.9CVSS0.00258EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.8 views

PT-2026-30922

Frappe is a full-stack web application framework. Prior to 16.14.0 and 15.104.0, Frappe has a SQL injection in bulk update. This vulnerability is fixed in 16.14.0 and 15.104.0...

9.3CVSS5.9AI score0.0026EPSS
Exploits0References2
Circl
Circl
added 2026/03/31 1:17 p.m.4 views

CVE-2024-14030

creationtimestamp| type| source ---|---|--- 2026-03-31 13:17:39+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mieb7dtnjm2t 2026-03-31 17:46:53+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mieqarh5eb2a...

8.1CVSS7.7AI score0.00355EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2026/03/06 12:0 a.m.205 views

📄 OpenStack Remote Code Execution

A remote code execution vulnerability exists in the query parser of OpenStack Vitrage prior to versions 12.0.1, 13.0.0, 14.0.0, and 15.0.0.The issue resides in the createqueryfunction method...

9.1CVSS6.3AI score0.00763EPSS
Exploits2
Positive Technologies
Positive Technologies
added 2026/01/20 12:0 a.m.10 views

PT-2026-3637

Abacre Retail Point of Sale 14.0.0.396 is vulnerable to content-based blind SQL injection. The vulnerability exists in the Search function of the Orders page...

5.7AI score0.00183EPSS
Exploits2References3
CVE
CVE
added 2026/01/08 2:32 p.m.19 views

CVE-2026-22032

Directus before v11.14.0 has an open redirect in the SAML authentication callback endpoint. The RelayState used to preserve the original destination is not validated for the callback, enabling an attacker to redirect users to an arbitrary external URL after login completion. The issue affects bot...

6.1CVSS7.2AI score0.00196EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/24 12:0 a.m.13 views

PT-2025-53039

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.14.0 78...

7.8CVSS6.6AI score0.00465EPSS
Exploits2References894
Rows per page
Query Builder