Lucene search
K

18001 matches found

OSV
OSV
added 2026/06/25 6:43 p.m.4 views

GO-2026-5247 HashiCorp Vault Vulnerable to Denial-of-Service via Unauthenticated Root Token Generation/Rekey Operations in github.com/hashicorp/vault

HashiCorp Vault Vulnerable to Denial-of-Service via Unauthenticated Root Token Generation/Rekey Operations in github.com/hashicorp/vault...

7.5CVSS5.8AI score0.00718EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/25 1:27 p.m.4 views

EUVD-2026-39394

Incorrect use of the PUF key for user key generation in EFR32xG27 results in predictable keys...

8.4CVSS5.8AI score0.00159EPSS
Exploits0References2
CVE
CVE
added 2026/06/25 1:27 p.m.20 views

CVE-2026-2815

The CVE affects Silicon Labs’ EFR32xG27 devices. Issue: Incorrect use of the PUF key for user key generation leads to predictable keys. This is tied to a CVSS 4.0 base score of 8.4 (HIGH) with adjacent access, low attack complexity, no authentication, and user interaction not required. The vulner...

8.4CVSS5.8AI score0.00159EPSS
Exploits0References2
OSV
OSV
added 2026/06/25 1:27 p.m.3 views

CVE-2026-2815 Incorrect use of the PUF key for user key generation in EFR32xG27 results in predictable keys

Incorrect use of the PUF key for user key generation in EFR32xG27 results in predictable keys...

8.4CVSS5.9AI score0.00159EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.9 views

PT-2026-52258

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the memory control group memcg where the get random u32 below function is called during memcg charge draining, which can occur in the Non-Maskable Interrupt NMI contex...

7.8CVSS6AI score0.00136EPSS
Exploits0References17
OSV
OSV
added 2026/06/24 6:36 p.m.4 views

DRUPAL-CONTRIB-2026-053

This module enables you to use OpenAI as a provider for the AI module. The module doesn't sufficiently sanitize user-supplied URLs, leading to a Server-side request forgery SSRF vulnerability. This vulnerability is mitigated by the fact that an attacker must have the access to change the host url...

3.3CVSS5.9AI score0.00161EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.11 views

Astra Linux – Vulnerability in gdk-pixbuf

A flaw was discovered in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color component counts when processing a specially crafted JPEG image. A remote attacker can exploit this flaw without user interaction, for...

7.5CVSS7.1AI score0.01069EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/06/24 2:1 p.m.5 views

CVE-2026-11878

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in OpenText Access Manager allows Cross-Site Scripting XSS. This issue affects Access Manager: from 5.1 through 5.1.2...

8.2CVSS5.8AI score0.0013EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/24 11:53 a.m.8 views

EUVD-2026-38740

Capgo before 12.128.2 contains a broken authentication vulnerability in its API key generation mechanism. API keys are exposed in frontend requests, and the backend fails to validate that keys are securely generated and bound to the authenticated user. An attacker can tamper with the API key...

9.3CVSS6AI score0.00293EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 11:53 a.m.33 views

CVE-2026-56237 Capgo - Unauthenticated API Key Generation via Client-Side Parameter Manipulation

Capgo before 12.128.2 contains a broken authentication vulnerability in its API key generation mechanism. API keys are exposed in frontend requests, and the backend fails to validate that keys are securely generated and bound to the authenticated user. An attacker can tamper with the API key...

9.3CVSS0.00293EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/24 10:45 a.m.7 views

EUVD-2026-38735

Server-Side Request Forgery SSRF CWE-918 in the PDF generation endpoint GET /api/reports/id/pdf backend/main.py in ccyl13 Pentestify 1.0.0 and lower allows remote attackers to make the server issue requests to arbitrary internal or external URLs, including cloud metadata services, and return the...

6.9CVSS6.1AI score0.00292EPSS
Exploits0References1
OSV
OSV
added 2026/06/24 10:45 a.m.2 views

CVE-2026-13150 SSRF in Pentestify PDF generation endpoint via Host header

Server-Side Request Forgery SSRF CWE-918 in the PDF generation endpoint GET /api/reports/id/pdf backend/main.py in ccyl13 Pentestify 1.0.0 and lower allows remote attackers to make the server issue requests to arbitrary internal or external URLs, including cloud metadata services, and return the...

6.9CVSS6.1AI score0.00292EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/24 10:45 a.m.6 views

CVE-2026-13150

Server-Side Request Forgery SSRF CWE-918 in the PDF generation endpoint GET /api/reports/id/pdf backend/main.py in ccyl13 Pentestify 1.0.0 and lower allows remote attackers to make the server issue requests to arbitrary internal or external URLs, including cloud metadata services, and return the...

6.9CVSS6.1AI score0.00292EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 10:45 a.m.36 views

CVE-2026-13150 SSRF in Pentestify PDF generation endpoint via Host header

Server-Side Request Forgery SSRF CWE-918 in the PDF generation endpoint GET /api/reports/id/pdf backend/main.py in ccyl13 Pentestify 1.0.0 and lower allows remote attackers to make the server issue requests to arbitrary internal or external URLs, including cloud metadata services, and return the...

6.9CVSS0.00292EPSS
Exploits0References1
NVD
NVD
added 2026/06/24 8:16 a.m.8 views

CVE-2026-52936

In the Linux kernel, the following vulnerability has been resolved: crypto: jitterentropy - replace long-held spinlock with mutex jentkcapirandom serializes the shared jitterentropy state, but it currently holds a spinlock across the jentreadentropy call. That path performs expensive jitter...

5.5CVSS0.00114EPSS
Exploits0References5
OSV
OSV
added 2026/06/24 8:16 a.m.3 views

UBUNTU-CVE-2026-52936

In the Linux kernel, the following vulnerability has been resolved: crypto: jitterentropy - replace long-held spinlock with mutex jentkcapirandom serializes the shared jitterentropy state, but it currently holds a spinlock across the jentreadentropy call. That path performs expensive jitter...

5.5CVSS5.6AI score0.00114EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/06/24 7:14 a.m.8 views

CVE-2026-52936

In the Linux kernel, the following vulnerability has been resolved: crypto: jitterentropy - replace long-held spinlock with mutex jentkcapirandom serializes the shared jitterentropy state, but it currently holds a spinlock across the jentreadentropy call. That path performs expensive jitter...

5.7AI score0.00114EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/06/24 7:14 a.m.4 views

CVE-2026-52936 crypto: jitterentropy - replace long-held spinlock with mutex

In the Linux kernel, the following vulnerability has been resolved: crypto: jitterentropy - replace long-held spinlock with mutex jentkcapirandom serializes the shared jitterentropy state, but it currently holds a spinlock across the jentreadentropy call. That path performs expensive jitter...

5.5CVSS5.8AI score0.00114EPSS
Exploits0References8
CVE
CVE
added 2026/06/24 7:14 a.m.17 views

CVE-2026-52936

The CVE-2026-52936 vulnerability affects the Linux kernel’s jitterentropy path. Specifically, jent_kcapi_random() serialized the shared jitterentropy state while holding a spinlock during jent_read_entropy(), causing contention and stalls due to expensive entropy collection and SHA3 conditioning....

5.5CVSS5.8AI score0.00114EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/06/24 7:14 a.m.11 views

EUVD-2026-38706

In the Linux kernel, the following vulnerability has been resolved: crypto: jitterentropy - replace long-held spinlock with mutex jentkcapirandom serializes the shared jitterentropy state, but it currently holds a spinlock across the jentreadentropy call. That path performs expensive jitter...

5.8AI score0.00114EPSS
Exploits0References5
Rows per page
Query Builder