Lucene search
+L

36010 matches found

CVE
CVE
added 2026/07/08 8:46 p.m.91 views

CVE-2026-11827

Summary: GitLab EE fixed an issue where an authenticated user with maintainer permissions could obtain another user’s stored credentials due to improper authorization controls. Affected versions (before patches): GitLab EE 9.5 up to 18.11.7, 19.0 up to 19.0.4, and 19.1 up to 19.1.2. Root cause (a...

4.9CVSS6AI score0.00255EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/07/08 2:55 p.m.6 views

EUVD-2026-42275

App::Ack versions through 3.10.0 for Perl print unsanitised terminal escape sequences from filenames in several output modes. When ack prints a filename whose basename contains terminal control bytes such as ANSI escape sequences, those bytes reach the terminal unchanged. Version 3.10.0 added a...

7.5CVSS5.9AI score0.00329EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/07/08 2:37 p.m.5 views

Moderate: Red Hat Security Advisory: cups security update

An update for cups is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

7.5CVSS6.6AI score0.00502EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2026/07/08 1:9 p.m.5 views

Moderate: Red Hat Security Advisory: gstreamer1-plugins-ugly-free security update

An update for gstreamer1-plugins-ugly-free is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.1CVSS6AI score0.00228EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/07/08 12:0 a.m.6 views

Juniper Junos OS Vulnerability (JSA110078)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA110078 advisory. - An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacke...

6.9CVSS6.1AI score0.00354EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/07 9:11 p.m.7 views

CVE-2026-59153

Anki is a program for creating and reviewing flashcards. Prior to 25.09.3, Anki launches a local HTTP server to serve media files and web pages for parts of its interface, but requests from other origins were not sufficiently blocked. A malicious website could potentially trigger side-effecting...

2.1CVSS6AI score0.00181EPSS
Exploits0References5Affected Software1
RedHat Linux
RedHat Linux
added 2026/07/07 4:54 p.m.5 views

python-pip: Path traversal via malicious entry point name in pip wheel installation allows arbitrary file overwrite

A flaw was found in pip, the package installer for Python. A remote attacker can exploit this vulnerability by tricking a victim into installing a malicious Python wheel. This wheel contains specially crafted entry-point names that use directory traversal or absolute paths. This allows pip to wri...

8CVSS7.4AI score0.0032EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/07/07 2:33 p.m.6 views

Moderate: Red Hat Security Advisory: freeipmi security update

An update for freeipmi is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

7.5CVSS6.3AI score0.00405EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/07/07 6:39 a.m.3 views

firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bug fixed in Thunderbird ESR 140.12...

5.3CVSS5.9AI score0.00261EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/07/07 6:33 a.m.3 views

firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bug fixed in Thunderbird ESR 140.12...

7.5CVSS5.9AI score0.00326EPSS
Exploits0References6
OSV
OSV
added 2026/07/06 4:18 p.m.5 views

BIT-TOMCAT-2026-55957 Apache Tomcat: Authentication bypass with JNDIRealm and GSSAPI authenticated bind

Missing Critical Step in Authentication vulnerability in Apache Tomcat when the JNDIRealm was configured to authenticate binds using GSSAPI allowed attackers to authenticate without provided the correct password. This issue affects Apache Tomcat: from 11.0.0 through 11.0.4, from 10.1.0 through...

7.3CVSS6AI score0.00462EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/07/06 3:7 p.m.9 views

nodejs: Node.js: Authentication bypass due to TLS hostname handling and unicode dot separator mismatch

A flaw was found in Node.js. This flaw involves a mismatch in how Node.js handles TLS Transport Layer Security hostnames and unicode dot separators during authentication. This mismatch can lead to a wildcard-depth authentication bypass. An attacker could exploit this to bypass intended security...

7.7CVSS7AI score0.02486EPSS
Exploits0References5
NVD
NVD
added 2026/07/06 11:16 a.m.11 views

CVE-2026-4249

The throttling event handling mechanism in multiple WSO2 products accepts user-supplied JSON payloads without sufficient validation of their structure and content. This allows an unauthenticated remote attacker to inject malicious JSON data that can lead to a persistent denial of service conditio...

8.6CVSS0.00339EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/06 10:16 a.m.39 views

CVE-2026-4249 Denial of Service via Malicious JSON Payloads in Throttling Events in Multiple WSO2 Products Causing Persistent Service Disruption

The throttling event handling mechanism in multiple WSO2 products accepts user-supplied JSON payloads without sufficient validation of their structure and content. This allows an unauthenticated remote attacker to inject malicious JSON data that can lead to a persistent denial of service conditio...

8.6CVSS0.00339EPSS
Exploits0References1
CVE
CVE
added 2026/07/06 8:2 a.m.14 views

CVE-2026-46584

CVE-2026-46584 affects Apache Camel’s Mail component. The MailProducer.getSender could read headers from the mail.smtp/mail.smtps namespace and apply them as JavaMail session properties, overriding endpoint config. This allows attacker-controlled inputs to influence SMTP parameters if untrusted i...

3.7CVSS6AI score0.00378EPSS
Exploits1References2Affected Software1
RedHat Linux
RedHat Linux
added 2026/07/06 5:32 a.m.7 views

nodejs: Node.js: Authentication bypass due to TLS hostname handling and unicode dot separator mismatch

A flaw was found in Node.js. This flaw involves a mismatch in how Node.js handles TLS Transport Layer Security hostnames and unicode dot separators during authentication. This mismatch can lead to a wildcard-depth authentication bypass. An attacker could exploit this to bypass intended security...

7.7CVSS5.9AI score0.02486EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/07/06 4:52 a.m.6 views

undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery.

A flaw was found in undici. An attacker-controlled upstream server can exploit a vulnerability in Undici's HTTP/1.1 client, specifically related to response queue poisoning on reused keep-alive sockets. This allows the attacker to inject an unsolicited HTTP/1.1 response onto an idle socket...

3.7CVSS7AI score0.00228EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/07/05 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2012-0501

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and...

5CVSS6.9AI score0.03588EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2026/07/04 2:16 a.m.9 views

SUSE CVE-2026-49852

unknown...

5.9AI score
Exploits0References3
EUVD
EUVD
added 2026/07/03 8:35 p.m.8 views

EUVD-2026-41589

External control of file name or path in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...

8.1CVSS6.1AI score0.00438EPSS
Exploits0References1
Rows per page
Query Builder