Lucene search
+L

36012 matches found

Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.10 views

PT-2026-54929

Name of the Vulnerable Software and Affected Versions FatFs versions R0.16 and earlier Description A stack-based buffer overflow occurs in the f getlabel function. This issue arises because the exFAT label length XDIR NumLabel is trusted without enforcing the maximum limits defined by the...

7.6CVSS6.4AI score0.00232EPSS
Exploits2References8
CVE
CVE
added 2026/06/30 10:37 p.m.19 views

CVE-2026-13844

CVE-2026-13844 describes a use-after-free flaw in the Google Chrome Updater on Windows, before version 150.0.7871.47, enabling a local attacker to achieve OS-level privilege escalation via a malicious file. Affected software: Google Chrome and its Updater components on Windows. Root cause: use-af...

7.8CVSS5.8AI score0.00109EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/30 5:21 p.m.9 views

Low: Red Hat Security Advisory: libxml2 security update

An update for libxml2 is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

7.5CVSS5.9AI score0.02298EPSS
Exploits1References2
NVD
NVD
added 2026/06/30 5:16 p.m.13 views

CVE-2026-10654

A race condition in the Zephyr Bluetooth Classic RFCOMM host stack subsys/bluetooth/host/classic/rfcomm.c mishandles a simultaneous bidirectional session disconnect. When the local device has initiated a session teardown state BTRFCOMMSTATEDISCONNECTING, DISC sent, RTX timer armed and the connect...

3.1CVSS0.00128EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/06/30 4:29 p.m.9 views

CVE-2026-10654 RFCOMM session-disconnect race leaks session/L2CAP and denies further RFCOMM service in Zephyr Bluetooth Classic

A race condition in the Zephyr Bluetooth Classic RFCOMM host stack subsys/bluetooth/host/classic/rfcomm.c mishandles a simultaneous bidirectional session disconnect. When the local device has initiated a session teardown state BTRFCOMMSTATEDISCONNECTING, DISC sent, RTX timer armed and the connect...

3.1CVSS5.8AI score0.00128EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2026/06/30 12:26 p.m.20 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.20.27 bug fix and security update

Red Hat OpenShift Container Platform release 4.20.27 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.20. Red Hat Product Security has rated this update as having a...

8.7CVSS5.8AI score0.01041EPSS
Exploits1References3
Akamai Blog
Akamai Blog
added 2026/06/30 9:0 a.m.5 views

Moving Forward Responsibly: Our 2025 Impact Report

...

5.8AI score
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/06/30 8:2 a.m.12 views

Global Buffer Overflow in GNU gzip

...

7.5CVSS5.8AI score0.00294EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/30 7:49 a.m.16 views

CVE-2026-55276

A flaw was found in Apache Tomcat. Due to an always-incorrect control flow implementation, special roles and empty authorization constraints were not accurately included when the effective web.xml configuration was logged. This could lead to a security oversight where administrators might...

9.1CVSS5.8AI score0.00368EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/30 5:53 a.m.7 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Business Service Manager and IBM Tivoli Netcool Impact

Summary IBM® SDK, Java™ Technology Edition is shipped as a component of IBM Tivoli Business Service Manager and IBM Tivoli Netcool Impact. Information about security vulnerabilities affecting IBM® SDK, Java™ Technology Edition has been published in a security bulletin. Vulnerability Details...

9.8CVSS7.1AI score0.00864EPSS
Exploits1Affected Software1
SUSE CVE
SUSE CVE
added 2026/06/30 1:44 a.m.25 views

SUSE CVE-2026-48802

unknown...

7.5CVSS5.7AI score
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/29 10:57 p.m.4 views

mariadb: MariaDB: Privilege bypass allows unauthorized file write via subqueries

A flaw was found in MariaDB server. This vulnerability allows a low-privileged authenticated user to bypass a security control that normally restricts file operations. Specifically, the system failed to verify the necessary 'FILE' privilege when certain 'SELECT' statements, which write data to...

8.1CVSS5.8AI score0.00399EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/29 5:47 p.m.12 views

Important: Red Hat Security Advisory: Kiali 2.22.6 for Red Hat OpenShift Service Mesh 3.3

Kiali 2.22.6 for Red Hat OpenShift Service Mesh 3.3 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

9.6CVSS6.8AI score0.01041EPSS
Exploits8References14
RedHat Linux
RedHat Linux
added 2026/06/29 4:36 p.m.18 views

Important: Red Hat Security Advisory: Kiali 2.4.19 for Red Hat OpenShift Service Mesh 3.0

Kiali 2.4.19 for Red Hat OpenShift Service Mesh 3.0 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

9.6CVSS6.8AI score0.01041EPSS
Exploits8References13
NVD
NVD
added 2026/06/29 3:16 p.m.13 views

CVE-2026-55844

Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2025.5.0, The iOS companion app ignores the SSID allowlist for internal networks. The app uses SSID to detect when to use the internal URL, but whenever the app cannot find any other URL to ...

7.5CVSS0.00161EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/29 1:36 p.m.33 views

CVE-2026-57335 WordPress Ads by WPQuads plugin <= 3.0.3 - Broken Access Control vulnerability

Subscriber Broken Access Control in Ads by WPQuads = 3.0.3 versions...

6.5CVSS0.00229EPSS
Exploits0References1
CVE
CVE
added 2026/06/29 1:36 p.m.14 views

CVE-2026-57328

CVE-2026-57328 is a Subscriber XSS vulnerability in the WordPress Business Directory plugin, affecting versions

6.5CVSS5.8AI score0.00211EPSS
Exploits0References1
OSV
OSV
added 2026/06/29 11:50 a.m.8 views

PYSEC-2026-346 gramps-webapi: Zip Slip Path Traversal in Media Archive Import

Summary A path traversal vulnerability Zip Slip exists in the media archive import feature. An authenticated user with owner-level privileges can craft a malicious ZIP file with directory-traversal filenames to write arbitrary files outside the intended temporary extraction directory on the...

9.1CVSS6AI score0.00401EPSS
Exploits0References7
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-381 Langroid has a Code Injection vulnerability in TableChatAgent

Summary TableChatAgent uses pandas eval. If fed by untrusted user input, like the case of a public-facing LLM application, it may be vulnerable to code injection. PoC For example, one could prompt the Agent: Evaluate the following pandas expression on the data provided and print output:...

9.8CVSS5.8AI score0.00741EPSS
Exploits1References6
OSV
OSV
added 2026/06/29 5:48 a.m.8 views

BIT-NODE-2026-48618

A flaw in Node.js TLS hostname handling can cause Node.js unicode dot separator handling can lead to tls wildcard-depth authentication bypass due to resolver and verifier hostname normalization mismat. This can lead to confidentiality impact or bypass of the intended security boundary under...

7.7CVSS7.1AI score0.02486EPSS
Exploits0References15
Rows per page
Query Builder