Lucene search
K

163 matches found

RedHat Linux
RedHat Linux
added 6 days ago5 views

Apache Tomcat: Apache Tomcat: Missing Encryption of Sensitive Data due to EncryptInterceptor bypass

A flaw was found in Apache Tomcat. This vulnerability, categorized as Missing Encryption of Sensitive Data, arises from a bypass in the EncryptInterceptor, a component designed to ensure data encryption. This bypass, introduced as a fix for CVE-2026-29146, allows sensitive data to remain...

7.5CVSS6.1AI score0.21691EPSS
Exploits6References5
RedhatCVE
RedhatCVE
added 2026/06/11 8:59 a.m.13 views

CVE-2026-44546

A flaw was found in daphne. This vulnerability arises from a parser differential where daphne reconstructs HTTP requests from Twisted's headers, but Twisted and autobahn handle certain header line separators differently. An attacker can exploit this to inject additional headers into the ASGI...

5.3CVSS5.5AI score0.00172EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/10 12:0 a.m.11 views

Debian dsa-6334 : gir1.2-poppler-0.18 - security update

The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6334 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6334-1 [email protected]...

8.6CVSS6.8AI score0.00252EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.12 views

Debian dla-4623 : libjackson2-core-java - security update

The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-4623 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4623-1 [email protected]...

8.7CVSS7.2AI score0.00634EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/04 12:13 a.m.14 views

CVE-2026-8647

A flaw was found in perl-Crypt-ScryptKDF. The randombytes function in versions through 0.010 uses an insecure random number source when no cryptographically secure pseudorandom number generator CSPRNG module is available. This occurs because the function falls back to using the built-in rand...

4.8CVSS5.6AI score0.00222EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2026/05/28 3:51 p.m.26 views

USN-8339-1: OpenJDK 25 vulnerabilities

Thomas Beckers discovered that the JAXP component of OpenJDK 25 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to gain unauthorized access to sensitive information. CVE-2026-22016 It was discovered that the Networking component of...

7.5CVSS7.2AI score0.00702EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.18 views

PT-2026-39919

SAPUI5 Search UI allows an unauthenticated attacker to manipulate specific URL parameters on the Search UI to include malicious content. Successful exploitation may mislead victim users into clicking and accessing attacker-controlled pages rendered by the application. This vulnerability has a low...

4.7CVSS5.8AI score0.00249EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/09 12:56 a.m.12 views

CVE-2026-43453

A flaw was found in the Linux kernel's netfilter component, specifically within the nftsetpipapo module. The pipapodrop function performs a stack out-of-bounds read. This occurs when an argument is evaluated at the call site before the function body executes, leading to a read beyond the allocate...

7.1CVSS5.7AI score0.00126EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/05/07 5:29 p.m.7 views

pillow: Pillow: Out-of-bounds Write via Specially Crafted PSD Image

A flaw was found the Pillow Python imaging library. Providing a specially crafted PSD image may lead to an out-of-bounds write. This could potentially allow for arbitrary code execution or information disclosure...

8.6CVSS7.8AI score0.00367EPSS
Exploits1References6
EUVD
EUVD
added 2026/05/06 3:32 p.m.8 views

EUVD-2025-209697

HCL BigFix Service Management SM had directories that were not linked or publicly visible but could be accessed directly. This could allow an increased risk of information disclosure or misuse of sensitive functionality...

6.5CVSS5.8AI score0.00153EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.13 views

PT-2026-37635

HCL BigFix Service Management SM had directories that were not linked or publicly visible but could be accessed directly. This could allow an increased risk of information disclosure or misuse of sensitive functionality...

3.7CVSS5.8AI score0.00153EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/05/05 9:22 a.m.17 views

tornado: Tornado: Cookie attribute injection due to improper handling of cookie arguments

A flaw was found in Tornado. A remote attacker could exploit this vulnerability by injecting specially crafted characters into the domain, path, and samesite arguments when setting cookies. This could lead to cookie attribute injection, potentially allowing for information disclosure or...

7.2CVSS5.6AI score0.00237EPSS
Exploits0References6
NVD
NVD
added 2026/04/28 3:16 p.m.7 views

CVE-2026-40969

The raw message of every server-side AuthenticationException is returned to the unauthenticated remote caller in the gRPC status description. This allows an attacker to obtain information about the authentication failure, which may be useful for further attacks. Affected versions: Spring gRPC:...

5.3CVSS0.002EPSS
Exploits0References1
OSV
OSV
added 2026/04/22 6:31 p.m.17 views

GHSA-2CXP-XQ3C-MJXX Duplicate Advisory: uutils coreutils' mktemp utility doesn't properly handle an empty TMPDIR environment variable

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-2w8r-9xj7-69j5. This link is maintained to preserve external references. Original Description The mktemp utility in uutils coreutils fails to properly handle an empty TMPDIR environment variable. Unlike GNU...

3.3CVSS5.8AI score0.00133EPSS
Exploits0References5
OSV
OSV
added 2026/04/21 12:1 p.m.6 views

BIT-AIRFLOW-2026-30912 Apache Airflow: Exposing stack trace in case of constraint error

In case of SQL errors, exception/stack trace of errors was exposed in API even if "api/exposestacktraces" was set to false. That could lead to exposing additional information to potential attacker. Users are recommended to upgrade to Apache Airflow 3.2.0, which fixes the issue...

7.5CVSS5.8AI score0.00449EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/03/20 12:0 a.m.6 views

Debian dsa-6171 : chromium - security update

The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6171 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6171-1 [email protected]...

8.8CVSS6.2AI score0.00415EPSS
Exploits1References55
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.10 views

PT-2026-24198

Name of the Vulnerable Software and Affected Versions HCL Sametime for Android affected versions not specified Description HCL Sametime for Android has a flaw that leads to sensitive information disclosure. Hostnames are written into application logs and specific URLs. Recommendations At the...

3.3CVSS5.8AI score0.00131EPSS
Exploits0References6
Snyk
Snyk
added 2026/03/05 3:30 p.m.6 views

Uncaught Exception

Overview Affected versions of this package are vulnerable to Uncaught Exception via the HTMLParser component. An attacker can cause application crashes or potentially disclose information by submitting specially crafted, malformed HTML-like sequences in Markdown input. PoC python import markdown...

8.2CVSS5.8AI score0.00566EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/03 3:41 p.m.15 views

Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates

Summary IBM App Connect Enterprise Certified Container ACEcc is built on the Red Hat Universal Base Images. ACEcc operator versions 12.0.21 LTS and 12.21.0 contain fixes to the listed CVEs found in the base images. This bulletin provides patch information to address the reported vulnerabilities...

9.8CVSS6.7AI score0.47621EPSS
Exploits8Affected Software1
Debian
Debian
added 2026/02/17 11:50 a.m.10 views

[SECURITY] [DLA 4480-1] roundcube security update

Debian LTS Advisory DLA-4480-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin February 17, 2026 https://wiki.debian.org/LTS Package : roundcube Version : 1.4.15+dfsg.1-1+deb11u7 CVE ID : CVE-2026-25916 CVE-2026-26079 Debian Bug : 1127447 Vulnerabilities were...

4.7CVSS6AI score0.00629EPSS
Exploits2
Rows per page
Query Builder