Lucene search
K

29429 matches found

Cvelist
Cvelist
added 2026/06/30 7:14 p.m.47 views

CVE-2026-7871 Insecure Deserialization in Redis Cache Backend

IBM Langflow OSS 1.0.0 through 1.10.0 allows users with Redis access to execute arbitrary code with full application privileges, compromising all secrets, data, and system integrity...

9.8CVSS0.00386EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/30 5:17 p.m.3 views

Security Bulletin: IBM WebSphere eXtreme Scale is affected by Insecure Deserilization

Summary IBM WebSphere eXtreme Scale is affected by Insecure Deserilization of untrusted data CVE-2026-13759 Vulnerability Details CVEID:CVE-2026-13759 DESCRIPTION: WebSphere eXtreme Scale ships three ObjectInputStream subclasses WsObjectInputStream, ObjectStreamPool$ReusableInputStream,...

8.8CVSS6.2AI score0.00303EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/30 3:47 p.m.4 views

net-imap: ruby: Net::IMAP: Information disclosure via man-in-the-middle attack bypassing TLS

A flaw was found in the Ruby net-imap library. When upgrading a cleartext IMAP connection to TLS using the Net::IMAPstarttls method, the library improperly handles certain responses received during STARTTLS negotiation. A man-in-the-middle MITM attacker can inject a predicted tagged OK response...

7.6CVSS5.7AI score0.00324EPSS
Exploits0References12
NVD
NVD
added 2026/06/30 10:16 a.m.14 views

CVE-2026-10763

PROMOD V is using insecure HTTP communication instead of HTTPS. The vulnerability is due to the lack of HTTPS support from 3rd party Digipede server...

7CVSS0.00347EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/30 9:37 a.m.31 views

CVE-2026-10763

PROMOD V is using insecure HTTP communication instead of HTTPS. The vulnerability is due to the lack of HTTPS support from 3rd party Digipede server...

7CVSS0.00347EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/30 9:37 a.m.9 views

EUVD-2026-40275

PROMOD V is using insecure HTTP communication instead of HTTPS. The vulnerability is due to the lack of HTTPS support from 3rd party Digipede server...

7CVSS5.8AI score0.00347EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.7 views

PT-2026-53829

Name of the Vulnerable Software and Affected Versions PROMOD V affected versions not specified Description PROMOD V uses insecure HTTP communication instead of HTTPS. This issue occurs because the third-party Digipede server does not support HTTPS, which allows data to be transmitted without...

7CVSS5.9AI score0.00347EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.7 views

PT-2026-54077

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description An inappropriate implementation in the Updater component on Windows allows a local attacker to achieve OS-level privilege escalation by using a malicious file. Recommendations Update...

9.6CVSS5.9AI score0.00413EPSS
Exploits0References441
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.6 views

PT-2026-54136

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description An inappropriate implementation in ANGLE, a compatibility layer that allows OpenGL ES APIs to run on non-native platforms, could allow a remote attacker to perform a sandbox escape. Thi...

9.6CVSS6AI score0.00413EPSS
Exploits0References438
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/29 7:50 p.m.5 views

Security Bulletin: Insecure Deserialization in Redis Cache Backend

Summary A deserialization vulnerability was identified in the Redis cache service that could allow attackers with network access to the Redis instance to execute arbitrary code. The cache service used dill.loads to deserialize cached values without integrity verification, enabling attackers to...

9.8CVSS6.2AI score0.00386EPSS
Exploits0Affected Software1
Snyk
Snyk
added 2026/06/29 7:29 p.m.5 views

Sensitive Cookie Without "HttpOnly" Flag

Overview Affected versions of this package are vulnerable to Sensitive Cookie Without "HttpOnly" Flag via missing HttpOnly and Secure attributes on the pinpointJwt session cookie. An attacker can access session tokens by exploiting stored or reflected cross-site scripting to exfiltrate the cookie...

7.6CVSS5.9AI score0.00126EPSS
Exploits0References2
NVD
NVD
added 2026/06/29 6:16 p.m.11 views

CVE-2026-57948

Pinpoint through version 3.1.0 contains an insecure session management vulnerability that allows attackers to access the pinpointJwt session cookie due to missing HttpOnly and Secure attributes, enabling JavaScript access via document.cookie and cleartext transmission over HTTP. Attackers can...

7.6CVSS0.00126EPSS
Exploits0References2
NVD
NVD
added 2026/06/29 6:16 p.m.9 views

CVE-2026-56780

Modoboa before 2.9.0 contains an insecure direct object reference vulnerability in the PUT /api/v1/accounts/pk/password/ endpoint that allows domain administrators to change any user's password. Attackers with domain admin privileges can bypass object-level access controls to reset superadmin...

7.7CVSS0.00265EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/29 5:19 p.m.35 views

CVE-2026-57948 Pinpoint - Insecure Session Cookie Attributes in pinpointJwt

Pinpoint through version 3.1.0 contains an insecure session management vulnerability that allows attackers to access the pinpointJwt session cookie due to missing HttpOnly and Secure attributes, enabling JavaScript access via document.cookie and cleartext transmission over HTTP. Attackers can...

7.6CVSS0.00126EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/29 5:19 p.m.6 views

CVE-2026-57948 Pinpoint - Insecure Session Cookie Attributes in pinpointJwt

Pinpoint through version 3.1.0 contains an insecure session management vulnerability that allows attackers to access the pinpointJwt session cookie due to missing HttpOnly and Secure attributes, enabling JavaScript access via document.cookie and cleartext transmission over HTTP. Attackers can...

7.6CVSS5.6AI score0.00126EPSS
Exploits0References2
CVE
CVE
added 2026/06/29 5:19 p.m.15 views

CVE-2026-57948

Pinpoint (through version 3.1.0) has an insecure session management vulnerability where the pinpointJwt cookie lacks HttpOnly and Secure attributes. This allows JavaScript access via document.cookie and cleartext transmission over HTTP, enabling potential exfiltration of the session token via sto...

7.6CVSS5.6AI score0.00126EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/29 5:19 p.m.8 views

EUVD-2026-40165

Pinpoint through version 3.1.0 contains an insecure session management vulnerability that allows attackers to access the pinpointJwt session cookie due to missing HttpOnly and Secure attributes, enabling JavaScript access via document.cookie and cleartext transmission over HTTP. Attackers can...

7.6CVSS5.6AI score0.00126EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/29 5:14 p.m.34 views

CVE-2026-56780 Modoboa < 2.9.0 - Insecure Direct Object Reference in Account Password Change API

Modoboa before 2.9.0 contains an insecure direct object reference vulnerability in the PUT /api/v1/accounts/pk/password/ endpoint that allows domain administrators to change any user's password. Attackers with domain admin privileges can bypass object-level access controls to reset superadmin...

7.7CVSS0.00265EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/29 5:14 p.m.6 views

EUVD-2026-40155

Modoboa before 2.9.0 contains an insecure direct object reference vulnerability in the PUT /api/v1/accounts/pk/password/ endpoint that allows domain administrators to change any user's password. Attackers with domain admin privileges can bypass object-level access controls to reset superadmin...

7.7CVSS5.8AI score0.00265EPSS
Exploits0References3
CVE
CVE
added 2026/06/29 5:14 p.m.10 views

CVE-2026-56780

Modoboa prior to version 2.9.0 contains an insecure direct object reference in the PUT /api/v1/accounts/{pk}/password/ API. This flaw allows domain administrators to bypass object‑level access controls and change any user’s password, enabling full account takeover by resetting superadmin password...

7.7CVSS5.8AI score0.00265EPSS
Exploits0References3
Rows per page
Query Builder