Lucene search
K

1787 matches found

OSV
OSV
added 4 days ago1 views

CVE-2026-13236 AI Agents - Less critical - Access bypass - SA-CONTRIB-2026-056

Missing Authorization vulnerability in Drupal AI Agents allows Forceful Browsing. This issue affects AI Agents versions: from 0.0.0 to 1.1.4, from 1.2.0 to 1.2.5, from 1.3.0 to 1.3.1...

4.2CVSS6.1AI score0.00142EPSS
Exploits0References5
CVE
CVE
added 2026/07/06 9:54 a.m.18 views

CVE-2026-49297

Apache Airflow Google provider contains a path traversal flaw in GCSToSFTPOperator and GCSTimeSpanFileTransformOperator: GCS object names from bucket listings are joined to a destination path without normalisation or containment checks. A user with write access to a source GCS bucket could create...

8.1CVSS6.1AI score0.01058EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2026/07/03 2:16 p.m.12 views

CVE-2026-46466

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an use of less trusted source vulnerability. A high privileged attacker with...

2.7CVSS0.00109EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/03 1:10 p.m.9 views

EUVD-2026-41544

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an use of less trusted source vulnerability. A high privileged attacker with...

2.7CVSS6AI score0.00109EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/03 1:10 p.m.36 views

CVE-2026-46466

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an use of less trusted source vulnerability. A high privileged attacker with...

2.7CVSS0.00109EPSS
Exploits0References1
CVE
CVE
added 2026/07/03 1:10 p.m.21 views

CVE-2026-46466

CVE-2026-46466 affects Dell PowerProtect Data Domain: 7.7.1.0–8.7; LTS2026: 8.6.1.0–8.6.1.10; LTS2025: 8.3.1.0–8.3.1.30; LTS2024: 7.13.1.0–7.13.1.70. The issue is a use of less trusted source vulnerability that could be exploited by a high-privileged attacker with remote access to cause informati...

2.7CVSS6AI score0.00109EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.13 views

PT-2026-55541

Name of the Vulnerable Software and Affected Versions Dell PowerProtect Data Domain versions 7.7.1.0 through 8.7 Dell PowerProtect Data Domain versions 8.6.1.0 through 8.6.1.10 Dell PowerProtect Data Domain versions 8.3.1.0 through 8.3.1.30 Dell PowerProtect Data Domain versions 7.13.1.0 through...

2.7CVSS6AI score0.00109EPSS
Exploits0References9
Patchstack
Patchstack
added 2026/06/16 2:8 p.m.7 views

NPM: hono: AWS Lambda adapter merges multiple `Set-Cookie` headers into one value, dropping cookies on ALB single-header and Lattice

NPM: hono: AWS Lambda adapter merges multiple Set-Cookie headers into one value, dropping cookies on ALB single-header and Lattice vulnerability discovered by ? in WordPress Npm hono versions 4.12.25...

5.3CVSS5.8AI score0.00186EPSS
Exploits0References2Affected Software1
CBLMariner
CBLMariner
added 2026/06/13 6:21 p.m.8 views

CVE-2026-5222 affecting package rust for versions less than 1.75.0-30

CVE-2026-5222 affecting package rust for versions less than 1.75.0-30. A patched version of the package is available...

6.5CVSS5.2AI score0.00328EPSS
Exploits0
Snyk
Snyk
added 2026/06/11 12:0 a.m.8 views

Use of Less Trusted Source

Overview Affected versions of this package are vulnerable to Use of Less Trusted Source. Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded request headers it receives from untrusted proxies to downstream services. Both the WebFlux and WebMVC Gateway Servers process these...

8.6CVSS5.4AI score0.00139EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.9 views

CVE-2026-41887

Flarum is open-source forum software. Prior to versions 1.8.16 and 2.0.0-rc.1, Flarum's patch for CVE-2023-27577 restricted the @import and data-uri LESS features in the customless setting, but the same restriction was never applied to other settings registered as LESS config variables for exampl...

4.9CVSS5.5AI score0.00404EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/02 11:53 p.m.19 views

CVE-2026-44573

A flaw was found in Next.js. Applications utilizing the Pages Router with internationalization i18n configured and middleware or proxy-based authorization are susceptible to unauthorized access. A remote attacker can exploit this by making locale-less /next/data//.json requests, which bypass the...

7.5CVSS5.7AI score0.00592EPSS
Exploits1References4
CBLMariner
CBLMariner
added 2026/05/30 12:34 a.m.11 views

CVE-2026-39834 affecting package nvidia-container-toolkit for versions less than 1.17.8-3

CVE-2026-39834 affecting package nvidia-container-toolkit for versions less than 1.17.8-3. A patched version of the package is available...

9.1CVSS5.8AI score0.00466EPSS
Exploits0
EUVD
EUVD
added 2026/05/26 5:7 p.m.15 views

EUVD-2026-31913

Chatwoot is a customer engagement suite. From 2.2.0 to before 4.11.2, a SQL injection vulnerability exists in the conversation and contact filter APIs. When filtering by a custom attribute of type date or number using the isgreaterthan or islessthan operators, user-supplied values in the values...

8.5CVSS6.1AI score0.00227EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Systemd

Before version 247, systemd does not properly prevent local privilege escalation for certain Sudo configurations. For example, plausible sudoers files may allow the execution of the “systemctl status” command. Specifically, systemd does not set LESSSECURE to 1, allowing other programs to be...

7.8CVSS6.6AI score0.01051EPSS
Exploits4References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Firefox

The incorrect domain might have been displayed in the address bar during a interrupted navigation attempt. This could have caused confusion for users and potentially led to spoofing attacks. This vulnerability affects Firefox 133 and Thunderbird 133...

4.3CVSS5.1AI score0.00401EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Less

The value “less through 653” allows for OS command execution via a newline character in the file name, due to improper handling of quotes in the filename.c file. Exploitation typically requires the use of file names controlled by the attacker, such as those extracted from untrusted archives...

8.6CVSS7.2AI score0.00628EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Firefox and Thunderbird

When invoking protocol handlers for external protocols, a supplied parameter URL containing spaces was not properly escaped. This vulnerability affects Thunderbird 91.4.0, Firefox ESR 91.4.0, and Firefox 95...

6.5CVSS6.6AI score0.01576EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Less

Closealtfile in filename.c in less before 606 omits shellquote calls for LESSCLOSE...

7.8CVSS6.6AI score0.01059EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.1 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: x86/microcode/AMD: Fixed an out-of-bounds access on systems with CPU-less NUMA nodes. Currently, the loadmicrocodeamd function iterates over all NUMA nodes, retrieves their CPU masks, and accesses per-CPU data for the first CPU o...

7.8CVSS6.4AI score0.00195EPSS
Exploits0References2
Rows per page
Query Builder