Lucene search
K

62793 matches found

AlpineLinux
AlpineLinux
added 4 days ago5 views

CVE-2026-8927

When reusing a libcurl handle for sequential transfers driven by environment-variable proxy configuration, libcurl fails to clear the proxy authentication state between requests. Specifically, if the initial transfer authenticates against proxyA using Digest auth, a subsequent transfer routed...

9.1CVSS5.9AI score0.0025EPSS
Exploits0
CVE
CVE
added 4 days ago17 views

CVE-2026-8927

CVE-2026-8927 involves libcurl when reusing a handle for sequential transfers driven by environment-variable proxies. The root cause is failure to clear proxy authentication state between requests, causing a Digest-auth session authenticated to proxyA to leak the Proxy-Authorization header to pro...

9.1CVSS5.9AI score0.0025EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 4 days ago3 views

SUSE CVE-2026-54672

electron-updater allows for automatic updates for Electron apps. Prior to 26.15.0, AppImage targets built by app-builder-lib could use an empty path component when setting the LDLIBRARYPATH environment variable at runtime. This causes the current working directory to be added to the dynamic linke...

7.8CVSS6.2AI score0.00129EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 4 days ago5 views

Fedora 45 : rust-fern / rust-ifcfg-devname / rust-routinator / rust-rpki / etc (2026-188f731254)

The remote Fedora 45 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-188f731254 advisory. Update routinator to the latest, pulling in updated dependencies rpki and syslog, and switch fern to using syslog 7 instead of 6 for this update, an...

9.3CVSS6AI score0.00549EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 4 days ago4 views

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : curl vulnerabilities (USN-8487-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8487-1 advisory. Andrew Nesbitt discovered that curl could reuse an existing live connecti...

9.8CVSS6.2AI score0.0025EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 4 days ago4 views

Ubuntu 22.04 LTS / 24.04 LTS : Linux kernel (Low Latency) vulnerabilities (USN-8497-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8497-1 advisory. It was discovered that the Linux kernel did not properly handle shared page fragments during socket buffer operations, collectively known as...

9.8CVSS7.3AI score0.93235EPSS
Exploits61References322
Tenable Nessus
Tenable Nessus
added 4 days ago5 views

Ubuntu 26.04 LTS : Linux kernel (OEM) vulnerabilities (USN-8489-1)

"The remote Ubuntu 26.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8489-1 advisory. It was discovered that the Linux kernel did not properly handle shared page fragments during socket buffer operations, collectively known as Dirty Frag....

9.8CVSS7.3AI score0.93235EPSS
Exploits62References166
Tenable Nessus
Tenable Nessus
added 4 days ago4 views

Ubuntu 24.04 LTS : Linux kernel (Xilinx) vulnerabilities (USN-8499-1)

"The remote Ubuntu 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8499-1 advisory. It was discovered that the Linux kernel algifaead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A...

9.8CVSS7.3AI score0.96267EPSS
Exploits285References517
Packet Storm
Packet Storm
added 4 days ago29 views

📄 Cacti 1.2.30 Remote Code Execution

Cacti versions 1.2.30 and below authenticated remote code execution exploit that uses variable injection via graph rendering. Written in Python. ================================================================================================================================== | Title : Cacti ≤...

6.6AI score
Exploits0
Oracle linux
Oracle linux
added 4 days ago5 views

Unbreakable Enterprise kernel security update

5.15.0-322.203.3.2 - KVM: x86/mmu: Ensure hugepage is in by slot before checking max mapping level Sean Christopherson Orabug: 39673886 - KVM: x86: Fix shadow paging use-after-free due to unexpected role Paolo Bonzini Orabug: 39673886 - KVM: x86: Fix shadow paging use-after-free due to unexpected...

9.8CVSS7.3AI score0.00474EPSS
Exploits11
Packet Storm
Packet Storm
added 4 days ago29 views

📄 Cacti 1.2.30 Remote Code Execution

This Metasploit module is an authenticated remote code execution exploit for Cacti versions 1.2.30 and below. ================================================================================================================================== | Title : Cacti ≤ 1.2.30 Authenticated RCE via Host...

7.7AI score
Exploits2
Packet Storm
Packet Storm
added 4 days ago35 views

📄 Cockpit CMS 2.13.5 Cross Site Scripting / Account Takeover

Cockpit CMS versions 2.13.5 and below suffer from persistent cross site scripting and cross site request forgery vulnerabilities. CVE-2026-39275 - Stored XSS Leading to Account Takeover in Cockpit CMS Note: Responsibly disclosed to and patched by the Cockpit CMS maintainers prior to publication. ...

5.3AI score
Exploits0
OSV
OSV
added 5 days ago3 views

GHSA-JPHH-M39H-6GWX 9router's Hardcoded Default fallback JWT Secret Allows Authentication Bypass

Summary 9router uses a publicly known hardcoded string "9router-default-secret-change-me" as the fallback of JWT secret for all Dashboard session JWTs when the JWTSECRET environment variable is not set. Because this secret is committed in the public repository and unchanged across all releases, a...

9.8CVSS5.8AI score0.0019EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 5 days ago12 views

9router's Hardcoded Default fallback JWT Secret Allows Authentication Bypass

Summary 9router uses a publicly known hardcoded string "9router-default-secret-change-me" as the fallback of JWT secret for all Dashboard session JWTs when the JWTSECRET environment variable is not set. Because this secret is committed in the public repository and unchanged across all releases, a...

5.8AI score0.0019EPSS
Exploits1References2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 5 days ago4 views

Security Bulletin: Multiple vulnerabilities that affects IBM Db2 Genius Hub

Summary The following dependency packages are being used by IBM Db2 Genius Hub. flatted-3.3.3.tgz , axios-1.15.1.tgz, immutable-4.0.0-rc.12.tgz , lodash-4.17.23.tgz, jspdf-3.0.2.tgz , swiper-11.2.10.tgz , picomatch-2.3.1.tgz , axios-1.12.2.tgz , router-1.23.0.tgz , minimatch-10.2.1.tgz ,...

7.5CVSS5.9AI score0.00521EPSS
Exploits2Affected Software1
OSV
OSV
added 5 days ago4 views

GHSA-GG9X-QCX2-XMRH joserfc: HS256/HS384/HS512 verify accepts empty/nil HMAC key (cross-language sibling of CVE-2026-45363)

Summary joserfc.jwt.decode accepts attacker-forged HMAC-signed tokens when the caller-supplied verification key is the empty string or None. HMACAlgorithm.sign and HMACAlgorithm.verify in src/joserfc/rfc7518/jwsalgs.py:62-70 feed whatever OctKey.getopkey... produced into hmac.new..., and...

8.7CVSS5.9AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 5 days ago8 views

joserfc: HS256/HS384/HS512 verify accepts empty/nil HMAC key (cross-language sibling of CVE-2026-45363)

Summary joserfc.jwt.decode accepts attacker-forged HMAC-signed tokens when the caller-supplied verification key is the empty string or None. HMACAlgorithm.sign and HMACAlgorithm.verify in src/joserfc/rfc7518/jwsalgs.py:62-70 feed whatever OctKey.getopkey... produced into hmac.new..., and...

5.9AI score0.00018EPSS
Exploits0References4Affected Software1
Wordfence Blog
Wordfence Blog
added 5 days ago10 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (June 22, 2026 to June 28, 2026)

Last week, there were 199 vulnerabilities disclosed in 169 WordPress Plugins and 9 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 111 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilitie...

6AI score
Exploits0
OSV
OSV
added 5 days ago3 views

GHSA-3RJW-M598-PQ24 Cmov/CmovEq on aarch64 can produce wrong results if high-bits of registers are set

Summary The aarch64 implementations of Cmov and CmovEq seem to assume that the high bits when loading a value of size smaller than a register into a register are zero-extended. However, this is not the case and these bits are unspecified. This can result in a left.cmovz&right, condition not movin...

6.9CVSS5.5AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 5 days ago11 views

Cmov/CmovEq on aarch64 can produce wrong results if high-bits of registers are set

Summary The aarch64 implementations of Cmov and CmovEq seem to assume that the high bits when loading a value of size smaller than a register into a register are zero-extended. However, this is not the case and these bits are unspecified. This can result in a left.cmovz&right, condition not movin...

5.5AI score
Exploits0References2Affected Software1
Rows per page
Query Builder