Lucene search
+L

1178 matches found

NVD
NVD
added yesterday6 views

CVE-2026-16103

A flaw was found in the keycloak-services component of Keycloak. This issue is an incomplete fix for CVE-2026-9798, where brute-force protection checks were added to the Client-Initiated Backchannel Authentication CIBA initiation handler but were omitted from the token redemption handler. This...

4.3CVSS
Exploits0References2
CVE
CVE
added yesterday8 views

CVE-2026-16103

Keycloak CVE-2026-16103 affects the keycloak-services component. It describes an incomplete fix for CVE-2026-9798: brute-force protection checks were added to the CIBA initiation path but omitted from the token redemption path. As a result, an attacker with valid client credentials can obtain acc...

4.3CVSS5.3AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/06 9:20 p.m.5 views

CVE-2026-34599

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, there is an authenticated command injection vulnerability in the GetLogs Livewire component which allows users with team membership lowest privilege member role to execute...

8.8CVSS6.2AI score0.01385EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.15 views

Linux Distros Unpatched Vulnerability : CVE-2026-53027

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fs/ntfs3: fix missing run load for vcn0 in attrdatagetblocklocked When a compressed or sparse attribute has its clusters frame-aligned, vcn is rounded down to t...

5.5CVSS6.1AI score0.00107EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/24 4:29 p.m.5 views

EUVD-2026-38913

In the Linux kernel, the following vulnerability has been resolved: memory: tegra124-emc: Fix dllchange check The code checking whether the specified memory timing enables DLL in the EMRS register was reversed. DLL is enabled if bit A0 is low. Fix the check...

5.8AI score0.00521EPSS
Exploits0References8
CVE
CVE
added 2026/06/24 4:29 p.m.14 views

CVE-2026-53045

CVE-2026-53045 concerns the Linux kernel memory subsystem, specifically the tegra124-emc component. The issue is that the check to determine whether DLL (Delay-Locked Loop) is enabled in the EMRS register was reversed: DLL is actually enabled when bit A0 is low. A fix to the check was applied in ...

9.8CVSS5.8AI score0.00521EPSS
Exploits0References8
OSV
OSV
added 2026/06/24 4:29 p.m.3 views

CVE-2026-53045 memory: tegra124-emc: Fix dll_change check

In the Linux kernel, the following vulnerability has been resolved: memory: tegra124-emc: Fix dllchange check The code checking whether the specified memory timing enables DLL in the EMRS register was reversed. DLL is enabled if bit A0 is low. Fix the check...

9.8CVSS5.8AI score0.00521EPSS
Exploits0References11
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Linux

A flaw was discovered in the way RTAS handled memory accesses in user space for kernel communication. In a guest system that is under lockdown usually due to Secure Boot, running on top of PowerVM or KVM hypervisors pseries platform, a root-like local user could exploit this flaw to further...

7.2CVSS6.7AI score0.00501EPSS
Exploits1References1
Veracode
Veracode
added 2026/06/17 11:35 a.m.12 views

Authentication Bypass

Spring Web Services is vulnerable to Authentication Bypass. The vulnerability is due to X509AuthenticationProvider issuing a fully authenticated X509AuthenticationToken based solely on certificate-to-user mapping, without enforcing standard account status checks such as disabled, locked, expired,...

5.4CVSS5.3AI score0.00148EPSS
Exploits0References2Affected Software1
ICS
ICS
added 2026/06/09 7:0 a.m.6 views

Schneider Electric EasyLogic T150 and Saitel DP RTU

GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install physical controls so no unauthorized personnel can access...

8.7CVSS6.5AI score0.0024EPSS
Exploits0References11
CVE
CVE
added 2026/06/08 3:46 p.m.36 views

CVE-2026-46293

CVE-2026-46293 : In the Linux kernel, the mpfs-ccc clock driver suffers an out-of-bounds access during output registration UBSAN reports. The hws array is allocated for two PLLs and four output dividers, but IDs include two DLLs and their outputs, which the driver does not support. The documented...

7.1CVSS5.4AI score0.00126EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/06/05 8:33 p.m.8 views

GHSA-H4MP-G9C6-XWPH Shopper: Missing authorization on Product admin Livewire sub-form components

Impact Sub-form Livewire components used in the product editor Edit, Inventory, Seo, Shipping, Files had no authorization on their store method. Any authenticated panel user, regardless of role, could mutate any product's pricing, stock, SEO metadata, shipping dimensions, and attached media witho...

6.5CVSS5.6AI score0.00221EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:42 p.m.10 views

CVE-2025-12624

Active access tokens are not revoked or invalidated when a user account is locked within WSO2 Identity Server. This failure to enforce revocation allows previously issued, valid tokens to remain usable, enabling continued access to protected resources by locked user accounts. The security...

6CVSS5.5AI score0.00177EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:31 p.m.9 views

CVE-2026-6341

Mattermost Plugins versions =11.5 11.1.5 10.13.11 11.3.4.0 fail to have API-level checks on which groups the user can create issues or attach comments to which allows a user that is member of multiple groups to create issues to a locked group via direct API requests. Mattermost Advisory ID:...

4.3CVSS5.5AI score0.00152EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:16 p.m.10 views

CVE-2026-42321

GLPI is a free asset and IT management software package. Starting in version 10.0.4 and prior to version 10.0.25, a technician can store an XSS payload in the asset locked tab. Upgrade to 10.0.25 or 11.0.7 to receive a patch...

8.4CVSS5.4AI score0.00343EPSS
Exploits0References1
NVD
NVD
added 2026/06/03 4:16 p.m.9 views

CVE-2026-42321

GLPI is a free asset and IT management software package. Starting in version 10.0.4 and prior to version 10.0.25, a technician can store an XSS payload in the asset locked tab. Upgrade to 10.0.25 or 11.0.7 to receive a patch...

8.4CVSS0.00343EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/03 3:25 p.m.7 views

CVE-2026-42321

GLPI is a free asset and IT management software package. Starting in version 10.0.4 and prior to version 10.0.25, a technician can store an XSS payload in the asset locked tab. Upgrade to 10.0.25 or 11.0.7 to receive a patch...

8.4CVSS5.8AI score0.00343EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/03 3:25 p.m.13 views

EUVD-2026-34097

GLPI is a free asset and IT management software package. Starting in version 10.0.4 and prior to version 10.0.25, a technician can store an XSS payload in the asset locked tab. Upgrade to 10.0.25 or 11.0.7 to receive a patch...

8.4CVSS5.8AI score0.00343EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.19 views

PT-2026-45959

GLPI is a free asset and IT management software package. Starting in version 10.0.4 and prior to version 10.0.25, a technician can store an XSS payload in the asset locked tab. Upgrade to 10.0.25 or 11.0.7 to receive a patch...

8.4CVSS5.8AI score0.00343EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2026/05/28 8:8 a.m.9 views

inotify: fix watch count leak when fsnotify_add_inode_mark_locked() fails

...

5.5CVSS5.4AI score0.00123EPSS
Exploits0
Rows per page
Query Builder