Lucene search
K

345 matches found

NVD
NVD
added 3 days ago7 views

CVE-2026-54149

MaxKB is an open-source AI assistant for enterprise. Prior to 2.10.0-lts, MaxKB tool import functionality in apps/tools/serializers/tool.py and MCP referencing mode in apps/application/chatpipeline/step/chatstep/impl/basechatstep.py do not consistently validate MCP transport type, allowing an...

8.8CVSS0.00384EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 3 days ago8 views

PT-2026-57209

Name of the Vulnerable Software and Affected Versions MaxKB versions prior to 2.10.0-lts Description An issue exists where the tool import functionality in apps/tools/serializers/tool.py and the MCP referencing mode in apps/application/chat pipeline/step/chat step/impl/base chat step.py do not...

8.8CVSS6.2AI score0.00384EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 5 days ago5 views

PT-2026-56422

Name of the Vulnerable Software and Affected Versions Dell PowerProtect Data Domain versions 7.7.1.0 through 8.7 Dell PowerProtect Data Domain versions 8.6.1.0 through 8.6.1.10 Dell PowerProtect Data Domain versions 8.3.1.0 through 8.3.1.30 Dell PowerProtect Data Domain versions 7.13.1.0 through...

7.5CVSS6.1AI score0.00338EPSS
Exploits0References3
OSV
OSV
added 2026/07/04 10:28 p.m.4 views

MGASA-2026-0235 Updated mariadb packages fix security vulnerabilities

This update to the latest LTS version fixes some severe security vulnerabilities...

9.9CVSS5.9AI score0.00797EPSS
Exploits0References3
NVD
NVD
added 2026/07/03 2:16 p.m.12 views

CVE-2026-46466

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an use of less trusted source vulnerability. A high privileged attacker with...

2.7CVSS0.00109EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/03 2:9 p.m.41 views

CVE-2026-49815

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special Elements used in an OS command 'OS...

7.2CVSS0.01096EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/03 12:41 p.m.9 views

EUVD-2026-41537

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special Elements used in an OS command 'OS...

6.5CVSS6AI score0.01052EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/07/03 12:0 a.m.12 views

Debian dla-4664 : ata-modules-5.10.0-43-armmp-di - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4664 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4664-1 [email protected]...

9.8CVSS6.8AI score0.00742EPSS
Exploits5References722
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.10 views

PT-2026-55545

Name of the Vulnerable Software and Affected Versions Dell PowerProtect Data Domain versions 7.7.1.0 through 8.7 Dell PowerProtect Data Domain versions 8.6.1.0 through 8.6.1.10 Dell PowerProtect Data Domain versions 8.3.1.0 through 8.3.1.30 Dell PowerProtect Data Domain versions 7.13.1.0 through...

7.2CVSS6.2AI score0.01216EPSS
Exploits0References11
OSV
OSV
added 2026/06/13 8:41 a.m.11 views

BIT-JENKINS-2026-53441

Jenkins 2.483 through 2.567 both inclusive, LTS 2.492.1 through 2.555.2 both inclusive does not escape the user-provided description of a generic offline cause that could be set through the POST config.xml API, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers...

5.4CVSS4.9AI score0.00261EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/12 7:8 p.m.12 views

TYPO3 CMS has Broken Access Control in Backend API

Problem Authenticated backend users were able to retrieve file metadata via several Backend API routes without proper permission checks, allowing access to files outside their permitted file mounts or storages. Solution Update to TYPO3 versions 10.4.57 ELTS, 11.5.51 ELTS, 12.4.46 ELTS, 13.4.31 LT...

5.3CVSS5.2AI score0.00238EPSS
Exploits0References7Affected Software2
OSV
OSV
added 2026/06/12 7:6 p.m.9 views

GHSA-Q93M-25XV-94HH TYPO3 CMS: Broken Access Control in Media Module

Problem Backend users were able to insert arbitrary records and files into the TYPO3 clipboard without proper read permission checks, which allowed users to gather information about records and files they were not authorized to view. Solution Update to TYPO3 versions 10.4.57 ELTS, 11.5.51 ELTS,...

5.3CVSS5.5AI score0.00238EPSS
Exploits0References7
OSV
OSV
added 2026/06/12 7:6 p.m.10 views

GHSA-CG75-QFG2-W9HJ TYPO3 CMS has Cross-Site Scripting in Indexed Search

Problem Editors with access to create or modify page content were able to include HTML markup in page titles that were stored in the search index without sanitization. When displayed in frontend search results via the Indexed Search plugin, these titles were rendered without proper output encodin...

5.1CVSS5.3AI score0.00269EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.10 views

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : uriparser vulnerability (USN-8409-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8409-1 advisory. It was discovered that uriparser incorrectly handled certain URI strings. An attacker could possibly u...

2.9CVSS5.6AI score0.0012EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/10 9:3 p.m.11 views

CVE-2026-48250

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...

5.4CVSS5.5AI score0.00207EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 9:3 p.m.11 views

CVE-2026-47962

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

5.4CVSS5.4AI score0.00224EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 9:3 p.m.11 views

CVE-2026-47950

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

5.4CVSS5.4AI score0.00224EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.18 views

Jenkins 输入验证错误漏洞

Jenkins is an open-source application developed by Jenkins Project. The open-source automation server Jenkins offers hundreds of plugins to support building, deploying, and automating any project. Versions of Jenkins prior to 2.567, as well as LTS versions prior to 2.555.2, contain a vulnerabilit...

4.3CVSS5.4AI score0.00282EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 6:30 p.m.13 views

EUVD-2026-35715

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...

5.4CVSS5.5AI score0.00283EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/09 6:30 p.m.12 views

EUVD-2026-35708

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...

5.4CVSS5.5AI score0.00283EPSS
Exploits0References2
Rows per page
Query Builder