Lucene search
K

4944 matches found

Snyk
Snyk
added 2026/06/01 10:26 a.m.9 views

Exposure of Sensitive Information Through Metadata

Overview org.apache.activemq:activemq-broker is a high performance Apache 2.0 licensed Message Broker and JMS 1.1 implementation. Affected versions of this package are vulnerable to Exposure of Sensitive Information Through Metadata in the BrokerInfo component. An attacker can obtain sensitive...

8.2CVSS5.5AI score0.00328EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/06/01 12:0 a.m.14 views

CVE-2026-10154

A vulnerability has been found in Dolibarr ERP CRM 23.0.0/23.0.1/23.0.2. The affected element is an unknown function of the file htdocs/user/messaging.php. Such manipulation of the argument ID leads to authorization bypass. The attack can be executed remotely. Upgrading to version 23.0.3 is...

5.3CVSS5.5AI score0.00223EPSS
Exploits0References6
OSV
OSV
added 2026/05/31 12:16 a.m.8 views

UBUNTU-CVE-2026-10154

A vulnerability has been found in Dolibarr ERP CRM 23.0.0/23.0.1/23.0.2. The affected element is an unknown function of the file htdocs/user/messaging.php. Such manipulation of the argument ID leads to authorization bypass. The attack can be executed remotely. Upgrading to version 23.0.3 is...

5.3CVSS5.5AI score0.00223EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/05/31 12:0 a.m.10 views

Dolibarr ERP CRM 安全漏洞

Dolibarr ERP CRM is an open-source enterprise and sales management system developed by Dolibarr. Versions 23.0.0, 23.0.1, and 23.0.2 of Dolibarr ERP CRM contain security vulnerabilities. These vulnerabilities stem from unknown functions in the file htdocs/user/messaging.php, which allow...

5.3CVSS5.7AI score0.00223EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/05/30 11:0 p.m.38 views

CVE-2026-10154 Dolibarr ERP CRM messaging.php authorization

A vulnerability has been found in Dolibarr ERP CRM 23.0.0/23.0.1/23.0.2. The affected element is an unknown function of the file htdocs/user/messaging.php. Such manipulation of the argument ID leads to authorization bypass. The attack can be executed remotely. Upgrading to version 23.0.3 is...

5.3CVSS0.00223EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/30 11:0 p.m.9 views

CVE-2026-10154 Dolibarr ERP CRM messaging.php authorization

A vulnerability has been found in Dolibarr ERP CRM 23.0.0/23.0.1/23.0.2. The affected element is an unknown function of the file htdocs/user/messaging.php. Such manipulation of the argument ID leads to authorization bypass. The attack can be executed remotely. Upgrading to version 23.0.3 is...

5.3CVSS5.5AI score0.00223EPSS
Exploits0References5
CVE
CVE
added 2026/05/30 11:0 p.m.28 views

CVE-2026-10154

Dolibarr ERP CRM vulnerability CVE-2026-10154 affects Dolibarr 23.0.0–23.0.2 in htdocs/user/messaging.php, where manipulation of the ID argument enables an authorization bypass via a remote attack. The issue is confirmed to impact the affected versions and is mitigated by upgrading to 23.0.3, wit...

5.3CVSS5.5AI score0.00223EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/29 7:30 p.m.12 views

EUVD-2026-33429

NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. In 0.24.8 and earlier, quicstreamrecv can dereference a null substream pointer when a substream is in reopen state. The code finishes the AIO with error but does not return before locking c-mtx...

6.3CVSS5.9AI score0.00227EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.19 views

PT-2026-44986

Name of the Vulnerable Software and Affected Versions NanoMQ versions prior to 0.24.9 Description NanoMQ is an Edge Messaging Platform. A null pointer dereference can occur in the quic stream recv function when a substream is in a reopen state. The system completes the Asynchronous I/O AIO...

6.3CVSS5.8AI score0.00227EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.12 views

Cloud Foundry BOSH Director 安全漏洞

Cloud Foundry BOSH Director is a cloud infrastructure deployment and lifecycle management platform developed by the US Cloud Foundry company. Versions of Cloud Foundry BOSH Director prior to v282.1.12 contained security vulnerabilities. These vulnerabilities stemmed from AgentClient not performin...

6.8CVSS5.8AI score0.00083EPSS
Exploits0References1
NVD
NVD
added 2026/05/26 7:16 p.m.17 views

CVE-2026-48689

FastNetMon Community Edition through 1.2.9 contains an off-by-one heap-based buffer overflow in the dynamicbinarybuffert class src/dynamicbinarybuffer.hpp. Five methods appenddynamicbuffer, appenddataaspointer, appenddataasobjectptr, memcpyfromptr, memcpyfromobjectptr use an incorrect bounds chec...

9.8CVSS0.00677EPSS
Exploits1References3
NVD
NVD
added 2026/05/25 3:16 p.m.15 views

CVE-2018-25361

Soroush IM Desktop App 0.17.0 contains an authentication bypass vulnerability that allows local attackers to remove passcodes by injecting pre-encrypted database entries using a constant encryption key. Attackers can inject malicious database records into the application's database files to unloc...

7CVSS0.00122EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/24 3:30 a.m.10 views

CVE-2026-9352 NousResearch hermes-agent Messaging Gateway local.py _make_run_env information disclosure

A weakness has been identified in NousResearch hermes-agent up to 2026.4.23. This issue affects the function makerunenv of the file tools/environments/local.py of the component Messaging Gateway Handler. Executing a manipulation can lead to information disclosure. The attack may be launched...

6.9CVSS5.7AI score0.00286EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/24 3:30 a.m.18 views

CVE-2026-9352 NousResearch hermes-agent Messaging Gateway local.py _make_run_env information disclosure

A weakness has been identified in NousResearch hermes-agent up to 2026.4.23. This issue affects the function makerunenv of the file tools/environments/local.py of the component Messaging Gateway Handler. Executing a manipulation can lead to information disclosure. The attack may be launched...

6.9CVSS0.00286EPSS
Exploits0References4
CVE
CVE
added 2026/05/24 3:30 a.m.28 views

CVE-2026-9352

Affected software/area: NousResearch hermes-agent (Messaging Gateway Handler), up to 2026.4.23. Vulnerability details: A weakness in the function _make_run_env in tools/environments/local.py can lead to information disclosure. The issue may be exploitable remotely; exploit has been made publicly ...

6.9CVSS5.7AI score0.00286EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/24 12:0 a.m.11 views

Hermes Agent 访问控制错误漏洞

Hermes Agent is an AI agent tool developed by Nous Research, featuring self-learning capabilities. Versions of Hermes Agent prior to 2026.4.23 contained a access control vulnerability. This vulnerability originated from the makerunenv function in the tools/environments/local.py file of the...

6.9CVSS6.1AI score0.00286EPSS
Exploits0References5
Snyk
Snyk
added 2026/05/22 3:47 p.m.7 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data when importing JMS configuration with setJndiEnvironment in AbstractMessageListenerContainer. A user who control the JMS configuration can execute arbitrary code. Note: This vulnerability is a bypass of...

9.8CVSS7.4AI score0.00793EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/05/22 3:47 p.m.9 views

org.apache.cxf.systests:cxf-systests-jaxrs (=4.2.0), org.apache.cxf.systests:cxf-systests-transport-jms (=4.2.0) +4 more potentially affected by CVE-2025-48913 +1 more via org.apache.cxf:cxf-rt-transports-jms (=4.2.0)

org.apache.cxf:cxf-rt-transports-jms MAVEN version =4.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.cxf:cxf-rt-transports-jms and may be impacted: - org.apache.cxf.systests:cxf-systests-jaxrs =4.2.0 -...

9.8CVSS7.2AI score0.00793EPSS
Exploits0
Cvelist
Cvelist
added 2026/05/22 12:17 p.m.35 views

CVE-2026-44417 Apache CXF: Incomplete fix for CVE-2025-48913 (Untrusted JMS configuration can lead to RCE)

The fix for CVE-2025-48913: Apache CXF: Untrusted JMS configuration can lead to RCE was not complete, meaning that another path in the code might lead to code execution capabilities, if untrusted users are allowed to configure JMS for Apache CXF. Users are recommended to upgrade to versions 4.2.1...

0.0064EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/22 12:17 p.m.11 views

CVE-2026-44417 Apache CXF: Incomplete fix for CVE-2025-48913 (Untrusted JMS configuration can lead to RCE)

The fix for CVE-2025-48913: Apache CXF: Untrusted JMS configuration can lead to RCE was not complete, meaning that another path in the code might lead to code execution capabilities, if untrusted users are allowed to configure JMS for Apache CXF. Users are recommended to upgrade to versions 4.2.1...

6.2AI score0.0064EPSS
Exploits0References1
Rows per page
Query Builder