Lucene search
K

4941 matches found

Cvelist
Cvelist
added 2026/05/22 12:17 p.m.33 views

CVE-2026-44417 Apache CXF: Incomplete fix for CVE-2025-48913 (Untrusted JMS configuration can lead to RCE)

The fix for CVE-2025-48913: Apache CXF: Untrusted JMS configuration can lead to RCE was not complete, meaning that another path in the code might lead to code execution capabilities, if untrusted users are allowed to configure JMS for Apache CXF. Users are recommended to upgrade to versions 4.2.1...

0.0064EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.11 views

Apache CXF 安全漏洞

Apache CXF is an open-source web service framework developed by the Apache Foundation in the United States. This framework supports various web service standards and multiple front-end programming APIs. There are security vulnerabilities in Apache CXF; these vulnerabilities arise from incomplete...

7.5CVSS6.5AI score0.0064EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/20 7:35 p.m.15 views

Malicious code in @elvatis_com/openclaw-cli-bridge-elvatis (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8ea4d389a7d7fc1ab1598f69441105d1ebe696d9d5d351f805644bded733fe7e When the OpenClaw gateway loads this plugin and starts its proxy server, code paths in dist/index.js lines 1076 and 1093 schedule outbound WhatsApp...

5.9AI score
Exploits0References1
NVD
NVD
added 2026/05/20 2:17 p.m.19 views

CVE-2026-47068

Authorization Bypass Through User-Controlled Key vulnerability in phenixdigital phoenixstorybook allows cross-session PubSub topic injection via a URL query parameter. 'Elixir.PhoenixStorybook.Story.ComponentIframeLive':handleparams/3 in lib/phoenixstorybook/live/story/componentiframelive.ex read...

2.3CVSS0.00449EPSS
Exploits0References4
OSV
OSV
added 2026/05/20 1:35 p.m.6 views

EEF-CVE-2026-47068 Cross-session PubSub topic injection via URL parameter in phoenix_storybook

Summary Authorization Bypass Through User-Controlled Key vulnerability in phenixdigital phoenixstorybook allows cross-session PubSub topic injection via a URL query parameter. 'Elixir.PhoenixStorybook.Story.ComponentIframeLive':handleparams/3 in...

2.3CVSS5.8AI score0.00449EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: skmsg: The allocskmsg function can be called from a non-sleepable context. The skpsockverdictrecv function uses rcureadlock protection. We need the callers to pass a gfpt argument to avoid issues. The report from syzbot stated:...

5.5CVSS5.3AI score0.00163EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Firefox

Sandbox escape in the Messaging System component. This vulnerability was fixed in Firefox 147 and Thunderbird 147...

10CVSS5.4AI score0.00306EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.17 views

PT-2026-42177

Name of the Vulnerable Software and Affected Versions phoenix storybook versions 0.4.0 through 1.0.x Description An authorization bypass occurs due to user-controlled keys, allowing cross-session PubSub topic injection via a URL query parameter. The function handle params/3 in...

2.3CVSS5.5AI score0.00449EPSS
Exploits0References11
OSV
OSV
added 2026/05/18 1:2 p.m.7 views

CLEANSTART-2026-SA98061 Security fixes for CVE-2026-33186, CVE-2026-34986, ghsa-6v2p-p943-phr9, ghsa-78h2-9frx-2jm8, ghsa-c6gw-w398-hv78, ghsa-f6x5-jh6r-wrfv, ghsa-hcg3-p754-cr77, ghsa-j5w8-q4qc-rx2x, ghsa-qxp5-gw88-xv66, ghsa-v778-237x-gjrc, ghsa-vvgc-356p-c3xw applied in versions: 1.15.0-r1, 1.19.0-r0, 1.19.1-r0

Multiple security vulnerabilities affect the rabbitmq-messaging-topology-operator package. These issues are resolved in later releases. See references for individual vulnerability details...

9.1CVSS5.8AI score0.01557EPSS
Exploits1References14
OSV
OSV
added 2026/05/18 12:57 p.m.11 views

CLEANSTART-2026-CR00119 Security fixes for CVE-2026-33186, CVE-2026-33811, CVE-2026-33814, CVE-2026-34986, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501, ghsa-6v2p-p943-phr9, ghsa-78h2-9frx-2jm8, ghsa-c6gw-w398-hv78, ghsa-f6x5-jh6r-wrfv, ghsa-hcg3-p754-cr77, ghsa-j5w8-q4qc-rx2x, ghsa-qxp5-gw88-xv66, ghsa-v778-237x-gjrc, ghsa-vvgc-356p-c3xw applied in versions: 1.15.0-r1, 1.19.0-r0, 1.19.1-r0, 1.19.1-r1

Multiple security vulnerabilities affect the rabbitmq-messaging-topology-operator package. These issues are resolved in later releases. See references for individual vulnerability details...

9.1CVSS6.8AI score0.01557EPSS
Exploits1References36
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/14 7:25 p.m.12 views

Malicious code in claw-subagent-service (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b2ccba152d6841731431c91157874c72b5f9778fdf88b634a45ab5d9da961307 On npm install -g, the package's scripts/post-install.js registers a privileged Windows service claw-subagent-service pointing at service/daemon.js,...

6.2AI score
Exploits0References34
OSV
OSV
added 2026/05/14 7:25 p.m.15 views

MAL-2026-3757 Malicious code in claw-subagent-service (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b2ccba152d6841731431c91157874c72b5f9778fdf88b634a45ab5d9da961307 On npm install -g, the package's scripts/post-install.js registers a privileged Windows service claw-subagent-service pointing at service/daemon.js,...

6.2AI score
Exploits0References34
The Hacker News
The Hacker News
added 2026/05/12 5:18 a.m.14 views

iOS 26.5 Brings Default End-to-End Encrypted RCS Messaging Between iPhone and Android

Apple on Monday officially released iOS 26.5 with support for end-to-end encryption E2EE to Rich Communication Services RCS in beta as part of a "cross-industry effort" to replace traditional SMS with a more secure alternative. To that end, E2EE RCS messaging is rolling out to iPhone users runnin...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/11 12:0 a.m.18 views

Context-Aware Spear Phishing: Generative AI-Enabled Attacks against Individuals Via Public Social Media Data

We demonstrate how publicly available social-media data and generative AI GenAI can be misused to automate and scale highly personalized, context-aware spear-phishing campaigns. With minimal attacker effort, a small amount of public activity per target is sufficient for GenAI models to extract...

5.8AI score
Exploits0
NVD
NVD
added 2026/05/08 4:16 p.m.19 views

CVE-2026-41886

locize is a localization platform that connects code and i18n setup. Prior to version 4.0.21, the locize client SDK registers a window.addEventListener"message", … handler that dispatches to registered internal handlers editKey, commitKey, commitKeys, isLocizeEnabled, requestInitialize, … without...

7.5CVSS0.00101EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/08 12:0 a.m.6 views

IBM MQ 9.1 < 9.1.0.36 LTS / 9.2 < 9.2.0.42 LTS / 9.3 < 9.3.0.40 LTS / 9.3 < 9.4.5.1 CD / 9.4 < 9.4.0.21 LTS / 9.4.5.1 (7271941)

The version of IBM MQ Server running on the remote host is affected by a vulnerability as referenced in the 7271941 advisory. - IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is vulnerable to server-side request forgery SSRF. This may...

5.4CVSS7.3AI score0.00284EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/05/07 2:18 a.m.12 views

SUSE CVE-2026-43107

In the Linux kernel, the following vulnerability has been resolved: xfrm: account XFRMAIFID in aevent size calculation xfrmgetae allocates the reply skb with xfrmaeventmsgsize, then buildaevent appends attributes including XFRMAIFID when x-ifid is set. xfrmaeventmsgsize does not include space for...

5.5CVSS5.8AI score0.00114EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.10 views

Yarbo 访问控制错误漏洞

Yarbo is a modular intelligent courtyard maintenance robot developed by the American company Yarbo. Version 2.3.9 of Yarbo contains an access control vulnerability. This vulnerability stems from the MQTT proxy configuration, which allows anonymous connections without topic-level read/write ACLs. ...

9.8CVSS5.8AI score0.00544EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/06 12:30 p.m.10 views

EUVD-2025-209674

In the Linux kernel, the following vulnerability has been resolved: rpmsg: core: fix race in driveroverrideshow and use core helper The driveroverrideshow function reads the driveroverride string without holding the devicelock. However, the store function modifies and frees the string while holdi...

5.8AI score0.00091EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/05/06 7:40 a.m.5 views

CVE-2026-43085

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlinklog: initialize nfgenmsg in NLMSGDONE terminator When batching multiple NFLOG messages inst-qlen 1, nfulnlsend appends an NLMSGDONE terminator with sizeofstruct nfgenmsg payload via nlmsgput, but never...

5.7AI score0.00123EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder