Lucene search
K

14379 matches found

ATTACKERKB
ATTACKERKB
added 5 days ago6 views

CVE-2026-46590

Deserialization of Untrusted Data vulnerability in Apache Camel PQC component. The camel-pqc component persists post-quantum key metadata KeyMetadata through pluggable KeyLifecycleManager implementations. HashicorpVaultKeyLifecycleManager and AwsSecretsManagerKeyLifecycleManager read that metadat...

6.4AI score0.00485EPSS
Exploits0References2Affected Software1
CVE
CVE
added 5 days ago14 views

CVE-2026-46590

CVE-2026-46590 (Apache Camel-PQC) describes a deserialization of untrusted data issue in the camel-pqc component. Hashicorp Vault and AWS Secrets Manager key lifecycle managers deserialize a Base64-wrapped value via java.io.ObjectInputStream.readObject() without an ObjectInputFilter or class allo...

8.8CVSS6.4AI score0.00485EPSS
Exploits0References1Affected Software1
RedHat Linux
RedHat Linux
added 5 days ago5 views

nodejs: Node.js: Unauthorized file metadata modification

A flaw was found in Node.js. The Permission API allows a local user to modify file metadata on paths that have been explicitly set as read-only. This can lead to unauthorized changes in file properties, impacting the integrity of the file system...

3.3CVSS5.9AI score0.00154EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 5 days ago11 views

Important: Red Hat Security Advisory: nodejs22 security, bug fix, and enhancement update

An update for nodejs22 is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

9.8CVSS6AI score0.02806EPSS
Exploits1References15
RedHat Linux
RedHat Linux
added 5 days ago7 views

nodejs: Node.js: Unauthorized file metadata modification

A flaw was found in Node.js. The Permission API allows a local user to modify file metadata on paths that have been explicitly set as read-only. This can lead to unauthorized changes in file properties, impacting the integrity of the file system...

3.3CVSS6.2AI score0.00154EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 5 days ago8 views

PT-2026-55886

☕ Apache Camel critical alert: CVE-2026-43867 hits the camel-pqc component. Post-quantum key metadata deserialized via ObjectInputStream with zero ObjectInputFilter — unauthenticated RCE risk at CVSS 9.8. Check your Camel builds now. AppSec Apache https://t.co/iaMBNrOfI0 https://t.co/mkIJ19Sd5Y...

9.8CVSS6AI score0.00691EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 5 days ago7 views

PT-2026-55895

Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.18.0 through 4.18.2 Apache Camel versions 4.19.0 through 4.20.x Description Deserialization of untrusted data in the Apache Camel PQC component occurs when HashicorpVaultKeyLifecycleManager,...

8.8CVSS6.7AI score0.00485EPSS
Exploits0References5
OSV
OSV
added 5 days ago5 views

ALSA-2026:35891 Important: nodejs:24 security, bug fix, and enhancement update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input CVE-2026-42338 undici: undici: Denial of Service due to...

9.8CVSS6.5AI score0.02806EPSS
Exploits1References32
OSV
OSV
added 5 days ago5 views

ALSA-2026:35841 Important: nodejs24 security, bug fix, and enhancement update

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

9.8CVSS6.5AI score0.02806EPSS
Exploits1References32
Positive Technologies
Positive Technologies
added 5 days ago6 views

PT-2026-56013

Name of the Vulnerable Software and Affected Versions showdown affected versions not specified Description An issue exists in metadata title handling that allows the injection of arbitrary HTML and JavaScript. When the completeHTMLDocument option is enabled, unescaped less-than and greater-than...

6.1CVSS6.2AI score0.00187EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 5 days ago8 views

pnpm < 10.34.2 / 11.x < 11.5.3 Multiple Vulnerabilities

The version of pnpm installed on the remote host is prior to 10.34.2, or 11.x prior to 11.5.3. It is, therefore, affected by multiple vulnerabilities: - pnpm and pacquet expanded $ENVVAR placeholders from repository-controlled .npmrc and pnpm-workspace.yaml into registry request destinations and...

8.8CVSS6.3AI score0.00212EPSS
Exploits4References8
Snyk
Snyk
added 6 days ago7 views

Authorization Bypass Through User-Controlled Key

Overview langgraph is a Building stateful, multi-actor applications with LLMs Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key due to a key collision in the defaultcachekey and freeze functions of langgraph/internal/cache.py, where freeze reduce...

4.2CVSS6AI score0.0016EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:18 p.m.5 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure in the Notification API after access revocation. An attacker can obtain unauthorized access to private issue metadata by querying the API after their access has been revoked. Remediation Upgrade...

7.5CVSS5.9AI score0.00298EPSS
Exploits0References2
NVD
NVD
added 2026/07/03 9:17 p.m.8 views

CVE-2026-58419

Notification API leaks private issue metadata after access revocation...

7.5CVSS0.00298EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/03 8:54 p.m.5 views

CVE-2026-58419

Notification API leaks private issue metadata after access revocation...

5.9AI score0.00298EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/07/03 8:54 p.m.39 views

CVE-2026-58419 Notification API leaks private issue metadata after access revocation

Notification API leaks private issue metadata after access revocation...

0.00298EPSS
Exploits0References4
CVE
CVE
added 2026/07/03 8:54 p.m.18 views

CVE-2026-58419

CVE-2026-58419 affects the Go-Gitea project where the Notification API can leak private issue metadata after access revocation. The Snyk notes describe Information Exposure in multiple internal components of the Gitea web feed/routers, convert, and git modules, with affected code paths in the Not...

7.5CVSS5.9AI score0.00298EPSS
Exploits0References4
CVE
CVE
added 2026/07/03 3:16 p.m.19 views

CVE-2026-14613

Technical details are not publicly available in the provided documents. Monitor for updates from Red Hat/NVD for affected Keycloak FGAP v2 integration and any patched versions.

4.3CVSS6AI score0.00172EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/03 3:16 p.m.39 views

CVE-2026-14613 Keycloak-services: keycloak-services: keycloak: fgap v2 role groups endpoint discloses hidden group metadata without group view permission

A vulnerability was discovered in Keycloak's administrative interface that allows certain administrators to see information about groups they shouldn't have access to. When the new Fine-Grained Admin Permissions FGAP v2 are turned on, an administrator who is allowed to see a specific "role" can...

4.3CVSS0.00172EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/03 4:30 a.m.10 views

EUVD-2026-41489

The WP Import Export Lite plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to and including 3.9.30 via the wpieimportuploadfilefromurl AJAX action. The plugin's URL downloader first calls wpsaferemoteget which correctly blocks private/reserved IP ranges, but wh...

5.5CVSS5.9AI score0.00235EPSS
Exploits0References6
Rows per page
Query Builder