Lucene search
K

19551 matches found

Vulnrichment
Vulnrichment
added 2026/05/19 11:1 a.m.13 views

CVE-2026-7860 Possible information disclosure of environment variables in Vaadin Build Plugins via Failed Frontend Build

A possible information disclosure vulnerability exists in the Vaadin Maven plugin and Vaadin Gradle plugin that exposes the full set of environment variables in build logs whenever the frontend build process exits with a non-zero status. Because the build environment may contain credentials...

5.8CVSS5.8AI score0.00117EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/19 10:52 a.m.10 views

CVE-2026-37982

A flaw was found in Keycloak. This authentication vulnerability allows a remote attacker to replay ExecuteActionsActionToken tokens within Keycloak's WebAuthn Web Authentication flow. By intercepting an execute-actions email link, an attacker can register their own authenticator to a victim's...

6.8CVSS5.8AI score0.0044EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/19 6:27 a.m.12 views

CVE-2026-8922

A flaw was found in Keycloak. When both realm-level and client-level notBefore revocation policies are configured, Keycloak's OpenID Connect OIDC Introspection feature fails to properly honor the realm-level policy. This allows tokens that should have been revoked to remain active, potentially...

5.4CVSS5.7AI score0.00281EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.15 views

PT-2026-41961

Name of the Vulnerable Software and Affected Versions fabric-chaincode-java versions 2.3.1 through 2.5.9 Description When chaincode is deployed in chaincode-as-a-service mode with TLS enabled, the chaincode server INFO level logging includes the TLS private key password in plaintext. An attacker...

5.5CVSS5.5AI score0.00106EPSS
Exploits0References5
Packet Storm News
Packet Storm News
added 2026/05/19 12:0 a.m.9 views

Loaded Dice: Solving the Non-Selection Problem for Scalable Probabilistic RowHammer Defense

DRAM scaling has exacerbated the RowHammer vulnerability. To counter this, JEDEC recently introduced Per Row Activation Counting PRAC with the Alert Back-Off protocol as an optional DDR5 feature. While promising, PRAC requires per-row counter cells that incur area overhead, and updating them on...

5.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/05/19 12:0 a.m.20 views

RHEL 9 : firefox (RHSA-2026:19201)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:19201 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...

9.8CVSS6AI score0.04938EPSS
Exploits1References52
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.10 views

PT-2026-41916

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 151 Firefox ESR versions prior to 140.11 Thunderbird versions prior to 151 Thunderbird versions prior to 140.11 Description A mitigation bypass exists within the DOM security component. Recommendations Update to versi...

9.6CVSS5.8AI score0.0056EPSS
Exploits0References193
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.9 views

PT-2026-41923

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 151 Thunderbird versions prior to 151 Description A mitigation bypass exists within the DOM security component...

9.8CVSS5.8AI score0.00605EPSS
Exploits0References39
Snyk
Snyk
added 2026/05/18 9:0 p.m.11 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

9.8CVSS5.9AI score
Exploits0References3
Snyk
Snyk
added 2026/05/18 9:0 p.m.8 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

9.8CVSS5.9AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/18 3:4 p.m.14 views

CVE-2026-40020

A flaw was found in dovecot. A remote attacker can exploit the Internet Message Access Protocol IMAP SETACL command to inject "anyone" permissions into a user's dovecot-acl file, even when the imapaclallowanyone setting is disabled. This vulnerability allows an attacker to spam folders to all...

6.5CVSS5.7AI score0.00271EPSS
Exploits0References4
OSV
OSV
added 2026/05/18 7:47 a.m.3 views

SUSE-SU-2026:1944-1 Security update for postgresql18

This update for postgresql18 fixes the following issues Update to version 18.4. Security issues: - CVE-2026-6472: ensure the user has CREATE privilege on the schema specified bsc1265172. - CVE-2026-6473: integer overflows in memory-allocation calculations bsc1265173. - CVE-2026-6474: Guard agains...

8.8CVSS6.1AI score0.00668EPSS
Exploits0References24
GithubExploit
GithubExploit
added 2026/05/18 3:9 a.m.71 views

Exploit for Improper Handling of Exceptional Conditions in Apache Struts

apache-struts-cve-2017-56...

10CVSS5.8AI score0.99999EPSS
Exploits44
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.13 views

PT-2026-41691

Name of the Vulnerable Software and Affected Versions mcp-security versions prior to 0.1.9 Description The mcp-security framework fails to implement mandatory Server-Side Request Forgery SSRF mitigations—a flaw where an attacker can induce the server to make requests to an unintended location—as...

7.2CVSS5.8AI score0.00198EPSS
Exploits0References8
GithubExploit
GithubExploit
added 2026/05/17 8:23 p.m.76 views

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

CVE-2026-31431 Copy Fail — Análisis y desarrollo en Ensambla...

7.8CVSS7.2AI score0.96267EPSS
Exploits228
GithubExploit
GithubExploit
added 2026/05/17 8:11 p.m.74 views

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

CVE-2026-31431 Copy Fail — Análisis y desarrollo en Ensambla...

7.8CVSS7.2AI score0.96267EPSS
Exploits228
GithubExploit
GithubExploit
added 2026/05/17 7:41 a.m.69 views

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 Security Lab "React2Shell" This repository c...

10CVSS6.1AI score0.99562EPSS
Exploits372
RedhatCVE
RedhatCVE
added 2026/05/15 7:58 p.m.12 views

CVE-2026-24118

A flaw was found in vm2, an open-source sandbox for Node.js. This sandbox breakout vulnerability allows attackers to write malicious code that can escape the vm2 sandbox. Successful exploitation enables the execution of arbitrary commands on the host system, leading to critical system compromise...

9.8CVSS6.2AI score0.00917EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2026/05/15 6:49 p.m.10 views

CVE-2026-23479

A flaw was found in Redis. The unblock client flow does not handle an error return from the processCommandAndResetClient when re-executing a blocked command. If a blocked client is evicted during this flow, an authenticated attacker can cause a use-after-free issue. This potentially leads to...

8.8CVSS5.9AI score0.01286EPSS
Exploits4References5
RedHat Linux
RedHat Linux
added 2026/05/15 5:23 p.m.21 views

kernel: "Dirty Frag" ESP XFRM variant is a new universal Local Privilege Escalation (LPE) vulnerability in the Linux kernel

A flaw was found in the Linux kernel's xfrm-ESP and RxRPC subsystems. Unsafe in-place cryptographic processing of shared socket buffer fragments allows a low-privileged local attacker to corrupt page-cache contents of readable files, including sensitive system files, and gain root privileges. The...

8.8CVSS6.1AI score0.93235EPSS
Exploits31References6
Rows per page
Query Builder