Lucene search
K

19535 matches found

Cloud Foundry
Cloud Foundry
added 2026/04/20 12:0 a.m.6 views

CVE-2026-22726 - Route Services Firewall Bypass | Cloud Foundry

Severity MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L/E:P/RL:O/RC:C/MAV:N/MAC:L/MPR:L/MUI:R/MS:C/MC:H Vendor CloudFoundry Foundation Versions Affected Routing release: v0.118.0 to v​​0.371.0 CF Deployment: v0.0.2 to v54.14.0 Description Route Services can be leveraged to send app traffic t...

5CVSS5.4AI score0.00199EPSS
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/19 12:0 a.m.4 views

A Novel Quantum Augmented Framework to Improve Microgrid Cybersecurity

Small modular nuclear reactors SMRs are redefining the energy generation landscape by enabling the deployment of modular, scalable, and pre-built power units that can be used to build distributed autonomous microgrids for critical infrastructure and burgeoning AI factories. Often, these microgrid...

5.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/04/17 10:37 p.m.4 views

CVE-2026-5807

A flaw was found in Vault. An unauthenticated attacker can repeatedly initiate or cancel root token generation or rekey operations. This action occupies the single slot designated for in-progress operations, effectively preventing legitimate operators from completing critical administrative...

7.5CVSS5.5AI score0.00718EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/17 12:0 a.m.3 views

FreeBSD : python -- more webbrowser.open() command injection vulnerabilities (cf75f572-378a-11f1-a119-e36228bfe7d4)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the cf75f572-378a-11f1-a119-e36228bfe7d4 advisory. Seth Larson reports: CVE-2026-4786 Incomplete mitigation of CVE-2026-4519, %action expansion for comman...

7.1CVSS5.8AI score0.00308EPSS
Exploits0References6
Amd
Amd
added 2026/04/17 12:0 a.m.10 views

Floating Point Value Injection (FPVI) Variant in AMD CPUs

Summary Researchers shared with AMD a report titled “TREVEX: A Black-Box Detection Framework For Data-Flow Transient Execution Vulnerabilities.” The researchers' paper introduced a Floating-Point Value Injection FPVI variant, which could allow an attacker with a deep understanding of...

5.5CVSS6.1AI score0.00607EPSS
Exploits1
OSV
OSV
added 2026/04/16 11:50 p.m.11 views

BIT-PYTHON-MIN-2026-4786 Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()

Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open" API could have commands injected into the underlying shell. See CVE-2026-4519 for details...

7.1CVSS5.8AI score0.0029EPSS
Exploits0References9
OSV
OSV
added 2026/04/16 11:50 p.m.4 views

BIT-PYTHON-2026-4786 Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()

Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open" API could have commands injected into the underlying shell. See CVE-2026-4519 for details...

7.1CVSS5.8AI score0.0029EPSS
Exploits0References9
OSV
OSV
added 2026/04/16 11:43 p.m.5 views

BIT-LIBPYTHON-2026-4786 Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()

Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open" API could have commands injected into the underlying shell. See CVE-2026-4519 for details...

7.1CVSS5.8AI score0.0029EPSS
Exploits0References9
Snyk
Snyk
added 2026/04/16 10:36 p.m.7 views

Server-side Request Forgery (SSRF)

Overview @angular/platform-server is an Angular - library for using Angular in Node.js Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the URL parsing during Server-Side Rendering SSR. An attacker can cause the server to make arbitrary HTTP requests to...

8.7CVSS6AI score0.00256EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/16 8:55 p.m.6 views

CVE-2026-39350

A flaw was found in Istio, an open platform designed to connect, manage, and secure microservices. The serviceAccounts and notServiceAccounts fields within Istio's AuthorizationPolicy incorrectly interpret dots . as a regular expression matcher. This vulnerability allows an attacker to craft...

5.4CVSS5.7AI score0.00209EPSS
Exploits0References4
OSV
OSV
added 2026/04/16 8:45 p.m.5 views

GHSA-F8HV-G549-HWG2 Weblate: SSRF via the webhook add-on using unprotected fetch_url()

Impact The webhook add-on did not utilize existing SSRF protection. Patches https://github.com/WeblateOrg/weblate/pull/18815 Workarounds Disabling the add-on would avoid misusing this. References Thanks to @Lihfdgjr for reporting this via GitHub...

4.1CVSS5.8AI score0.00275EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/04/16 7:28 p.m.5 views

CVE-2026-27820

A flaw was found in zlib, a Ruby interface for the zlib compression/decompression library. The Zlib::GzipReader component contains a buffer overflow vulnerability. This occurs because the zstreambufferungets function does not ensure sufficient memory capacity before moving existing data, which ca...

9.8CVSS5.9AI score0.00561EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/04/16 6:40 p.m.6 views

CVE-2026-40192

A flaw was found in Pillow, a Python imaging library. This vulnerability allows a remote attacker to trigger a denial of service DoS by providing a specially crafted FITS image file. The library's failure to limit the amount of GZIP-compressed data during decoding can lead to unbounded memory...

8.7CVSS5.7AI score0.00671EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/04/16 4:32 p.m.5 views

CVE-2026-40091

A flaw was found in SpiceDB. When SpiceDB starts with log level info, the startup configuration log will expose the full datastore Data Source Name DSN, including the plaintext password. This vulnerability allows an attacker with access to these logs to obtain sensitive database credentials,...

6CVSS5.8AI score0.00166EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/04/16 2:8 p.m.3 views

CVE-2026-39984

A flaw was found in timestamp-authority, specifically in the timestamp-authority/v2/pkg/verification package. An attacker can exploit this issue by prepending a forged certificate to the certificate bag while the message is signed with an authorized key. This causes the library to validate the...

5.5CVSS5.7AI score0.00099EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/04/16 10:20 a.m.6 views

firefox: thunderbird: Mitigation bypass in the Networking: HTTP component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the Networking: HTTP component...

9.8CVSS5.8AI score0.00459EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/04/16 1:22 a.m.3 views

CVE-2026-6264

A critical vulnerability in the Talend JobServer and Talend Runtime allows unauthenticated remote code execution via the JMX monitoring port. The attack vector is the JMX monitoring port of the Talend JobServer. The vulnerability can be mitigated for the Talend JobServer by requiring TLS client...

9.8CVSS6.4AI score0.00739EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/04/15 7:21 p.m.10 views

OAuth2 Proxy has an Authentication Bypass via X-Forwarded-Uri Header Spoofing

Impact A configuration-dependent authentication bypass exists in OAuth2 Proxy. Deployments are affected when all of the following are true: OAuth2 Proxy is configured with --reverse-proxy and at least one rule is defined with --skipauthroutes or the legacy --skip-auth-regex OAuth2 Proxy may trust...

9.1CVSS5.9AI score0.00477EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/15 6:58 p.m.6 views

CVE-2026-40917

A flaw was found in GIMP. This vulnerability, a heap buffer over-read in the icnsslurp function, occurs when processing specially crafted ICNS image files. An attacker could provide a malicious ICNS file, potentially leading to application crashes or information disclosure on systems that process...

7.1CVSS5.8AI score0.00167EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/04/15 6:31 p.m.5 views

CVE-2026-6245

A flaw was found in the System Security Services Daemon SSSD. The pampasskeychildreaddata function within the PAM passkey responder fails to properly handle raw bytes received from a pipe. Because the data is treated as a NUL-terminated C string without explicit termination, it results in an...

5.5CVSS5.7AI score0.00141EPSS
Exploits0References3
Rows per page
Query Builder