Lucene search
K

19537 matches found

RedhatCVE
RedhatCVE
added 2026/04/15 6:31 p.m.5 views

CVE-2026-6245

A flaw was found in the System Security Services Daemon SSSD. The pampasskeychildreaddata function within the PAM passkey responder fails to properly handle raw bytes received from a pipe. Because the data is treated as a NUL-terminated C string without explicit termination, it results in an...

5.5CVSS5.7AI score0.00141EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/15 6:24 p.m.6 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the query plugin. An attacker can gain unauthorized access to resources belonging to other organizations by executing VQL queries with their current ACL token, thereby inheriting their permissions across...

9.1CVSS5.7AI score0.00224EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/15 6:22 p.m.5 views

CVE-2026-6383

A flaw was found in KubeVirt's Role-Based Access Control RBAC evaluation logic. The authorization mechanism improperly truncates subresource names, leading to incorrect permission evaluations. This allows authenticated users with specific custom roles to gain unauthorized access to subresources,...

5.4CVSS5.6AI score0.0015EPSS
Exploits0References3
CVE
CVE
added 2026/04/15 5:51 p.m.8 views

CVE-2026-33214

Weblate CVE-2026-33214 affects Weblate versions before 5.17 where the translation memory API exposed unintended endpoints and did not enforce proper access control. The underlying issue is improper access control in the memory API, potentially allowing unauthorized access to memory-related functi...

4.3CVSS5.7AI score0.00236EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/15 4:20 p.m.4 views

CVE-2026-2332

A flaw was found in Eclipse Jetty. The HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used. An attacker can inject crafted requests to manipulate and trick the parser. This issue can lead to security controls bypass, cache poisoning or unauthorized endpoint access...

9.1CVSS5.7AI score0.01127EPSS
Exploits1References5
EUVD
EUVD
added 2026/04/15 3:31 p.m.4 views

EUVD-2026-22947

HP System Optimizer might potentially be vulnerable to escalation of privilege. HP is releasing an update to mitigate this potential vulnerability...

7.3CVSS5.8AI score0.00105EPSS
Exploits0References2
NVD
NVD
added 2026/04/15 3:16 p.m.3 views

CVE-2026-4667

HP System Optimizer might potentially be vulnerable to escalation of privilege. HP is releasing an update to mitigate this potential vulnerability...

7.3CVSS0.00105EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/04/15 2:7 p.m.7 views

firefox: thunderbird: Mitigation bypass in the Networking: HTTP component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the Networking: HTTP component...

9.8CVSS5.8AI score0.00459EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/04/15 10:54 a.m.4 views

firefox: thunderbird: Mitigation bypass in the Networking: HTTP component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the Networking: HTTP component...

9.8CVSS7.2AI score0.00459EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/04/15 10:48 a.m.5 views

firefox: thunderbird: Mitigation bypass in the Networking: HTTP component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the Networking: HTTP component...

9.8CVSS7.2AI score0.00459EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/04/15 10:46 a.m.5 views

firefox: thunderbird: Mitigation bypass in the Networking: HTTP component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the Networking: HTTP component...

9.8CVSS7.2AI score0.00459EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/04/15 10:42 a.m.5 views

firefox: thunderbird: Mitigation bypass in the Networking: HTTP component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the Networking: HTTP component...

9.8CVSS7.2AI score0.00459EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/04/15 10:42 a.m.7 views

firefox: thunderbird: Mitigation bypass in the Networking: HTTP component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the Networking: HTTP component...

9.8CVSS7.2AI score0.00459EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/04/15 10:31 a.m.8 views

firefox: thunderbird: Mitigation bypass in the Networking: HTTP component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the Networking: HTTP component...

9.8CVSS7.2AI score0.00459EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/04/15 5:55 a.m.3 views

CVE-2026-33018

A flaw was found in libsixel, a SIXEL encoder/decoder implementation. This Use-After-Free vulnerability occurs when processing specially crafted animated Graphics Interchange Format GIF files. A remote attacker could exploit this by providing a malicious multi-frame GIF, causing the application t...

7CVSS6AI score0.00191EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/04/15 12:0 a.m.6 views

PT-2026-34215

Name of the Vulnerable Software and Affected Versions OAuth2 Proxy versions 7.5.0 through 7.15.1 Description A configuration-dependent authentication bypass exists when the software is deployed using skip auth routes or the legacy skip auth regex with patterns that can be widened by...

8.2CVSS5.8AI score0.00275EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/04/15 12:0 a.m.5 views

PT-2026-33074

CVE-2026-4667 HP System Optimizer might potentially be vulnerable to escalation of privilege. HP is releasing an update to mitigate this potential vulnerability. https://t.co/9Kio2KYPAa...

7.3CVSS5.8AI score0.00105EPSS
Exploits0References3
NOZOMI
NOZOMI
added 2026/04/15 12:0 a.m.8 views

Incorrect authorization for Threat Intelligence in Guardian/CMC before 26.0.0

Summary An access control vulnerability was discovered in the Threat Intelligence functionality due to a specific access restriction not being properly enforced for users with view-only privileges. Impact An authenticated user with view-only privileges for the Threat Intelligence functionality ca...

8.1CVSS5.8AI score0.00325EPSS
Exploits0Affected Software2
SUSE CVE
SUSE CVE
added 2026/04/14 11:30 p.m.13 views

SUSE CVE-2026-4786

Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open" API could have commands injected into the underlying shell. See CVE-2026-4519 for details...

7.1CVSS5.8AI score0.0029EPSS
Exploits0References28
NVD
NVD
added 2026/04/14 11:16 p.m.4 views

CVE-2026-35031

Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain a vulnerability chain in the subtitle upload endpoint POST /Videos/itemId/Subtitles, where the Format field is not validated, allowing path traversal via the file extension and enabling arbitrary file write. Th...

9.9CVSS0.00753EPSS
Exploits1References2
Rows per page
Query Builder