Lucene search
K

19537 matches found

RedhatCVE
RedhatCVE
added 2026/04/08 4:37 p.m.6 views

CVE-2025-14243

A flaw was found in the OpenShift Mirror Registry. This vulnerability allows an unauthenticated, remote attacker to enumerate valid usernames and email addresses via different error messages during authentication failures and account creation. Mitigation Mitigation for this issue is either not...

5.3CVSS5.9AI score0.00287EPSS
Exploits0References3
Elastic
Elastic
added 2026/04/08 4:18 p.m.13 views

Kibana 8.19.14, 9.2.8, 9.3.3 Security Update (ESA-2026-24)

Incorrect Authorization in Kibana Fleet Leading to Information Disclosure Incorrect Authorization CWE-863 in Kibana can lead to information disclosure via Privilege Abuse CAPEC-122. A user with limited Fleet privileges can exploit an internal API endpoint to retrieve sensitive configuration data,...

7.7CVSS5.7AI score0.00282EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/04/08 9:20 a.m.5 views

CVE-2026-34079

A flaw was found in Flatpak, a Linux application sandboxing and distribution framework. The caching mechanism for ld.so dynamic linker/loader improperly removes outdated cache files without adequately verifying that the application-controlled path to the outdated cache is within the designated...

8.7CVSS6AI score0.00323EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/08 9:14 a.m.2 views

CVE-2026-34781

A flaw was found in Electron. An application that calls clipboard.readImage may be vulnerable to a denial of service DoS. If the system clipboard contains image data that fails to decode, the application can crash. This vulnerability does not lead to memory corruption or code execution. Mitigatio...

5CVSS5.9AI score0.00144EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/08 9:8 a.m.2 views

CVE-2026-34078

A flaw was found in Flatpak, a Linux application sandboxing and distribution framework. A malicious application could exploit this by using specially crafted symlinks within the sandbox-expose options of the Flatpak portal. This allows the application to access arbitrary host files and potentiall...

10CVSS6.3AI score0.0168EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/08 8:55 a.m.3 views

CVE-2026-35611

A flaw was found in Addressable. This vulnerability allows a remote attacker to cause a Denial of Service DoS by providing a maliciously crafted Uniform Resource Identifier URI to the URI template implementation. Specifically, certain URI templates using the explode modifier or multiple variables...

7.5CVSS5.9AI score0.0036EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/07 11:32 p.m.2 views

CVE-2026-33815

A flaw was found in github.com/jackc/pgx. This memory-safety vulnerability could potentially lead to unexpected behavior or system instability. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria...

9.8CVSS5.8AI score0.00605EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/07 11:1 p.m.5 views

CVE-2026-5707

Unsanitized input in an OS command in the virtual desktop session name handling in AWS Research and Engineering Studio RES version 2025.03 through 2025.12.01 might allow a remote authenticated actor to execute arbitrary commands as root on the virtual desktop host via a crafted session name. To...

8.8CVSS6.2AI score0.00994EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/04/07 9:52 p.m.4 views

CVE-2026-39365

A flaw was found in Vite. The development server's handling of .map requests contains a path traversal vulnerability. A remote attacker can exploit this by sending a specially crafted request with directory traversal sequences ../ to bypass security restrictions. This allows the attacker to...

6.3CVSS5.8AI score0.00914EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2026/04/07 9:38 p.m.5 views

firefox: thunderbird: Mitigation bypass in the Networking: HTTP component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the Networking: HTTP component...

9.8CVSS7.1AI score0.00459EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/04/07 8:49 p.m.2 views

CVE-2026-24660

A flaw was found in LibRaw. A remote attacker could exploit a heap-based buffer overflow vulnerability in the x3floadhuffman functionality by providing a specially crafted malicious file. This can lead to memory corruption, potentially allowing the attacker to execute arbitrary code or cause a...

9.8CVSS6.5AI score0.00564EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/04/07 8:49 p.m.2 views

CVE-2026-20889

A flaw was found in LibRaw, a library used for processing raw image files. This vulnerability, a heap-based buffer overflow, exists within the x3fthumbloader functionality. A remote attacker could exploit this by tricking a user into opening a specially crafted malicious file. Successful...

9.8CVSS6.3AI score0.00645EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/04/07 8:49 p.m.3 views

CVE-2026-21413

A flaw was found in LibRaw. A heap-based buffer overflow vulnerability exists in the losslessjpegloadraw functionality. A remote attacker can exploit this by providing a specially crafted malicious file. This can lead to arbitrary code execution, allowing the attacker to take control of the...

9.8CVSS6.4AI score0.00746EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/04/07 5:42 p.m.10 views

CVE-2026-4292

A flaw was found in Django. Admin changelist forms utilizing ModelAdmin.listeditable were susceptible to improper access control. A remote attacker could exploit this by sending forged POST data, leading to the unauthorized creation of new instances within the application. Mitigation Mitigation f...

5.3CVSS5.8AI score0.00294EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/04/07 5:1 p.m.3 views

CVE-2026-33817

Index out-of-range when encountering a branch page with zero elements in go.etcd.io/bbolt...

5.8AI score0.00012EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/07 3:52 p.m.3 views

Exposure of Resource to Wrong Sphere

Overview org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Exposure of Resource to Wrong Sphere via the window.open function. An attacker can gain access to or...

8.8CVSS5.9AI score0.003EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/07 2:13 p.m.5 views

CVE-2026-35029

A flaw was found in LiteLLM, an AI Gateway proxy server. An authenticated user can exploit a missing authorization check on the /config/update endpoint. This allows the user to modify proxy configurations and environment variables, leading to remote code execution by registering custom endpoint...

8.8CVSS6.5AI score0.26409EPSS
Exploits2References4
Microsoft Secure
Microsoft Secure
added 2026/04/07 2:0 p.m.19 views

SOHO router compromise leads to DNS hijacking and adversary-in-the-middle attacks

In this article 1. DNS hijacking attack chain: From compromised devices to AiTM and other follow-on activity 2. Mitigation and protection guidance 3. Microsoft Defender detection and hunting guidance Executive summary Forest Blizzard, a threat actor linked to the Russian military, has been...

5.8AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2026/04/07 2:0 p.m.4 views

SOHO router compromise leads to DNS hijacking and adversary-in-the-middle attacks

In this article 1. DNS hijacking attack chain: From compromised devices to AiTM and other follow-on activity 2. Mitigation and protection guidance 3. Microsoft Defender detection and hunting guidance Executive summary Forest Blizzard, a threat actor linked to the Russian military, has been...

5.8AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/07 11:2 a.m.3 views

Security Bulletin: SQL Injection Vulnerability in Apache Hive Metastore Server Thrift APIs, affects watsonx.data

Summary Apache Hive versions 4.1.0 before 4.2.0 are vulnerable to SQL injection in Hive Metastore Server when handling delete column statistics via Thrift APIs. Exploitation is limited to authorized users with API access. Upgrading to 4.2.0 or disabling direct SQL metastore.try.direct.sql=false...

5.4CVSS5.9AI score0.00343EPSS
Exploits0Affected Software1
Rows per page
Query Builder