Lucene search
K

19539 matches found

Snyk
Snyk
added 2026/04/06 1:36 p.m.1 views

Arbitrary File Upload

Overview Affected versions of this package are vulnerable to Arbitrary File Upload. An attacker can introduce unauthorized files with arbitrary content by providing a specially crafted archive that bypasses pre-extraction inspection mechanisms. Workaround This vulnerability can be mitigated by...

5.5CVSS6AI score0.0043EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/06 10:16 a.m.4 views

Security Bulletin: There is a vulnerability in log4j-core-2.17.1.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-68161)

Summary There is a vulnerability in log4j-core-2.17.1.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2025-68161 DESCRIPTION: The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname...

6.3CVSS5.9AI score0.00743EPSS
Exploits1Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/06 12:0 a.m.6 views

PT-2026-30746

Name of the Vulnerable Software and Affected Versions AWS Research and Engineering Studio RES versions prior to 2026.03 Description An issue exists in the session creation component of AWS Research and Engineering Studio RES where unsanitized control of user-modifiable attributes could allow an...

8.8CVSS5.9AI score0.00841EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2026/04/03 11:20 p.m.5 views

CVE-2026-27447

A flaw was found in OpenPrinting CUPS. This authorization bypass vulnerability allows an unprivileged user to gain unauthorized access to restricted operations. This can be exploited by using a username that differs only in case from an authorized user during authorization checks. Mitigation...

6.4CVSS5.8AI score0.00317EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/04/03 10:6 p.m.12 views

CVE-2026-35388

A flaw was found in OpenSSH. This vulnerability allows for a low integrity impact due to the omission of connection multiplexing confirmation for proxy-mode multiplexing sessions. A local user, under specific and complex conditions requiring user interaction, could potentially establish a...

2.5CVSS5.8AI score0.0013EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/04/03 10:1 p.m.5 views

CVE-2026-35387

A flaw was found in OpenSSH. This vulnerability allows the system to use unintended Elliptic Curve Digital Signature Algorithm ECDSA algorithms. This occurs because the configuration for accepted public key algorithms is misinterpreted, leading to the use of weaker cryptographic methods than...

3.1CVSS5.8AI score0.00237EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/04/03 9:56 p.m.4 views

CVE-2026-35385

A flaw was found in OpenSSH. When the scp command is used by a root user to download a file with the legacy protocol option -O and without preserving original file permissions -p, the downloaded file can be installed with elevated privileges setuid or setgid. This unexpected behavior could allow ...

7.5CVSS5.8AI score0.00419EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/04/03 8:25 p.m.3 views

CVE-2026-34763

A flaw was found in Rack. A remote attacker could exploit a vulnerability in Rack::Directory's handling of root paths. When the configured root path contains special regular expression characters, the directory listing generation can fail to properly strip the path prefix. This can lead to the...

5.3CVSS5.8AI score0.0024EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/03 8:16 p.m.5 views

CVE-2026-34829

A flaw was found in Rack. An unauthenticated attacker can exploit this by sending a multipart/form-data request without a Content-Length header. This allows multipart parsing to continue without a total size limit, writing uploaded file parts directly to temporary files on disk. This unbounded di...

7.5CVSS5.8AI score0.00369EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/03 7:56 p.m.2 views

CVE-2026-34835

A flaw was found in Rack. A remote attacker could exploit this by sending a specially crafted Host header containing characters not permitted in standard hostnames. This malformed header bypasses hostname validation in applications using Rack::Request, leading to host header poisoning. This can...

6.5CVSS5.8AI score0.00192EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/04/03 5:42 p.m.5 views

CVE-2026-23456

A flaw was found in the Linux kernel's netfilter H.323 connection tracking module. A remote attacker could exploit this vulnerability by sending a specially crafted H.323/RAS H.323 Registration, Admission, and Status packet. The system's processing of these packets could lead to an out-of-bounds...

8.2CVSS5.9AI score0.00443EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/03 5:30 p.m.2 views

CVE-2026-23448

A flaw was found in the Linux kernel's cdcncm module. An incorrect bounds check in the cdcncmrxverifyndp16 function, responsible for validating Network Data Protocol NDP entries, allows Datagram Pointer Entries DPE to extend beyond the intended buffer. This can lead to an out-of-bounds read when...

5.5CVSS5.9AI score0.00129EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/03 4:2 a.m.1 views

Missing Encryption of Sensitive Data

Overview Affected versions of this package are vulnerable to Missing Encryption of Sensitive Data in the handling of inter-Node Pod traffic when dual-stack networking is configured with IPsec encryption enabled. An attacker can intercept and read sensitive IPv6 Pod traffic by monitoring network...

7.5CVSS5.9AI score0.00121EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/04/03 3:59 a.m.5 views

CVE-2026-35544

An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Insufficient Cascading Style Sheets CSS sanitization in HTML e-mail messages may lead to a fixed-position mitigation bypass via the use of !important...

5.3CVSS5.2AI score0.00366EPSS
Exploits0
Snyk
Snyk
added 2026/04/03 2:39 a.m.1 views

Hidden Functionality

Overview electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Hidden Functionality via the commandLineSwitches webPreference. An attacker can inject arbitrary command-line switches into...

8.7CVSS6AI score0.00295EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/02 11:25 p.m.4 views

CVE-2026-34742

A flaw was found in the Model Context Protocol MCP Go SDK. When an HTTP-based MCP server is run on localhost without authentication, a malicious website can exploit a DNS rebinding vulnerability. This allows the attacker to bypass same-origin policy restrictions and send requests to the local MCP...

8.1CVSS5.8AI score0.00455EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/04/02 9:32 p.m.6 views

CVE-2026-34446

A flaw was found in Open Neural Network Exchange ONNX, an open standard for machine learning interoperability. The onnx.load function, which is used to load machine learning models, does not correctly handle hardlinks. This vulnerability could allow an attacker to create a specially crafted ONNX...

5.5CVSS5.8AI score0.00176EPSS
Exploits0References5
OSV
OSV
added 2026/04/02 8:32 p.m.4 views

GHSA-7MQQ-6CF9-V2QP Rack has a root directory disclosure via unescaped regex interpolation in Rack::Directory

Summary Rack::Directory interpolates the configured root path directly into a regular expression when deriving the displayed directory path. If root contains regex metacharacters such as +, , or ., the prefix stripping can fail and the generated directory listing may expose the full filesystem pa...

5.3CVSS6AI score0.0024EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/04/02 6:44 p.m.4 views

Rack::Static prefix matching can expose unintended files under the static root

Summary Rack::Static determines whether a request should be served as a static file using a simple string prefix check. When configured with URL prefixes such as "/css", it matches any request path that begins with that string, including unrelated paths such as "/css-config.env" or...

7.5CVSS5.9AI score0.00387EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/04/02 6:44 p.m.3 views

GHSA-H2JQ-G4CQ-5PPQ Rack::Static prefix matching can expose unintended files under the static root

Summary Rack::Static determines whether a request should be served as a static file using a simple string prefix check. When configured with URL prefixes such as "/css", it matches any request path that begins with that string, including unrelated paths such as "/css-config.env" or...

7.5CVSS5.9AI score0.00387EPSS
Exploits0References4
Rows per page
Query Builder