Lucene search
K

7109 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.1 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: hwmon: nct6775 Fixed the crash in clearcaseopen Paweł Marciniak reported the following crash, which occurred when clearing the chassis intrusion alarm. BUG: NULL pointer dereferencing in the kernel, address: 0000000000000028 PGD ...

5.5CVSS5.8AI score0.00223EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: hwmon: ftsteutates Fixed the TOCTOU race condition in ftsread In the ftsread function, when handling hwmonpwmautochannelstemp, the code accesses the shared variable data-fansourcechannel twice without holding any locks. This chec...

4.7CVSS6.2AI score0.00101EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: Avoid use-after-free in dbg for hciaddadvmonitor KSAN reports a use-after-free in hciaddadvmonitor. When adding an adv monitor, hciaddadvmonitor calls msftaddmonitorpattern, which in turn calls...

5.4AI score0.00206EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/19 12:31 a.m.8 views

EUVD-2026-37962

PraisonAI before 1.5.115 contains a path traversal vulnerability in MultiAgentMonitor that fails to sanitize agent IDs when building file paths. Attackers can include traversal sequences like ../ in agent IDs to read, write, or overwrite arbitrary files, enabling sensitive disclosure, denial of...

8.8CVSS5.6AI score0.00687EPSS
Exploits0References4
CVE
CVE
added 2026/06/18 11:47 p.m.49 views

CVE-2026-50034

The CVE-2026-50034 entry concerns Apollo Pharmacy’s APG-01 BT Blood Glucose Monitoring System. Affected component: the device’s BLE wireless channel, where the root cause is cleartext transmission of sensitive health data. An attacker inside BLE range can passively eavesdrop traffic, potentially ...

7.1CVSS5.2AI score0.00145EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/18 11:45 p.m.32 views

CVE-2026-52866 Apollo Pharmacy Blood Glucose Monitoring System APG-01 BT Missing Authorization

An attacker within BLE communication range can monopolize the device's only available BLE connection slot, preventing legitimate users or applications from establishing a connection...

7.1CVSS0.00222EPSS
Exploits0References4
CVE
CVE
added 2026/06/18 11:45 p.m.44 views

CVE-2026-52866

The CVE-2026-52866 entry concerns the Apollo Pharmacy Blood Glucose Monitoring System APG-01 with BT lacking authorization in BLE. The connected docs provide concrete details: an attacker in BLE range can monopolize the device’s only available BLE connection slot, blocking legitimate users/applic...

7.1CVSS5.2AI score0.00222EPSS
Exploits0References4
CVE
CVE
added 2026/06/18 10:12 p.m.21 views

CVE-2026-56078

CVE-2026-56078 affects PraisonAI prior to 1.5.115, specifically a path traversal vulnerability in the MultiAgentMonitor component. The issue arises because agent IDs are not properly sanitized when building file paths, allowing an attacker to inject traversal sequences (e.g., ../) to access arbit...

8.8CVSS5.6AI score0.00687EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/18 12:0 a.m.8 views

Siemens RUGGEDCOM RST2428P Expired Pointer Dereference (CVE-2025-40280)

In the Linux kernel, the following vulnerability has been resolved: tipc: Fix use-after-free in tipcmonreinitself. syzbot reported use-after-free of tipcnetnet-monitors in tipcmonreinitself. 0 The array is protected by RTNL, but tipcmonreinitself iterates over it without RTNL. tipcmonreinitself i...

5.9AI score0.00199EPSS
Exploits0References3
NVD
NVD
added 2026/06/17 10:40 a.m.10 views

CVE-2026-35279

Vulnerability in the PeopleSoft Enterprise PT PeopleTools product of Oracle PeopleSoft component: Performance Monitor. Supported versions that are affected are 8.61 and 8.62. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft...

8.1CVSS0.00392EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 10:40 a.m.14 views

CVE-2026-35278

Vulnerability in the PeopleSoft Enterprise PT PeopleTools product of Oracle PeopleSoft component: Performance Monitor. Supported versions that are affected are 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft...

9.8CVSS0.00576EPSS
Exploits0References1
OSV
OSV
added 2026/06/16 8:13 p.m.11 views

GHSA-365W-HQF6-VXFG Crawl4AI: Multiple Docker API Vulnerabilities - File Write, SSRF, Auth Bypass, XSS, JS Execution

Summary Multiple security vulnerabilities in the Crawl4AI Docker API server affecting endpoints for crawling, markdown/LLM extraction, screenshots, PDFs, webhooks, monitoring, JavaScript execution, and configuration. Vulnerabilities 1. Arbitrary File Write via /screenshot and /pdf CWE-22, CVSS 9....

9.8CVSS5.8AI score0.00417EPSS
Exploits0References4
Snyk
Snyk
added 2026/06/16 8:13 p.m.3 views

Use of Hard-coded Credentials

Overview Crawl4AI is a 🚀🤖 Crawl4AI: Open-source LLM Friendly Web Crawler & scraper Affected versions of this package are vulnerable to Use of Hard-coded Credentials via the outputpath parameter, which allows arbitrary filesystem paths without validation. An attacker can overwrite or create files ...

9.8CVSS6.1AI score0.00417EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/06/16 8:13 p.m.26 views

Crawl4AI: Multiple Docker API Vulnerabilities - File Write, SSRF, Auth Bypass, XSS, JS Execution

Summary Multiple security vulnerabilities in the Crawl4AI Docker API server affecting endpoints for crawling, markdown/LLM extraction, screenshots, PDFs, webhooks, monitoring, JavaScript execution, and configuration. Vulnerabilities 1. Arbitrary File Write via /screenshot and /pdf CWE-22, CVSS 9....

9.2CVSS5.8AI score0.00291EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 5:34 p.m.8 views

Langflow: IDOR/BOLA in Monitor API — Missing Ownership Enforcement on 7 Endpoints

Summary Langflow's /api/v1/monitor router exposes 7 endpoints that perform read, write, and delete operations on user-owned resources — messages, sessions, build artifacts, and LLM transaction logs — without verifying that the authenticated requester owns the targeted resource. Any authenticated...

8.8CVSS5.7AI score0.00291EPSS
Exploits1References2Affected Software1
Snyk
Snyk
added 2026/06/16 5:34 p.m.6 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the monitor API endpoints, which lack proper ownership enforcement. An attacker can read, modify, rename, or permanently delete another user's messages, sessions, build artifacts, and...

8.8CVSS5.9AI score0.00291EPSS
Exploits1References2
OSV
OSV
added 2026/06/16 5:34 p.m.6 views

GHSA-9C59-2MVC-VFR8 Langflow: IDOR/BOLA in Monitor API — Missing Ownership Enforcement on 7 Endpoints

Summary Langflow's /api/v1/monitor router exposes 7 endpoints that perform read, write, and delete operations on user-owned resources — messages, sessions, build artifacts, and LLM transaction logs — without verifying that the authenticated requester owns the targeted resource. Any authenticated...

8.8CVSS5.7AI score0.00291EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.11 views

PT-2026-49852

Name of the Vulnerable Software and Affected Versions PeopleSoft Enterprise PT PeopleTools version 8.61 PeopleSoft Enterprise PT PeopleTools version 8.62 Description An issue exists in the Performance Monitor component of Oracle PeopleSoft. This flaw allows an unauthenticated attacker with networ...

9.8CVSS5.8AI score0.00576EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.11 views

PT-2026-51506

Name of the Vulnerable Software and Affected Versions Crawl4AI versions prior to 0.8.7 Description A stored cross-site scripting issue exists in the monitor dashboard. The application renders crawl URLs and error messages using innerHTML without proper escaping. This allows an attacker to submit ...

9.3CVSS5.6AI score0.00195EPSS
Exploits0References17
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.7 views

PT-2026-51773

Name of the Vulnerable Software and Affected Versions Crawl4AI versions prior to 0.8.7 Description Multiple security issues affect the Crawl4AI Docker API server across several functional areas: - An authentication bypass in the monitor router allows unauthenticated access to destructive...

9.2CVSS6.1AI score0.00417EPSS
Exploits0References16
Rows per page
Query Builder