Lucene search
+L

878 matches found

RedHat Linux
RedHat Linux
added 2026/03/11 10:47 a.m.15 views

com.mchange/mchange-commons-java: mchange-commons-java: Arbitrary code execution via JNDI dereferencing of crafted objects

A flaw was found in mchange-commons-java, a Java utility library. An attacker can exploit this vulnerability by providing a maliciously crafted javax.naming.Reference or serialized object to an application using the library. This can provoke the application to download and execute arbitrary...

9.8CVSS6.6AI score0.00812EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2026/03/11 12:0 a.m.3 views

openSUSE 15 Security Update : c3p0 and mchange-commons (SUSE-SU-2026:0855-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0855-1 advisory. c3p0: - Security issues fixed: - CVE-2026-27830: Fixed unsafe object deserialization bsc1258942 - Fix the null pointer exception in the...

9.8CVSS6AI score0.00812EPSS
Exploits1References8
EUVD
EUVD
added 2026/03/10 6:31 p.m.5 views

EUVD-2026-10647

Improper restriction of names for files and other resources in Active Directory Domain Services allows an authorized attacker to elevate privileges over a network...

8.8CVSS5.8AI score0.01241EPSS
Exploits1References2
OSV
OSV
added 2026/03/10 6:28 p.m.5 views

GO-2026-4638 WeKnora Vulnerable to Tool Execution Hijacking via Ambigous Naming Convention In MCP client and Indirect Prompt Injection in github.com/Tencent/WeKnora

WeKnora Vulnerable to Tool Execution Hijacking via Ambigous Naming Convention In MCP client and Indirect Prompt Injection in github.com/Tencent/WeKnora...

7.6CVSS5.8AI score0.00255EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/03/10 5:4 p.m.5 views

CVE-2026-24283 Multiple UNC Provider Kernel Driver Elevation of Privilege Vulnerability

...

8.8CVSS5.8AI score0.00383EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/10 5:4 p.m.31 views

CVE-2026-24283 Multiple UNC Provider Kernel Driver Elevation of Privilege Vulnerability

...

8.8CVSS0.00383EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/03/10 12:0 a.m.3 views

Vertex AI Experiments Bucket Squatting Defensive Scanner

The Vertex AI Bucket Squatting Defensive Scanner is a security assessment tool designed to detect potential Google Cloud Storage bucket hijacking risks related to predictable naming patterns in Vertex AI experiment workflows. Instead of exploiting the vulnerability, this defensive version perform...

5.8AI score
Exploits0
Packet Storm
Packet Storm
added 2026/03/10 12:0 a.m.158 views

📄 Vertex AI Experiments 1.132.x Predictable Bucket Naming

A vulnerability identified as CVE-2026-2473 affected Google Cloud Vertex AI, specifically the Vertex AI Experiments component, in versions 1.21.0 through 1.132.x fixed in 1.133.0 and later. The issue stemmed from predictable Cloud Storage bucket naming patterns, enabling a class of attack known a...

7.7CVSS5.8AI score0.00438EPSS
Exploits1
Cvelist
Cvelist
added 2026/03/07 4:32 p.m.32 views

CVE-2026-30856 WeKnora: Tool Execution Hijacking via Ambigous Naming Convention In MCP client and Indirect Prompt Injection

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.0, a vulnerability involving tool name collision and indirect prompt injection allows a malicious remote MCP server to hijack tool execution. By exploiting an ambiguous naming...

5.9CVSS0.00255EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/07 4:32 p.m.4 views

CVE-2026-30856 WeKnora: Tool Execution Hijacking via Ambigous Naming Convention In MCP client and Indirect Prompt Injection

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.0, a vulnerability involving tool name collision and indirect prompt injection allows a malicious remote MCP server to hijack tool execution. By exploiting an ambiguous naming...

5.9CVSS5.9AI score0.00255EPSS
Exploits1References1
OSV
OSV
added 2026/03/07 4:32 p.m.4 views

CVE-2026-30856 WeKnora: Tool Execution Hijacking via Ambigous Naming Convention In MCP client and Indirect Prompt Injection

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.0, a vulnerability involving tool name collision and indirect prompt injection allows a malicious remote MCP server to hijack tool execution. By exploiting an ambiguous naming...

5.9CVSS7.4AI score0.00255EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.9 views

WordPress,WordPress plugin 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.1CVSS5.8AI score0.00415EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.7 views

WordPress plugin The Qlean 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.1CVSS5.8AI score0.00415EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.9 views

WordPress plugin Alchemists 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

8.1CVSS5.8AI score0.00403EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.7 views

WordPress plugin Vixus 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

8.1CVSS5.8AI score0.00415EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.8 views

WordPress plugin Equadio 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

8.1CVSS5.8AI score0.00403EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.8 views

WordPress plugin Marra 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...

8.1CVSS5.8AI score0.00504EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/26 6:55 p.m.10 views

CVE-2026-27830

A flaw was found in c3p0, a Java Database Connectivity JDBC Connection pooling library. This vulnerability allows an attacker to achieve arbitrary code execution by providing maliciously crafted Java-serialized objects or javax.naming.Reference instances. By manipulating the userOverridesAsString...

8.9CVSS6.5AI score0.00534EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/02/26 4:15 a.m.8 views

CVE-2026-27615

ADB Explorer is a fluent UI for ADB on Windows. In versions prior to Beta 0.9.26022, ADB-Explorer allows the ManualAdbPath settings variable, which determines the path of the ADB binary to be executed, to be set to a Universal Naming Convention UNC path in the application's settings file. This...

8.8CVSS5.8AI score0.00207EPSS
Exploits1References1
NVD
NVD
added 2026/02/26 1:16 a.m.16 views

CVE-2026-27830

c3p0, a JDBC Connection pooling library, is vulnerable to attack via maliciously crafted Java-serialized objects and javax.naming.Reference instances. Several c3p0 ConnectionPoolDataSource implementations have a property called userOverridesAsString which conceptually represents a Map. Prior to...

8.9CVSS0.00534EPSS
Exploits0References14
Rows per page
Query Builder