Lucene search
K

24 matches found

EUVD
EUVD
added 2026/05/20 4:6 p.m.10 views

EUVD-2026-31136

A vulnerability in the BrowserBot component of Cisco ThousandEyes Enterprise Agent could have allowed an authenticated, remote attacker to execute arbitrary commands on Agents on behalf of the BrowserBot synthetics orchestration process. Cisco has addressed this vulnerability in the Cisco...

6.3CVSS6.1AI score0.00416EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/23 8:35 a.m.6 views

CVE-2026-3259 Sensitive Data Disclosure in BigQuery via Materialized View Error Messages

A Generation of Error Message Containing Sensitive Information vulnerability in the Materialized View Refresh mechanism in Google BigQuery on Google Cloud Platform allows an authenticated user to potentially disclose sensitive data using a crafted materialized view that triggers a runtime error...

7.1CVSS5.2AI score0.00226EPSS
Exploits0References1
F5 Networks
F5 Networks
added 2026/04/17 3:1 p.m.8 views

K000160873: Linux kernel vulnerability CVE-2026-23317

Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Return the correct value in vmwtranslateptr functions Before the referenced fixes these functions used a lookup function that returned a pointer. This was changed to another lookup functi...

7.8CVSS5.6AI score0.00129EPSS
Exploits0
Cisco
Cisco
added 2026/03/04 4:0 p.m.10 views

Cisco Webex Services Cross-Site Scripting Vulnerability

A vulnerability in Cisco Webex could have allowed an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack. Cisco has addressed this vulnerability, and no customer action is needed. This vulnerability was due to improper filtering of user-supplied input. Prior to this...

6.1CVSS5.8AI score0.00235EPSS
Exploits0References1
NVD
NVD
added 2026/02/26 3:17 p.m.8 views

CVE-2026-2244

A vulnerability in Google Cloud Vertex AI Workbench from 7/21/2025 to 01/30/2026 allows an attacker to exfiltrate valid Google Cloud access tokens of other users via abuse of a built-in startup script. All instances after January 30th, 2026 have been patched to protect from this vulnerability. No...

8.4CVSS0.00247EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/26 2:14 p.m.5 views

CVE-2026-2244

A vulnerability in Google Cloud Vertex AI Workbench from 7/21/2025 to 01/30/2026 allows an attacker to exfiltrate valid Google Cloud access tokens of other users via abuse of a built-in startup script. All instances after January 30th, 2026 have been patched to protect from this vulnerability. No...

8.4CVSS5.5AI score0.00247EPSS
Exploits0References2
CVE
CVE
added 2026/02/06 9:44 p.m.14 views

CVE-2026-1727

The CVE-2026-1727 entry describes an information disclosure in the Agentspace service arising from the use of predictable Google Cloud Storage bucket names for error logs and temporary data staging during GCS imports and Cloud SQL interactions. This predictability enabled bucket squatting, where ...

9.1CVSS5.5AI score0.00253EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/06 9:44 p.m.5 views

CVE-2026-1727

The Agentspace service was affected by a vulnerability that exposed sensitive information due to the use of predictable Google Cloud Storage bucket names. These names were utilized for error logs and temporary staging during data imports from GCS and Cloud SQL. This predictability allowed an...

9.1CVSS5.5AI score0.00253EPSS
Exploits0References2
CERT
CERT
added 2026/01/09 12:0 a.m.10 views

BeeS Software Solutions BeeS Examination Tool (BET) portal contains SQL injection vulnerability

Overview The BeeS Examination Tool BET portal from BeeS Software Solutions contains an SQL injection vulnerability in its website login functionality. More than 100 universities use the BET portal for test administration and other academic tasks. The vulnerability enables arbitrary SQL commands t...

9.8CVSS8AI score0.00689EPSS
Exploits1References3
NVD
NVD
added 2026/01/03 1:15 a.m.6 views

CVE-2025-64125

A vulnerability in Nuvation Energy nCloud VPN Service allowed Network Boundary Bridging.This issue affected the nCloud VPN Service and was fixed on 2025-12-1 December, 2025. End users do not have to take any action to mitigate the issue...

9.4CVSS0.00219EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/10 7:41 a.m.5 views

CVE-2025-13428

A vulnerability exists in the SecOps SOAR server. The custom integrations feature allowed an authenticated user with an "IDE role" to achieve Remote Code Execution RCE in the server. The flaw stemmed from weak validation of uploaded Python package code. An attacker could upload a package containi...

8.6CVSS7.5AI score0.00287EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/10 7:11 a.m.28 views

CVE-2025-12952 Privilege Escalation in Dialogflow CX via Webhook Admin Role

A privilege escalation vulnerability exists in Google Cloud's Dialogflow CX. Dialogflow agent developers with Webhook editor permission are able to configure Webhooks using Dialogflow service agent access token authentication. This allows the attacker to escalate their privileges from agent-level...

8.7CVSS0.00295EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/10 12:0 a.m.5 views

PT-2025-50307

A privilege escalation vulnerability exists in Google Cloud's Dialogflow CX. Dialogflow agent developers with Webhook editor permission are able to configure Webhooks using Dialogflow service agent access token authentication. This allows the attacker to escalate their privileges from agent-level...

8.7CVSS7.2AI score0.00295EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/06 12:0 a.m.19 views

PT-2025-49328

Name of the Vulnerable Software and Affected Versions Apigee-X versions prior to 1-16-0-apigee-3 Description A security issue in Apigee-X could allow an attacker to gain unauthorized read and write access to Apigee Analytics AX data and access logs belonging to other Apigee customer organizations...

7.6CVSS5.4AI score0.00258EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2025/10/23 10:3 a.m.15 views

CVE-2025-11915

Connection desynchronization between an HTTP proxy and the model backend. The fixes were rolled out for all proxies in front of impacted models by 2025-09-28. Users do not need to take any action...

6.9CVSS6.9AI score0.00293EPSS
Exploits0References1
NVD
NVD
added 2025/10/22 10:15 a.m.6 views

CVE-2025-11915

Connection desynchronization between an HTTP proxy and the model backend. The fixes were rolled out for all proxies in front of impacted models by 2025-09-28. Users do not need to take any action...

6.9CVSS0.00293EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/22 9:13 a.m.6 views

EUVD-2025-35358

Connection desynchronization between an HTTP proxy and the model backend. The fixes were rolled out for all proxies in front of impacted models by 2025-09-28. Users do not need to take any action...

6.9CVSS6.4AI score0.00293EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-26615

Malicious code in bioql PyPI...

6.1CVSS6.5AI score0.00219EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/08/25 12:0 a.m.7 views

PT-2025-34599 · Google · Google Cloud Dataform

Name of the Vulnerable Software and Affected Versions: Google Cloud Dataform affected versions not specified Description: A path traversal vulnerability exists in the NPM package installation process of Google Cloud Dataform. A remote attacker can read and write files in other customers'...

10CVSS6.2AI score0.00625EPSS
Exploits0References12
SUSE CVE
SUSE CVE
added 2024/06/04 12:18 p.m.2 views

SUSE CVE-2024-35221

Rubygems.org is the Ruby community's gem hosting service. A Gem publisher can cause a Remote DoS when publishing a Gem. This is due to how Ruby reads the Manifest of Gem files when using Gem::Specification.fromyaml. fromyaml makes use of SafeYAML.load which allows YAML aliases inside the YAML-bas...

4.3CVSS7AI score0.00494EPSS
Exploits0References6
Rows per page
Query Builder