Lucene search
K

687 matches found

CVE
CVE
added 5 days ago12 views

CVE-2026-55437

CVE-2026-55437 affects Coder: prior to 2.29.17, 2.32.7, 2.33.8, and 2.34.2, AgentLogLine uses ansi-to-html without escapeXML: true and injects via dangerouslySetInnerHTML, enabling stored HTML injection in workspace agent logs. Exploitation requires a user with workspace-owner access to view atta...

5.4CVSS6AI score0.00316EPSS
Exploits0References6Affected Software1
Tenable Nessus
Tenable Nessus
added 6 days ago8 views

Linux Distros Unpatched Vulnerability : CVE-2026-44362

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology...

5.5CVSS6.2AI score0.00122EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/07/06 8:45 p.m.6 views

CiliumLocalRedirectPolicy addressMatcher allows cross-namespace service traffic hijacking and can break service translation

Impact Users with the ability to create CiliumLocalRedirectPolicies can specify arbitrary ClusterIPs via addressMatcher, which enables hijacking traffic to Services in any namespace, bypassing the namespace-scoping guarantees enforced by serviceMatcher. In addition, deleting such a policy can...

6.9CVSS6AI score0.00341EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/07/06 8:16 p.m.5 views

CVE-2026-53763

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.0.0 and prior to version 4.11.0, 32-bit integer overflows in OP-TEE core's AES-GCM implementation cause the...

3.8CVSS0.00149EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.6 views

PT-2026-55975

Name of the Vulnerable Software and Affected Versions OP-TEE versions 3.3.0 through 4.10.x Description A resource leak exists in the shared memory cleanup logic of OP-TEE, a Trusted Execution Environment designed for Arm Cortex-A cores using TrustZone technology. The function cleanup shm refs in...

3.8CVSS6.1AI score0.00105EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.9 views

PT-2026-55976

Name of the Vulnerable Software and Affected Versions OP-TEE versions 3.20.0 through 4.10.x Description OP-TEE is a Trusted Execution Environment TEE designed as a companion to a non-secure Linux kernel running on Arm Cortex-A cores using TrustZone technology. A flaw in the subkey rollback...

5.5CVSS6.1AI score0.00122EPSS
Exploits0References6
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability in Systemd

Systemd, a system and service manager, as PID 1 encounters an assertion error and freezes execution when an unprivileged IPC API call is made with spurious data. In versions v249 and earlier, the effect is not an assertion error, but stack overwriting, with the content being controlled by the...

5.5CVSS5.9AI score0.00121EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/22 1:1 p.m.9 views

CVE-2025-70102

A flaw was found in dhcpcd. A specially crafted configuration input may cause the parseoption function to dereference a NULL pointer while processing malformed option data. This issue may result in application termination and a denial of service condition. Mitigation Red Hat is not aware of a...

6.3CVSS5.7AI score0.00169EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/06/11 1:27 p.m.12 views

@grpc/grpc-js: An incoming malformed compressed message can cause a client or server crash

Impact An invalid incoming compressed message can cause a client or server process to crash. This affects all clients and servers that use @grpc/grpc-js Patches The following version have fixes for this vulnerability: - 1.9.16 - 1.10.12 - 1.11.4 - 1.12.7 - 1.13.5 - 1.14.4 Workarounds There is no...

5.5AI score0.00052EPSS
Exploits0References8Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.39 views

PT-2026-48692

Name of the Vulnerable Software and Affected Versions @grpc/grpc-js versions prior to 1.9.16 @grpc/grpc-js versions prior to 1.10.12 @grpc/grpc-js versions prior to 1.11.4 @grpc/grpc-js versions prior to 1.12.7 @grpc/grpc-js versions prior to 1.13.5 @grpc/grpc-js versions prior to 1.14.4...

7.5CVSS5.8AI score0.00052EPSS
Exploits0References10
Github Security Blog
Github Security Blog
added 2026/06/05 8:9 p.m.26 views

TinyMCE Cross-Site Scripting (XSS) vulnerability using sanitization bypass through nested SVGs

Impact TinyMCE 6.8.x contains an XSS vulnerability caused by improper SVG namespace scope handling in the sanitizer. A crafted payload using nested elements can bypass attribute sanitization and execute arbitrary JavaScript. Patches This issue affects TinyMCE 6.8.x-7.0.x. The vulnerability is fix...

8.7CVSS5.8AI score0.00191EPSS
Exploits0References3Affected Software2
RedhatCVE
RedhatCVE
added 2026/06/05 7:50 p.m.9 views

CVE-2026-34067

nimiq-transaction provides the transaction primitive to be used in Nimiq's Rust implementation. Prior to version 1.3.0, HistoryTreeProof::verify panics on a malformed proof where history.len != positions.len due to asserteq!history.len, positions.len. The proof object is derived from untrusted p2...

6.5CVSS5.4AI score0.00318EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.8 views

CVE-2026-41127

BigBlueButton is an open-source virtual classroom. Versions prior to 3.0.24 have a missing authorization that allows viewers to inject/overwrite captions Version 3.0.24 tightened the permissions on who is able to submit captions. No known workarounds are available...

6.5CVSS5.5AI score0.00178EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/05 4:52 p.m.15 views

EUVD-2026-34862

Cloudburst Network provides network components used within Cloudburst projects. A vulnerability in versions prior to 1.0.0.CR3-20260418.124334-32 impacts publicly accessible software depending on the affected versions of Network and allows an attacker to exploit a bug in Network to close the pare...

7.5CVSS5.5AI score0.00263EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/05 4:51 p.m.8 views

CVE-2026-45290

Cloudburst Network provides network components used within Cloudburst projects. A vulnerability in versions prior to 1.0.0.CR3-20260417.085727-30 impacts publicly accessible software depending on the affected versions of Network and allows an attacker to exploit a vulnerability in Network to stal...

7.5CVSS5.5AI score0.00278EPSS
Exploits0References2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/05 9:53 a.m.12 views

Security Bulletin: Automation Assets in IBM Cloud Pak for Integration are vulnerable to vulnerability in simple-git

Summary Automation Assets in IBM Cloud Pak for Integration are vulnerable to vulnerability in simple-git. CVE-2026-6951 The vulnerability have been addressed. Vulnerability Details CVEID:CVE-2026-6951 DESCRIPTION: Versions of the package simple-git before 3.36.0 are vulnerable to Remote Code...

9.8CVSS6.4AI score0.00877EPSS
Exploits1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.29 views

PT-2026-47012

Cloudburst Network provides network components used within Cloudburst projects. A vulnerability in versions prior to 1.0.0.CR3-20260418.124334-32 impacts publicly accessible software depending on the affected versions of Network and allows an attacker to exploit a bug in Network to close the pare...

7.5CVSS5.5AI score0.00263EPSS
Exploits0References2
CVE
CVE
added 2026/06/02 6:35 p.m.24 views

CVE-2026-35049

The CVE-2026-35049 entry affects the wire-ios iOS client. Before version 4.16.0, processing a crafted Proteus external message with an encrypted payload under 16 bytes causes an automatic crash after receipt. The malicious message remains in the conversation and causes a crash loop on relaunch, p...

6.5CVSS5.7AI score0.00235EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/26 7:29 a.m.12 views

Security Bulletin: Vulnerability in IBM WebSphere Application (CVE-2025-14915) affects IBM PowerVM Novalink.

Summary IBM WebSphere Libery Profile is used by IBM PowerVM Novalink. IBM PowerVM Novalink has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-14915 DESCRIPTION: IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is...

7.2CVSS5.8AI score0.00498EPSS
Exploits0Affected Software1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in xrdp

xrdp is an open-source project that provides a graphical login interface for accessing remote machines using the Microsoft Remote Desktop Protocol RDP. Version 0.9.21 and earlier of xrdp contain a buffer overflow in the xrdploginwndcreate function. There are no known solutions to this issue. User...

9.8CVSS7.1AI score0.00762EPSS
Exploits0References2
Rows per page
Query Builder