Lucene search
K

695 matches found

Nuclei
Nuclei
added 16 hours ago78 views

Cacti 1.2.24 - SQL Injection

Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a SQL injection discovered in graphview.php. Since guest users can access graphview.php without authentication by default, if guest users are being utilized in an enabled state, there...

9.8CVSS7.2AI score0.87575EPSS
Exploits2References5
OSV
OSV
added 6 days ago5 views

PYSEC-2026-2004 vantage6's CORS settings overly permissive

Impact The vantage6 server has no restrictions on CORS settings. It should be possible for people to set the allowed origins of the server. The impact is limited because v6 does not use session cookies Patches No Workarounds No...

4.2CVSS5.9AI score0.00311EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.9 views

PT-2026-55959

Name of the Vulnerable Software and Affected Versions OP-TEE versions 3.10.0 through 4.10.x Description OP-TEE is a Trusted Execution Environment TEE designed as a companion to a non-secure Linux kernel running on Arm Cortex-A cores using TrustZone technology. An unbounded recursion can cause the...

3.3CVSS6.1AI score0.00105EPSS
Exploits0References3
Cisco
Cisco
added 2026/07/01 4:0 p.m.14 views

ClamAV Vulnerabilities Affecting Cisco Products: July 2026

Multiple vulnerabilities in ClamAV could allow a remote attacker to cause a denial of service DoS condition, interrupting scanning operations. For more information about these vulnerabilities, see the Details "details" section of this advisory. For additional information on these vulnerabilities ...

7.5CVSS5.8AI score0.00463EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.21 views

PT-2026-49579

Name of the Vulnerable Software and Affected Versions Electron versions 42.3.1 through 42.3.2 Description Incorrect byte length calculations in the Node.js Buffer API cause heap underflow or overflow, which can lead to memory corruption or application crashes. This issue may result in incorrect...

9.3CVSS5.6AI score0.00253EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.10 views

CVE-2026-41320

Frappe HR is an open-source human resources management solution HRMS. Prior to versions 15.54.0 and 14.38.1, a specially crafted request made to a certain endpoint could result in SQL injection, allowing an attacker to extract information they wouldn't otherwise be able to. Versions 15.54.0 and...

6.5CVSS5.6AI score0.0022EPSS
Exploits0References1
Cisco
Cisco
added 2026/06/03 4:0 p.m.13 views

Cisco Finesse Remote File Inclusion Vulnerability

A vulnerability in Cisco Finesse could allow an unauthenticated, remote attacker to load arbitrary files from remote locations into an active user session on an affected device, possibly leading to browser-based attacks. This vulnerability is due to insufficient validation of user-supplied input...

6.1CVSS6.1AI score0.0018EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/29 10:0 a.m.16 views

Security Bulletin: There is a vulnerability in brace-expansion-2.0.2.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-33750)

Summary There is a vulnerability in brace-expansion-2.0.2.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-33750 DESCRIPTION: The brace-expansion library generates arbitrary strings containing a common prefix and suffix. Prior to...

7.5CVSS6.4AI score0.0043EPSS
Exploits0Affected Software1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in pypdf2

pypdf is a pure-Python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. An attacker who exploits this vulnerability can create a PDF that results in unexpected long execution times. This quadratic execution time blocks the current process and can even...

6.5CVSS6.7AI score0.00625EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in freerdp2

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The affected versions are vulnerable to a Out-of-Bounds Read vulnerability in the nscrledecompressdata function. This vulnerability occurs because the function processes context-Planes without...

7.5CVSS6.7AI score0.01332EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in xrdp

xrdp is an open-source project that provides a graphical login to remote machines using the Microsoft Remote Desktop Protocol RDP. xrdp versions prior to 0.9.21 contain a buffer overflow in the xrdpmmchandatain function. There are no known workarounds for this issue. Users are advised to upgrade...

9.8CVSS8AI score0.00847EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.22 views

PT-2026-41158

Name of the Vulnerable Software and Affected Versions Synapse versions prior to 1.152.1 Description In federated rooms, malicious homeservers can craft room events that prevent the server from providing full history to paginating clients. This can result in clients failing to display the room...

6.9CVSS5.8AI score0.00369EPSS
Exploits0References10
Github Security Blog
Github Security Blog
added 2026/05/11 7:36 p.m.17 views

Mermaid Gantt Charts are vulnerable to an Infinite Loop DoS

Impact Mermaid v11.14.0 and earlier are vulnerable to a denial-of-service attack when rendering gantt charts, if they use the excludes attribute to exclude all dates. Example: gantt excludes monday,tuesday,wednesday,thursday,friday,saturday,sunday DoS :2025-01-01, 1d mermaid.parse is unaffected,...

5.3CVSS5.7AI score0.00384EPSS
Exploits0References7Affected Software1
Cisco
Cisco
added 2026/05/06 4:0 p.m.17 views

Cisco SG350 and SG350X Series Managed Switches SNMP Denial of Service Vulnerability

A vulnerability in the Simple Network Management Protocol SNMP subsystem of Cisco 350 Series Managed Switches SG350 and Cisco 350X Series Stackable Managed Switches SG350X firmware could allow an authenticated, remote attacker to cause a denial of service DoS condition on an affected device. This...

7.7CVSS5.9AI score0.00389EPSS
Exploits0References1
Cisco
Cisco
added 2026/05/06 4:0 p.m.17 views

Cisco IoT Field Network Director Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco IoT Field Network Director Software could allow an authenticated, remote attacker to access files, execute commands, and cause denial of service DoS conditions on managed routers. For more information about these...

7.7CVSS5.9AI score0.00272EPSS
Exploits0References1
Cisco
Cisco
added 2026/05/06 4:0 p.m.21 views

Cisco Unity Connection Remote Code Execution and Server-Side Request Forgery Vulnerabilities

Multiple vulnerabilities in Cisco Unity Connection could allow a remote attacker to execute arbitrary code on or conduct server-side request forgery SSRF attacks through an affected device. For more information about these vulnerabilities, see the Details "details" section of this advisory. Cisco...

8.8CVSS6.2AI score0.00712EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/05 12:50 p.m.6 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses jjwt-impl-0.11.5.jar which is vulnerable to CVE-2024-31033

Summary IBM Maximo Application Suite - Visual Inspection component uses jjwt-impl-0.11.5.jar which is vulnerable to CVE-2024-31033, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2024-31033 DESCRIPTION: JJWT aka Java JWT through...

6.8CVSS5.9AI score0.00776EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/04/22 12:16 a.m.6 views

CVE-2026-41126

BigBlueButton is an open-source virtual classroom. Versions prior to 3.0.24 have an Open Redirect through bigbluebutton/api/join via get-parameter "logoutURL." Version 3.0.24 has adjusted the handling of requests with incorrect checksum so that the default logoutURL is used. No known workarounds...

4.3CVSS0.00231EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.13 views

PT-2026-34543

nimiq-libp2p is a Nimiq network implementation based on libp2p. Prior to version 1.3.0, MessageCodec::read request and read response call read to end on inbound substreams, so a remote peer can send only a partial frame and keep the substream open. because Behaviour::new also sets with max...

5.3CVSS5.8AI score0.00297EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.11 views

PT-2026-34554

Impact HistoryTreeProof::verify panics on a malformed proof where history.len != positions.len due to assert eq!history.len, positions.len. The proof object is derived from untrusted p2p responses ResponseTransactionsProof.proof and is therefore attacker-controlled at the network boundary until...

3.1CVSS5.8AI score0.00318EPSS
Exploits0References8
Rows per page
Query Builder