Lucene search
K

126923 matches found

F5 Networks
F5 Networks
added 2026/06/22 5:7 p.m.6 views

K000161732: PostgreSQL vulnerabilities CVE-2026-2004, CVE-2026-2005, and CVE-2026-2006

Security Advisory Description CVE-2026-2004 Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16...

8.8CVSS6.7AI score0.01208EPSS
Exploits3Affected Software1
F5 Networks
F5 Networks
added 2026/06/22 4:47 p.m.7 views

K000161730: PostgreSQL vulnerability CVE-2026-2003

Security Advisory Description Improper validation of type "oidvector" in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks that arrange for presence of confidential information in disclosed bytes, but they seem unlikely. Version...

4.3CVSS5.7AI score0.00281EPSS
Exploits0Affected Software1
The Hacker News
The Hacker News
added 2026/06/22 4:29 p.m.20 views

29-Year-Old Squid Proxy Bug 'Squidbleed' Can Leak Cleartext HTTP Requests

A heap over-read in the Squid web proxy can leak another user's cleartext HTTP request, including any credentials or session tokens it carries, to anyone already allowed to send traffic through the same proxy. The bug traces to a 1997 FTP-parsing change and is still live in Squid's default...

6.2AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/22 4:22 p.m.3 views

Security Bulletin: Multiple vulnerabilities affect CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition.

Summary Due to the use of IBM® Runtime Environment Java™, CICS Transaction Gateway Desktop Edition and CICS Transaction Gateway for Multiplatforms are vulnerable to multiple vulnerabilities. CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition have updated the...

8.7CVSS7.5AI score0.00702EPSS
Exploits1Affected Software2
OSV
OSV
added 2026/06/22 4:16 p.m.3 views

DEBIAN-CVE-2026-54264

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, an information disclosure vulnerability exists in the @angular/service-worker package of the Angular framework. When the Servi...

6.1CVSS6AI score0.00226EPSS
Exploits0References1
NVD
NVD
added 2026/06/22 4:16 p.m.10 views

CVE-2026-54264

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, an information disclosure vulnerability exists in the @angular/service-worker package of the Angular framework. When the Servi...

8.3CVSS0.00226EPSS
Exploits0References3
NVD
NVD
added 2026/06/22 4:16 p.m.13 views

CVE-2026-12725

A heap-based buffer overflow was found in dnsmasq. When DNSSEC validation and query logging are both enabled, logging of DS or DNSKEY replies containing unsupported algorithm or digest types can cause dnsmasq to write past the end of an internal logging buffer. A remote attacker able to supply su...

5.9CVSS0.00406EPSS
Exploits0References2
OSV
OSV
added 2026/06/22 4:16 p.m.2 views

DEBIAN-CVE-2026-12725

A heap-based buffer overflow was found in dnsmasq. When DNSSEC validation and query logging are both enabled, logging of DS or DNSKEY replies containing unsupported algorithm or digest types can cause dnsmasq to write past the end of an internal logging buffer. A remote attacker able to supply su...

5.9CVSS6.1AI score0.00406EPSS
Exploits0References1
OSV
OSV
added 2026/06/22 4:16 p.m.7 views

UBUNTU-CVE-2026-12725

A heap-based buffer overflow was found in dnsmasq. When DNSSEC validation and query logging are both enabled, logging of DS or DNSKEY replies containing unsupported algorithm or digest types can cause dnsmasq to write past the end of an internal logging buffer. A remote attacker able to supply su...

5.9CVSS6.1AI score0.00406EPSS
Exploits0References2
OSV
OSV
added 2026/06/22 4:16 p.m.4 views

UBUNTU-CVE-2026-54264

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, an information disclosure vulnerability exists in the @angular/service-worker package of the Angular framework. When the Servi...

8.3CVSS5.9AI score0.00226EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/22 4:13 p.m.5 views

Security Bulletin: Critical XXE Vulnerability in Apache Tika Affecting Content Collector for Email, File Systems, and Microsoft SharePoint (CVE-2025-66516)

Summary Critical XML External Entity in Apache Tika on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. An attacker may be able to read sensitive data or trigger malicious requests to internal resources or third-party...

9.8CVSS7.3AI score0.79807EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/22 3:38 p.m.26 views

Security Bulletin: Multiple Vulnerabilities identified in IBM Cloud Pak System

Summary Vulnerabilities identified in Cloud Pak System. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2023-38716 DESCRIPTION: IBM Cloud Pak System 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, and 2.3.4.0 could disclose sensitive information about the...

7.5CVSS6.1AI score0.00478EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2026/06/22 3:32 p.m.8 views

EUVD-2026-38274

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, an information disclosure vulnerability exists in the @angular/service-worker package of the Angular framework. When the Servi...

8.3CVSS6AI score0.00226EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/22 3:32 p.m.4 views

CVE-2026-54264 Angular: Sensitive Header Leakage on Cross-Origin Redirects in Angular Service Worker

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, an information disclosure vulnerability exists in the @angular/service-worker package of the Angular framework. When the Servi...

8.3CVSS6AI score0.00226EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/22 3:32 p.m.4 views

CVE-2026-54264

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, an information disclosure vulnerability exists in the @angular/service-worker package of the Angular framework. When the Servi...

8.3CVSS6AI score0.00226EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/06/22 3:32 p.m.33 views

CVE-2026-54264 Angular: Sensitive Header Leakage on Cross-Origin Redirects in Angular Service Worker

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, an information disclosure vulnerability exists in the @angular/service-worker package of the Angular framework. When the Servi...

8.3CVSS0.00226EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/06/22 3:32 p.m.7 views

CVE-2026-54264

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, an information disclosure vulnerability exists in the @angular/service-worker package of the Angular framework. When the Servi...

8.3CVSS5.9AI score0.00226EPSS
Exploits0
CVE
CVE
added 2026/06/22 3:32 p.m.19 views

CVE-2026-54264

Angular’s @angular/service-worker contains an information-disclosure flaw prior to versions 22.0.1, 21.2.17, and 20.3.25. When the Service Worker fetches assets, it preserves request headers; on cross-origin redirects it does not strip sensitive headers, potentially exposing credentials (e.g., Au...

8.3CVSS6AI score0.00226EPSS
Exploits0References3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/22 2:33 p.m.3 views

Security Bulletin: Multiple Vulnerabilities in watsonx.data

Summary Multiple vulnerabilities were addressed in watsonx.data 2.3.1 patch 6 version, which was present in different version from watson.data 2.3.1 to watsonx.dat 2.3.1 Patch 5 Vulnerability Details CVEID:CVE-2026-0621 DESCRIPTION: Anthropic's MCP TypeScript SDK versions up to and including 1.25...

9.6CVSS7AI score0.01068EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/22 2:32 p.m.3 views

Security Bulletin: Multiple Vulnerabilities in watsonx.data

Summary Multiple vulnerabilities were addressed in watsonx.data 2.3.1 patch 6 version, which was present in different version from watson.data 2.3.1 to watsonx.dat 2.3.1 Patch 5 Vulnerability Details CVEID:CVE-2025-15558 DESCRIPTION: Docker CLI for Windows searches for plugin binaries in...

9.2CVSS7.9AI score0.02058EPSS
Exploits6Affected Software1
Rows per page
Query Builder