Lucene search
K

117944 matches found

IBM Security Bulletins
IBM Security Bulletins
added 3 days ago5 views

Security Bulletin: IBM Storage Protect Client is vulnerable to Heap-Based Buffer Overflow (CVE-2026-13473)

Summary IBM Storage Protect Client is vulnerable to Heap-Based Buffer Overflow due to unchecked string copy operations in IBM Storage Protect Snapshot for Windows Standalone Configuration. Vulnerability Details CVEID:CVE-2026-13473 DESCRIPTION: IBM Storage Protect is vulnerable to a heap-based...

6.5AI score
Exploits0Affected Software1
The Hacker News
The Hacker News
added 3 days ago9 views

Laser Attack Resets Tangem Wallet Passwords on Cards That Can't Be Patched

Researchers at Ledger's Donjon security team have shown that a precisely timed laser pulse, aimed at the chip inside a Tangem crypto wallet card, can reset the card's password to anything the attacker picks. No old password. No backup card. Once it is reset, whoever did it controls the wallet and...

6.1AI score
Exploits0
GithubExploit
GithubExploit
added 3 days ago35 views

patchtriage

PatchTriage !CIhttps://github.com/d01ki/patchtriage/actio...

7.2CVSS6.7AI score0.2241EPSS
Exploits3
RedhatCVE
RedhatCVE
added 3 days ago5 views

CVE-2026-55170

A flaw was found in OpenFGA, an authorization/permission engine. When using MySQL as the datastore, and authorization decisions depend on case-sensitive user strings, the system may incorrectly treat case-distinct values e.g., 'user:Alice' and 'user:alice' as equivalent. This can lead to improper...

5.4CVSS6AI score0.00341EPSS
Exploits0References8
IBM Security Bulletins
IBM Security Bulletins
added 3 days ago3 views

Security Bulletin: IBM Application Modernization Accelerator is affected by multiple vulnerabilities found in Java, JavaScript and IBM WebSphere Application Server Liberty

Summary There are multiple vulnerabilities in Java, JavaScript and IBM WebSphere Application Server Liberty used by IBM Application Modernization Accelerator. Vulnerability Details CVEID:CVE-2026-41907 DESCRIPTION: uuid is for the creation of RFC9562 formerly RFC4122 UUIDs. Prior to 14.0.0, v3, v...

9.3CVSS6.2AI score0.00702EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 3 days ago3 views

Security Bulletin: IBM Transformation Advisor is affected by multiple vulnerabilities found in Java, JavaScript and IBM WebSphere Application Server Liberty

Summary There are multiple vulnerabilities in Java, JavaScript and IBM WebSphere Application Server Liberty used by IBM Transformation Advisor. Vulnerability Details CVEID:CVE-2026-40181 DESCRIPTION: React Router is a router for React. In versions 7.0.0 through 7.14.0 and 6.7.0 through 6.30.3,...

9.3CVSS6.2AI score0.00745EPSS
Exploits3Affected Software1
The Hacker News
The Hacker News
added 3 days ago7 views

Unpatched XRING Flaw in XQUIC Lets Remote Clients Crash HTTP/3 Servers

A single wrong variable on one line in XQUIC, Alibaba's QUIC and HTTP/3 library, lets any remote client crash the server with a short burst of completely legal traffic. There is no patch. FoxIO researcher Sébastien Féry disclosed the flaw on July 8 and nicknamed it XRING. He says it needs no logi...

9.2CVSS6.3AI score0.03225EPSS
Exploits3
The Hacker News
The Hacker News
added 3 days ago5 views

From 17,000 to 1.1 Million Assets: How Lumen Technologies Rebuilt Exposure Management at Scale

Most enterprises assume their asset inventory is close enough to accurate. The evidence suggests otherwise. According to a survey of over 600 security leaders in the 2026 Axonius Actionability Report, only 45% of organizations consolidate their asset and exposure data into a single view, and ever...

6.1AI score
Exploits0
The Hacker News
The Hacker News
added 3 days ago7 views

Study of 281 Free Android VPN Apps Finds Traffic Leaks, Unencrypted Data, and Tracking

Researchers ran 281 of the most popular free VPN apps on the Google Play Store through a new testing system and found that many fail at the basics people install a VPN for, i.e., keeping their traffic private and secure. The apps flagged with at least one problem have been installed more than 2.4...

6.1AI score
Exploits0
F5 Networks
F5 Networks
added 3 days ago3 views

K000162184: Spring Kafka vulnerability CVE-2026-41727

Security Advisory Description Spring Kafka's retry topic infrastructure did not sufficiently validate user-controlled header values before acting on them. A producer could send a record with a crafted retrytopic-attempts header to supply an out-of-range attempt count and cause the retry topic...

6.5CVSS6.1AI score0.0024EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 3 days ago3 views

Security Bulletin: Multiple vulnerabilities in IBM Tivoli Network Manager IP Edition

Summary Multiple vulnerabilities were addressed in IBM Tivoli Network Manager IP Edition 4.2.0.24 IF2 Vulnerability Details CVEID:CVE-2026-8368 DESCRIPTION: LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects. On a 3xx response...

9.8CVSS6.6AI score0.00695EPSS
Exploits1Affected Software1
F5 Networks
F5 Networks
added 3 days ago4 views

K000162183: Spring web services vulnerability CVE-2026-40996

Security Advisory Description Wss4jSecurityInterceptor defaulted allowRSA15KeyTransportAlgorithm to true, overriding Apache WSS4J's safer default for validation RequestData. Inbound WS-Security decryption could therefore accept RSA PKCS1 v1.5 rsa-15 encrypted key material unless operators...

4.8CVSS6.1AI score0.00129EPSS
Exploits0
F5 Networks
F5 Networks
added 3 days ago4 views

K000162182: Spring Expression Language (SpEL) vulnerability CVE-2026-41850

Security Advisory Description Applications that evaluate user-supplied Spring Expression Language SpEL expressions are vulnerable to an Algorithmic Denial of Service DoS. By providing a specially crafted expression, an attacker can trigger excessive resource consumption during evaluation, leading...

7.5CVSS6.1AI score0.0036EPSS
Exploits0
F5 Networks
F5 Networks
added 3 days ago3 views

K000162181: Spring Framework vulnerability CVE-2026-41841

Security Advisory Description Spring MVC and WebFlux applications are vulnerable to Information Disclosure attacks when resolving static resources. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48. CVE-2026-41841 Impact Ther...

5.9CVSS6.1AI score0.00313EPSS
Exploits0
F5 Networks
F5 Networks
added 3 days ago3 views

K000162180: Spring WebFlux vulnerability CVE-2026-41840

Security Advisory Description Spring WebFlux applications are vulnerable to Denial of Service DoS attacks when processing multipart requests. Affected versions: Spring Framework 7.0.0 through 7.0.7, 6.2.0 through 6.2.18, 6.1.0 through 6.1.27, 5.3.0 through 5.3.48. CVE-2026-41840 Impact There is n...

5.9CVSS6.1AI score0.00247EPSS
Exploits0
F5 Networks
F5 Networks
added 3 days ago5 views

K000162179: Spring for GraphQL vulnerability CVE-2026-41700

Security Advisory Description Spring for GraphQL applications that have enabled the WebSocket transport are vulnerable to Cross-Site WebSocket Hijacking. An attacker can trick an authenticated user into visiting a malicious page, allowing the attacker to execute arbitrary GraphQL operations with...

8.1CVSS6.3AI score0.00182EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 3 days ago3 views

Security Bulletin: IBM SPSS Modeler is affected by multiple vulnerabilities in DataView

Summary IBM SPSS Modeler is affected by multiple vulnerabilities in DataView. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-14813 DESCRIPTION: : Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA...

9.9CVSS7.5AI score0.27095EPSS
Exploits9Affected Software1
F5 Networks
F5 Networks
added 3 days ago4 views

K000162177: Spring Framework vulnerability CVE-2026-41699

Security Advisory Description Spring for GraphQL applications are vulnerable to Unsafe Deserialization when processing paginated GraphQL queries. An attacker can craft a malicious GraphQL request that can lead to Remote Code Execution when the application exposes a paginated Connection field and...

9.8CVSS6.2AI score0.0043EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 3 days ago3 views

Security Bulletin: IBM Cloud Pak for Data System (CPDS 1.0) is affected by multiple vulnerabilities due to pyOpenSSL

Summary pyOpenSSL is used by IBM Cloud Pak for Data System 1.0 as a Python wrapper around the OpenSSL library for TLS/SSL functionality. Multiple vulnerabilities affect pyOpenSSL. CVE-2026-27448 involves improper handling of unhandled exceptions in the settlsextservernamecallback callback, which...

9.8CVSS6.2AI score0.00704EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
added 3 days ago4 views

K000162176: Spring authorization server vulnerability CVE-2026-22752

Security Advisory Description The cve record for the cve id does not exist. CVE-2026-22752 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development has evaluated the currently supported releases for potential vulnerability, and...

6.1AI score
Exploits0
Rows per page
Query Builder