Lucene search
+L

259 matches found

OSV
OSV
added 4 days ago4 views

JLSEC-2026-670

In wolfSSL before 5.2.0, a TLS 1.3 server cannot properly enforce a requirement for mutual authentication. A client can simply omit the certificateverify message from the handshake, and never present a certificate...

7.5CVSS7AI score0.01352EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-57985

Name of the Vulnerable Software and Affected Versions Eclipse KUKSA Databroker version 0.6.1 Description The kuksa.val.v2.VAL/PublishValue gRPC handler fails to validate the existence of the optional data point field in PublishValueRequest. If a request includes a valid signal id but omits data...

6.5CVSS6.1AI score0.00237EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/30 3:54 p.m.6 views

EUVD-2026-40353

Ocelot through 24.1.0, fixed in commit f156fd4, contains a security control bypass vulnerability that allows denied clients to circumvent IP-based access restrictions by sending WebSocket upgrade requests. The WebSocket upgrade pipeline branch configured via MapWhen in OcelotPipelineExtensions.cs...

9.3CVSS5.8AI score0.00412EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.10 views

PT-2026-53988

Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server versions prior to 3.22 Description A UI misrepresentation issue allows an OAuth application to obtain unauthorized access to organization runner management. An attacker can exploit this by creating an OAuth application...

5.5CVSS5.8AI score0.00176EPSS
Exploits0References14
CVE
CVE
added 2026/06/23 7:53 p.m.16 views

CVE-2026-11819

The CVE-2026-11819 issue affects the Ansible community.general keyring_info module. The module reads a passphrase from the OS keyring and writes it directly to result["passphrase"] without output suppression. Root cause shows protected input variable (line with no_log=True) but unprotected output...

5.5CVSS6.1AI score0.00122EPSS
Exploits0References3Affected Software1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.13 views

Astra Linux – Vulnerability in Linux 5.15

A issue was discovered in ksmbd within the Linux kernel versions 5.15 through 5.19, prior to 5.19.2. The file fs/ksmbd/smb2pdu.c omits a kfree call in certain error conditions during the smb2handlenegotiate process, resulting in a memory leak...

7.5CVSS6.7AI score0.04906EPSS
Exploits0References2
CVE
CVE
added 2026/06/18 11:52 a.m.43 views

CVE-2026-11718

The CVE-2026-11718 entry concerns an authentication bypass in googleapis/mcp-toolbox: during opaque-token validation via an OAuth 2.0 introspection endpoint, the code decodes the response and checks issuer with the condition a.issuer != "" && iss != "". If the introspection response omits iss, is...

9.3CVSS5.4AI score0.00204EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.13 views

PT-2026-49563

Name of the Vulnerable Software and Affected Versions @angular/service-worker versions prior to 19.2.23 @angular/service-worker versions prior to 20.3.22 @angular/service-worker versions prior to 21.2.15 @angular/service-worker versions prior to 22.0.0-rc.2 Description An issue in the...

5.7CVSS5.8AI score0.0015EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/06/02 10:15 p.m.12 views

OpenSSH: OpenSSH: Low integrity impact from unconfirmed proxy-mode multiplexing sessions

A flaw was found in OpenSSH. This vulnerability allows for a low integrity impact due to the omission of connection multiplexing confirmation for proxy-mode multiplexing sessions. A local user, under specific and complex conditions requiring user interaction, could potentially establish a...

2.5CVSS5.8AI score0.0013EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.11 views

Apache Airflow 安全漏洞

Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. This platform features scalability and dynamic monitoring capabilities. There is a security vulnerability in Apache Airflow, whic...

9.1CVSS5.3AI score0.00369EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/28 3:28 p.m.9 views

CVE-2026-47675

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.21, the serialize function in hono/cookie validates domain and path options against characters that corrupt Set-Cookie header syntax ;, \r, \n, but does not apply the same validation to sameSite an...

4.3CVSS5.8AI score0.00216EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/05/28 12:0 a.m.12 views

Atlassian Jira Service Management Data Center and Server 10.0.0 < 10.3.7 / 10.4.0 < 11.3.5 (JSDSERVER-16588)

The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16588 advisory. - This Security Headers Omission vulnerability allows an unauthenticated attacker to receive responses...

9.1CVSS7.3AI score0.0048EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2026/05/27 7:20 p.m.11 views

CVE-2026-44681 Authlib: Open Redirect in Authlib OIDC Implicit/Hybrid Authorization

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.12 and 1.7.1, an unauthenticated open redirect in Authlib's OpenIDImplicitGrant and OpenIDHybridGrant authorization endpoint lets a remote attacker cause the authorization server to issue an HTTP 302 to an...

6.1CVSS5.8AI score0.00249EPSS
Exploits1References1
OSV
OSV
added 2026/05/26 5:16 p.m.4 views

CVE-2026-48901

The InputFilter::getInstance method omitted a security sensitive parameter from the instance cache key...

7.5CVSS5.9AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/05/19 6:37 p.m.12 views

OpenSSH: OpenSSH: Low integrity impact from unconfirmed proxy-mode multiplexing sessions

A flaw was found in OpenSSH. This vulnerability allows for a low integrity impact due to the omission of connection multiplexing confirmation for proxy-mode multiplexing sessions. A local user, under specific and complex conditions requiring user interaction, could potentially establish a...

2.5CVSS5.8AI score0.0013EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/05/19 12:59 p.m.48 views

CVE-2026-42097 Authentication Bypass in Sparx Pro Cloud Server

Sparx Pro Cloud Server requires authentication based on requested URL. An attacker can omit the "model" query parameter and send the model name only in the binary blob in POST request allowing SQL query execution without authentication. The vendor was notified early about this vulnerability, but...

9.3CVSS0.00941EPSS
Exploits3References4
OSV
OSV
added 2026/05/16 10:16 p.m.8 views

DEBIAN-CVE-2026-46728

Das U-Boot before 2026.04 allows FIT Flat Image Tree signature verification bypass because hashed-nodes is omitted from a hash...

8.8CVSS5.8AI score0.00127EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2026/05/16 10:16 p.m.11 views

CVE-2026-46728

Das U-Boot before 2026.04 allows FIT Flat Image Tree signature verification bypass because hashed-nodes is omitted from a hash...

8.8CVSS5.8AI score0.00127EPSS
Exploits1References3
OSV
OSV
added 2026/05/16 10:16 p.m.10 views

UBUNTU-CVE-2026-46728

Das U-Boot before 2026.04 allows FIT Flat Image Tree signature verification bypass because hashed-nodes is omitted from a hash...

8.8CVSS5.8AI score0.00127EPSS
Exploits1References4
OSV
OSV
added 2026/05/16 9:26 p.m.3 views

CVE-2026-46728

Das U-Boot before 2026.04 allows FIT Flat Image Tree signature verification bypass because hashed-nodes is omitted from a hash...

8.2CVSS5.9AI score0.00127EPSS
Exploits1References4
Rows per page
Query Builder