Lucene search
K

58712 matches found

OSV
OSV
added 2026/05/18 1:12 p.m.11 views

CLEANSTART-2026-IP78312 Security fixes for CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32289, CVE-2026-33810, CVE-2026-33811, CVE-2026-33814, CVE-2026-35469, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501, ghsa-pc3f-x583-g7j2 applied in versions: 2.19.2-r0, 2.19.2-r1, 2.19.2-r2, 2.19.2-r3

Multiple security vulnerabilities affect the rabbitmq-cluster-operator package. These issues are resolved in later releases. See references for individual vulnerability details...

8.8CVSS7.2AI score0.00813EPSS
Exploits0References38
OSV
OSV
added 2026/05/18 1:2 p.m.7 views

CLEANSTART-2026-SA98061 Security fixes for CVE-2026-33186, CVE-2026-34986, ghsa-6v2p-p943-phr9, ghsa-78h2-9frx-2jm8, ghsa-c6gw-w398-hv78, ghsa-f6x5-jh6r-wrfv, ghsa-hcg3-p754-cr77, ghsa-j5w8-q4qc-rx2x, ghsa-qxp5-gw88-xv66, ghsa-v778-237x-gjrc, ghsa-vvgc-356p-c3xw applied in versions: 1.15.0-r1, 1.19.0-r0, 1.19.1-r0

Multiple security vulnerabilities affect the rabbitmq-messaging-topology-operator package. These issues are resolved in later releases. See references for individual vulnerability details...

9.1CVSS5.8AI score0.01557EPSS
Exploits1References14
OSV
OSV
added 2026/05/18 12:57 p.m.11 views

CLEANSTART-2026-CR00119 Security fixes for CVE-2026-33186, CVE-2026-33811, CVE-2026-33814, CVE-2026-34986, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501, ghsa-6v2p-p943-phr9, ghsa-78h2-9frx-2jm8, ghsa-c6gw-w398-hv78, ghsa-f6x5-jh6r-wrfv, ghsa-hcg3-p754-cr77, ghsa-j5w8-q4qc-rx2x, ghsa-qxp5-gw88-xv66, ghsa-v778-237x-gjrc, ghsa-vvgc-356p-c3xw applied in versions: 1.15.0-r1, 1.19.0-r0, 1.19.1-r0, 1.19.1-r1

Multiple security vulnerabilities affect the rabbitmq-messaging-topology-operator package. These issues are resolved in later releases. See references for individual vulnerability details...

9.1CVSS6.8AI score0.01557EPSS
Exploits1References36
OSV
OSV
added 2026/05/18 5:48 a.m.5 views

BIT-MONGOOSE-2026-42334 Mongoose: Improper Sanitization of $nor in sanitizeFilter May Allow NoSQL Injection

Mongoose is a MongoDB object modeling tool designed to work in an asynchronous environment. Prior to 6.13.9, 7.8.9, 8.22.1, and 9.1.6, a vulnerability allows bypassing Mongoose’s sanitizeFilter query sanitization mechanism via the $nor operator. When sanitizeFilter is enabled, Mongoose wraps quer...

7.5CVSS5.8AI score0.00274EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.21 views

PT-2026-41794

Name of the Vulnerable Software and Affected Versions n8n-mcp versions prior to 2.51.2 Description In HTTP-mode deployments run as a shared multi-tenant service where ENABLE MULTI TENANT is set to true, the system selects the target n8n instance per-request using the x-n8n-url and x-n8n-key...

8.1CVSS6.5AI score0.00235EPSS
Exploits0References6
Veracode
Veracode
added 2026/05/16 5:4 a.m.6 views

Privilege Escalation

OpenClaw is vulnerable to Privilege Escalation. The vulnerability is due to improper permission enforcement in the gateway plugin HTTP authentication mechanism, where operator.read requests are incorrectly granted operator.write runtime permissions, allowing attackers to perform unauthorized writ...

7.1CVSS5.8AI score0.00239EPSS
Exploits0References2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/15 1:21 p.m.17 views

Security Bulletin: Multiple vulnerabilities in IBM MQ Operator and Queue manager container images

Summary Multiple vulnerabilities were addressed in IBM MQ Operator and Queue manager container images Vulnerability Details CVEID:CVE-2026-29111 DESCRIPTION: systemd, a system and service manager, as PID 1 hits an assert and freezes execution when an unprivileged IPC API call is made with spuriou...

9.9CVSS7.9AI score0.02591EPSS
Exploits9Affected Software1
Chainguard
Chainguard
added 2026/05/15 1:17 a.m.17 views

CVE-2026-33813 vulnerabilities

Vulnerabilities for packages: seaweedfs-rocksdb-fips, kubescape, rclone-fips, seaweedfs-fips, pdfcpu, gitea, gitea-fips, seaweedfs-operator-fips, rclone, ollama-fips, kubescape-server-fips, seaweedfs-rocksdb, mattermost-fips, bento-fips, mattermost, seaweedfs, kubescape-server, ollama, bento,...

7.5CVSS5.9AI score0.0034EPSS
Exploits0
Wolfi
Wolfi
added 2026/05/14 7:48 p.m.19 views

CVE-2026-44903 vulnerabilities

Vulnerabilities for packages: certificate-transparency, prometheus-pushgateway, istio, datadog-agent, keda, jaeger, opentelemetry-collector-contrib, minio-object-browser, mc, amazon-cloudwatch-agent-operator, node-problem-detector, telegraf, mcp-grafana, cloud-sql-proxy, trillian, metrics-server,...

6.1CVSS5.9AI score0.00182EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/05/14 6:46 p.m.12 views

CVE-2026-44633 Live Helper Chat: REST API chat update accepts arbitrary chat fields across department boundaries

Live Helper Chat is an open-source application that enables live support websites. In 4.84v, the Live Helper Chat REST API chat update endpoint allows a REST user with lhchat/use to update a chat in a department they cannot read. The endpoint accepts arbitrary chat object fields, so the user can...

8.1CVSS5.9AI score0.0027EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/14 6:46 p.m.57 views

CVE-2026-44633 Live Helper Chat: REST API chat update accepts arbitrary chat fields across department boundaries

Live Helper Chat is an open-source application that enables live support websites. In 4.84v, the Live Helper Chat REST API chat update endpoint allows a REST user with lhchat/use to update a chat in a department they cannot read. The endpoint accepts arbitrary chat object fields, so the user can...

8.1CVSS0.0027EPSS
Exploits0References1
CVE
CVE
added 2026/05/14 6:46 p.m.25 views

CVE-2026-44633

Live Helper Chat 4.84v REST API chat update endpoint is vulnerable: a REST user with lhchat/use can update a chat in a department they cannot read, accepting arbitrary chat object fields to alter hash and status and potentially tamper via visitor/widget paths. The same write primitive can set ope...

8.1CVSS5.9AI score0.0027EPSS
Exploits0References1
NVD
NVD
added 2026/05/14 6:16 p.m.20 views

CVE-2026-42334

Mongoose is a MongoDB object modeling tool designed to work in an asynchronous environment. Prior to 6.13.9, 7.8.9, 8.22.1, and 9.1.6, a vulnerability allows bypassing Mongoose’s sanitizeFilter query sanitization mechanism via the $nor operator. When sanitizeFilter is enabled, Mongoose wraps quer...

7.5CVSS0.00274EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/14 6:3 p.m.9 views

CVE-2026-42334 Mongoose: Improper Sanitization of $nor in sanitizeFilter May Allow NoSQL Injection

Mongoose is a MongoDB object modeling tool designed to work in an asynchronous environment. Prior to 6.13.9, 7.8.9, 8.22.1, and 9.1.6, a vulnerability allows bypassing Mongoose’s sanitizeFilter query sanitization mechanism via the $nor operator. When sanitizeFilter is enabled, Mongoose wraps quer...

7.5CVSS5.8AI score0.00274EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/14 6:3 p.m.37 views

EUVD-2026-30349

Mongoose is a MongoDB object modeling tool designed to work in an asynchronous environment. Prior to 6.13.9, 7.8.9, 8.22.1, and 9.1.6, a vulnerability allows bypassing Mongoose’s sanitizeFilter query sanitization mechanism via the $nor operator. When sanitizeFilter is enabled, Mongoose wraps quer...

7.5CVSS5.8AI score0.00274EPSS
Exploits0References1
CVE
CVE
added 2026/05/14 6:3 p.m.19 views

CVE-2026-42334

Technical details about CVE-2026-42334 are not publicly available in the provided documents. Monitor for updates.

7.5CVSS5.8AI score0.00274EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/14 6:3 p.m.7 views

CVE-2026-42334

Mongoose is a MongoDB object modeling tool designed to work in an asynchronous environment. Prior to 6.13.9, 7.8.9, 8.22.1, and 9.1.6, a vulnerability allows bypassing Mongoose’s sanitizeFilter query sanitization mechanism via the $nor operator. When sanitizeFilter is enabled, Mongoose wraps quer...

7.5CVSS5.8AI score0.00274EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/14 6:3 p.m.40 views

CVE-2026-42334 Mongoose: Improper Sanitization of $nor in sanitizeFilter May Allow NoSQL Injection

Mongoose is a MongoDB object modeling tool designed to work in an asynchronous environment. Prior to 6.13.9, 7.8.9, 8.22.1, and 9.1.6, a vulnerability allows bypassing Mongoose’s sanitizeFilter query sanitization mechanism via the $nor operator. When sanitizeFilter is enabled, Mongoose wraps quer...

7.5CVSS0.00274EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/14 10:0 a.m.16 views

Security Bulletin: IBM Operator for Apache Flink is affected by a vulnerability in AssertJ library (CVE-2026-24400)

Summary This security vulnerability in the AssertJ library used within IBM Event Processing could allow an attacker to exploit specially crafted XML input to cause local file disclosure, server-side request forgery SSRF, or denial of service in Java-based components running on the Apache Flink...

9.1CVSS5.9AI score0.00542EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2026/05/14 6:58 a.m.19 views

Important: Red Hat Security Advisory: zero trust workload identity manager for Red Hat OpenShift 1.0.1

zero trust workload identity manager for Red Hat OpenShift 1.0.1 The Zero Trust Workload Identity Manager ZTWIM is a day-2 operator. The operator manages lifecycle of operand components from SPIRE project. The goal of ZTWIM is to provide secure, verifiable workload identities for workloads in...

8.9CVSS6.9AI score0.02667EPSS
Exploits0References4
Rows per page
Query Builder