Lucene search
K

161024 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.9 views

RHEL 10 : kpatch-patch-6_12_0-211_16_1 (RHSA-2026:28742)

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:28742 advisory. This is a kernel live patch module which can be loaded by the kpatch command line utility to modify the code of a running kernel. This patch module...

9.8CVSS6.1AI score0.00563EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-44727

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Jupyter Server is the backend for Jupyter web applications. Prior to 2.20, the nbconvert HTTP handlers in jupyterserver render user-authored notebook HTML under...

9.3CVSS5.8AI score0.00227EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-8925

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The vulnerability exists due to a double-free error occurring within the SASL authentication code path. CVE-2026-8925 Note that Nessus relies on the presence of...

5.9AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-8286

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - curl - None Ubuntu Linux - A vulnerability exists where a new transfer that uses STARTTLS to upgrade the connection might reuse an existing live...

5.8AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-9080

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - curl - None Ubuntu Linux - Calling curleasypause within the event-based CURLMOPTSOCKETFUNCTION callback triggers a use-after-free vulnerability,...

5.8AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-9545

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - curl - None Ubuntu Linux - In this scenario, libcurl first uses a proper HTTP/3 server for the initial transfers, and when it makes a second...

5.6AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-8927

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - curl - None Ubuntu Linux - When reusing a libcurl handle for sequential transfers driven by environment-variable proxy configuration, libcurl fai...

5.8AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-9547

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - curl - None Ubuntu Linux - When a libcurl-based application performs transfers via SCP:// or SFTP:// and utilizes the CURLOPTSSHKEYFUNCTION...

5.8AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-9079

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - curl - None Ubuntu Linux - libcurl had a flaw that when instructed to clear proxy authentication credentials which made it not do so, leaving the...

5.8AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-8924

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - curl - None Ubuntu Linux - A flaw in curl's cookie parsing logic allows a malicious HTTP server to set super cookies that bypass the Public Suffi...

5.8AI score
Exploits0References3
NVD
NVD
added 2026/06/23 11:16 p.m.8 views

CVE-2026-48493

Snipe-IT is an IT asset/license management system. In versions prior to 8.6.0, a user with only users.edit can send a PATCH to /api/v1/users/theirownid and grant themselves any permission except admin and superuser — for example assets.view, assets.create, reports.view, import, etc. The issue is...

5.5CVSS0.00182EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/23 10:12 p.m.8 views

Snipe-IT Vulnerable to Privilege Escalation for self via API Permissions Assignment

Impact A user with only users.edit AND api permissions can send a PATCH to /api/v1/users/theirownid and grant themselves any permission except admin and superuser — for example assets.view, assets.create, reports.view, import, etc. Patches Patched in...

5.5CVSS5.8AI score0.00182EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/06/23 10:11 p.m.27 views

CVE-2026-48493 Snipe-IT Vulnerable to Privilege Escalation for self via API Permissions Assignment

Snipe-IT is an IT asset/license management system. In versions prior to 8.6.0, a user with only users.edit can send a PATCH to /api/v1/users/theirownid and grant themselves any permission except admin and superuser — for example assets.view, assets.create, reports.view, import, etc. The issue is...

5.5CVSS0.00182EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/23 10:11 p.m.5 views

CVE-2026-48493

Snipe-IT is an IT asset/license management system. In versions prior to 8.6.0, a user with only users.edit can send a PATCH to /api/v1/users/theirownid and grant themselves any permission except admin and superuser — for example assets.view, assets.create, reports.view, import, etc. The issue is...

5.5CVSS5.8AI score0.00182EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/06/23 10:11 p.m.13 views

CVE-2026-48493

Snipe-IT (IT asset/license management) is affected by CVE-2026-48493 through a privilege-escalation flaw in versions prior to 8.6.0. A user with only users.edit can PATCH /api/v1/users/{their_own_id} to grant themselves any permission except admin/superuser (e.g., assets.view, assets.create, repo...

5.5CVSS5.8AI score0.00182EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/23 9:23 p.m.7 views

jackson-databind has case-insensitive deserialization bypasses per-property @JsonIgnoreProperties

Summary In BeanDeserializerBase.createContextual, per-property @JsonIgnoreProperties exclusions are applied by handleByNameInclusion, producing a contextual deserializer whose BeanPropertyMap has the ignored properties removed. The subsequent per-property case-insensitivity block triggered by...

5.3CVSS5.8AI score0.00345EPSS
Exploits0References6Affected Software2
OSV
OSV
added 2026/06/23 9:21 p.m.7 views

GHSA-3WRR-7QPF-2PRH jackson-databind: Deeply nested JsonNode throws StackOverflowError for toString()

Impact Potential Denial-of-Service when attacker sends deeply nested JSON if and only if service: 1. Reads deeply nested 1000s of levels JSON as JsonNode ObjectMapper.readTree 2. Writes out same or modifided node using JsonNode.toString which can consume significant amount of resources with...

6.3CVSS5.8AI score0.00616EPSS
Exploits1References4
CVE
CVE
added 2026/06/23 8:12 p.m.17 views

CVE-2026-47386

CVE-2026-47386 affects NocoDB’s OAuth token-exchange flow. Before 2026.05.1, two concurrent token-exchange requests could use the same OAuth authorization code to mint two valid token pairs, breaking PKCE’s single-use guarantee. The issue is mitigated by a fix in 2026.05.1, which introduces atomi...

6.3CVSS5.9AI score0.00197EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/23 7:13 p.m.9 views

CVE-2026-53622 Traefik: HTTP/3 mTLS bypass via exact SNI TLSOptions lookup for wildcard and mixed-case hosts

Traefik is an HTTP reverse proxy and load balancer. Prior to 3.7.3, there is a critical vulnerability in Traefik's HTTP/3 QUIC TLS configuration selection that allows unauthenticated clients to bypass router-specific mTLS enforcement. When HTTP/3 is enabled on an entrypoint, the TLS handshake...

7.8CVSS5.9AI score0.0024EPSS
Exploits1References2
OSV
OSV
added 2026/06/23 5:48 p.m.8 views

ROOT-APP-NPM-GHSA-8H8Q-6873-Q5FJ GHSA-8h8q-6873-q5fj in @rootio/next - Patched by Root

Root has patched GHSA-8h8q-6873-q5fj in the @rootio/next package for Root:npm. Multiple fixed versions available...

5.8AI score
Exploits0
Rows per page
Query Builder