Lucene search
K

161041 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-50221

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In OpenStack Swift before 2.37.2, proxy-server does not strip internal update headers X-Container-Host, X-Container-Device, X-Delete-At-Host, X-Delete-At-Device...

5.4CVSS6AI score0.00146EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.10 views

Zimbra Collaboration Server < 8.8.15 Patch 7 Server-Side Request Forgery Vulnerability

According to its self-reported version number, Zimbra Collaboration Server is affected by a server-side request forgery vulnerability: - Zimbra Collaboration Suite ZCS before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled. CVE-2020-7796 Note that Nessus has no...

9.8CVSS7.5AI score0.85416EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.7 views

RHEL 9 : kpatch-patch-5_14_0-570_116_1, kpatch-patch-5_14_0-570_17_1, kpatch-patch-5_14_0-570_39_1, kpatch-patch-5_14_0-570_66_1, and kpatch-patch-5_14_0-570_94_1 (RHSA-2026:28740)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:28740 advisory. This is a kernel live patch module which can be loaded by the kpatch command line utility to modify the code of a running kernel. This patch module ...

9.8CVSS6.1AI score0.00563EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-44727

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Jupyter Server is the backend for Jupyter web applications. Prior to 2.20, the nbconvert HTTP handlers in jupyterserver render user-authored notebook HTML under...

9.3CVSS5.8AI score0.00227EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.15 views

PT-2026-51612

Name of the Vulnerable Software and Affected Versions Style Dictionary versions 4.3.0 through 5.4.3 Description Style Dictionary contains a prototype pollution issue within the convertTokenData function. Prototype pollution occurs when an attacker manipulates the proto property of a JavaScript...

8.8CVSS5.8AI score0.00132EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-50019

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - yt-dlp is a command-line audio/video downloader. From 2023.09.24 until 2026.06.09, if curl is used as an external downloader for yt-dlp, cookies may be leaked t...

7.4CVSS5.8AI score0.00268EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-12064

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - curl - None Ubuntu Linux - When a user invokes curl using a schemeless URL combined with --proto-default sftp or scp, a disconnect occurs between...

5.9AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-8927

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - curl - None Ubuntu Linux - When reusing a libcurl handle for sequential transfers driven by environment-variable proxy configuration, libcurl fai...

5.8AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-52921

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - netfilter: ipset: stop hash: range iteration at end The following hash set variants: hash:ip,mark hash:ip,port hash:ip,port,ip hash:ip,port,net iterate IPv4...

5.8AI score0.00164EPSS
Exploits0References4
NVD
NVD
added 2026/06/23 11:16 p.m.8 views

CVE-2026-48493

Snipe-IT is an IT asset/license management system. In versions prior to 8.6.0, a user with only users.edit can send a PATCH to /api/v1/users/theirownid and grant themselves any permission except admin and superuser — for example assets.view, assets.create, reports.view, import, etc. The issue is...

5.5CVSS0.00182EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/23 10:12 p.m.8 views

Snipe-IT Vulnerable to Privilege Escalation for self via API Permissions Assignment

Impact A user with only users.edit AND api permissions can send a PATCH to /api/v1/users/theirownid and grant themselves any permission except admin and superuser — for example assets.view, assets.create, reports.view, import, etc. Patches Patched in...

5.5CVSS5.8AI score0.00182EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/06/23 10:11 p.m.27 views

CVE-2026-48493 Snipe-IT Vulnerable to Privilege Escalation for self via API Permissions Assignment

Snipe-IT is an IT asset/license management system. In versions prior to 8.6.0, a user with only users.edit can send a PATCH to /api/v1/users/theirownid and grant themselves any permission except admin and superuser — for example assets.view, assets.create, reports.view, import, etc. The issue is...

5.5CVSS0.00182EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/23 10:11 p.m.5 views

CVE-2026-48493

Snipe-IT is an IT asset/license management system. In versions prior to 8.6.0, a user with only users.edit can send a PATCH to /api/v1/users/theirownid and grant themselves any permission except admin and superuser — for example assets.view, assets.create, reports.view, import, etc. The issue is...

5.5CVSS5.8AI score0.00182EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/06/23 10:11 p.m.13 views

CVE-2026-48493

Snipe-IT (IT asset/license management) is affected by CVE-2026-48493 through a privilege-escalation flaw in versions prior to 8.6.0. A user with only users.edit can PATCH /api/v1/users/{their_own_id} to grant themselves any permission except admin/superuser (e.g., assets.view, assets.create, repo...

5.5CVSS5.8AI score0.00182EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/23 9:23 p.m.7 views

jackson-databind has case-insensitive deserialization bypasses per-property @JsonIgnoreProperties

Summary In BeanDeserializerBase.createContextual, per-property @JsonIgnoreProperties exclusions are applied by handleByNameInclusion, producing a contextual deserializer whose BeanPropertyMap has the ignored properties removed. The subsequent per-property case-insensitivity block triggered by...

5.3CVSS5.8AI score0.00345EPSS
Exploits0References6Affected Software2
OSV
OSV
added 2026/06/23 9:21 p.m.7 views

GHSA-3WRR-7QPF-2PRH jackson-databind: Deeply nested JsonNode throws StackOverflowError for toString()

Impact Potential Denial-of-Service when attacker sends deeply nested JSON if and only if service: 1. Reads deeply nested 1000s of levels JSON as JsonNode ObjectMapper.readTree 2. Writes out same or modifided node using JsonNode.toString which can consume significant amount of resources with...

6.3CVSS5.8AI score0.00616EPSS
Exploits1References4
CVE
CVE
added 2026/06/23 8:12 p.m.17 views

CVE-2026-47386

CVE-2026-47386 affects NocoDB’s OAuth token-exchange flow. Before 2026.05.1, two concurrent token-exchange requests could use the same OAuth authorization code to mint two valid token pairs, breaking PKCE’s single-use guarantee. The issue is mitigated by a fix in 2026.05.1, which introduces atomi...

6.3CVSS5.9AI score0.00197EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/23 7:13 p.m.10 views

CVE-2026-53622 Traefik: HTTP/3 mTLS bypass via exact SNI TLSOptions lookup for wildcard and mixed-case hosts

Traefik is an HTTP reverse proxy and load balancer. Prior to 3.7.3, there is a critical vulnerability in Traefik's HTTP/3 QUIC TLS configuration selection that allows unauthenticated clients to bypass router-specific mTLS enforcement. When HTTP/3 is enabled on an entrypoint, the TLS handshake...

7.8CVSS5.9AI score0.0024EPSS
Exploits1References2
OSV
OSV
added 2026/06/23 5:48 p.m.8 views

ROOT-APP-NPM-GHSA-8H8Q-6873-Q5FJ GHSA-8h8q-6873-q5fj in @rootio/next - Patched by Root

Root has patched GHSA-8h8q-6873-q5fj in the @rootio/next package for Root:npm. Multiple fixed versions available...

5.8AI score
Exploits0
OSV
OSV
added 2026/06/23 5:48 p.m.9 views

ROOT-APP-NPM-CVE-2026-44573 CVE-2026-44573 in @rootio/next - Patched by Root

Root has patched CVE-2026-44573 in the @rootio/next package for Root:npm. Multiple fixed versions available...

7.5CVSS5.8AI score0.00457EPSS
Exploits1
Rows per page
Query Builder