Lucene search
K

3364 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/30 9:12 p.m.4 views

CVE-2025-36335

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.3.0, 5.3.1 stores user credentials in plain text which can be read by a local user...

6.2CVSS5.1AI score0.00093EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/30 9:12 p.m.8 views

EUVD-2025-209604

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.3.0, 5.3.1 stores user credentials in plain text which can be read by a local user...

6.2CVSS5.1AI score0.00093EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/30 9:12 p.m.6 views

CVE-2025-36335 Vulnerabilities found

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.3.0, 5.3.1 stores user credentials in plain text which can be read by a local user...

6.2CVSS5.8AI score0.00093EPSS
Exploits0References1
CVE
CVE
added 2026/04/30 9:12 p.m.13 views

CVE-2025-36335

CVE-2025-36335 affects IBM watsonx.data intelligence releases 5.2.0, 5.2.1, 5.3.0, and 5.3.1. The root cause is that user credentials are stored in plain text, allowing a local user to read them. This leads to confidentiality impact (high) per the CVSS metrics, with access restricted to local con...

6.2CVSS5.1AI score0.00093EPSS
Exploits0References1Affected Software1
Fedora
Fedora
added 2026/04/30 1:21 a.m.9 views

[SECURITY] Fedora 43 Update: dokuwiki-20250514b-3.fc43

DokuWiki is a standards compliant, simple to use Wiki, mainly aimed at creati ng documentation of any kind. It has a simple but powerful syntax which makes su re the data-files remain readable outside the Wiki and eases the creation of structured texts. All data is stored in plain text files no...

7.5CVSS5.3AI score0.00452EPSS
Exploits1
Fedora
Fedora
added 2026/04/30 12:54 a.m.9 views

[SECURITY] Fedora 44 Update: dokuwiki-20250514b-5.fc44

DokuWiki is a standards compliant, simple to use Wiki, mainly aimed at creati ng documentation of any kind. It has a simple but powerful syntax which makes su re the data-files remain readable outside the Wiki and eases the creation of structured texts. All data is stored in plain text files no...

7.5CVSS5.3AI score0.00452EPSS
Exploits1
CNNVD
CNNVD
added 2026/04/30 12:0 a.m.11 views

container 安全漏洞

Container is an open-source tool developed by Apple for creating and running Linux containers on Mac devices. Versions of Container prior to 0.12.3 have a security vulnerability. This vulnerability arises when connecting to hosts with domain names that bypass pattern matching, causing registry...

6.5CVSS5.8AI score0.00199EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/30 12:0 a.m.3 views

PT-2026-36193

Name of the Vulnerable Software and Affected Versions IBM watsonx.data intelligence versions 5.2.0 through 5.2.1 IBM watsonx.data intelligence versions 5.3.0 through 5.3.1 Description User credentials are stored in plain text, allowing a local user to read them. Recommendations At the moment, the...

6.2CVSS5.8AI score0.00093EPSS
Exploits0References5
Fedora
Fedora
added 2026/04/25 1:52 a.m.14 views

[SECURITY] Fedora 44 Update: libgsasl-1.10.0-15.fc44

The library includes support for the SASL framework and at least partial support for the CRAM-MD5, EXTERNAL, GSSAPI, ANONYMOUS, PLAIN, SECURID, DIGEST-MD5, LOGIN, and NTLM mechanisms...

8.1CVSS7.3AI score0.01091EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/04/24 3:7 a.m.6 views

CVE-2026-41319

MailKit is a cross-platform mail client library built on top of MimeKit. A STARTTLS Response Injection vulnerability in versions prior to 4.16.0 allows a Man-in-the-Middle attacker to inject arbitrary protocol responses across the plaintext-to-TLS trust boundary, enabling SASL authentication...

6.5CVSS6AI score0.00223EPSS
Exploits1References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.10 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013491)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013491 advisory. In the Linux kernel, the following vulnerability has been resolved: fs/9p: only translate RWX permissions for plain 9P2000 Garbage in plain 9P2000's perm bits is...

5.5CVSS6.5AI score0.00218EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/21 8:30 p.m.5 views

CVE-2026-6796 Sanluan PublicCMS Failed Login LoginAdminController.java log_login cleartext storage in file

A vulnerability was determined in Sanluan PublicCMS up to 6.202506.d. Affected is the function loglogin of the file core/src/main/java/com/publiccms/controller/admin/LoginAdminController.java of the component Failed Login Handler. This manipulation of the argument errorPassword causes cleartext...

5.3CVSS5.5AI score0.00147EPSS
Exploits0References3
CISA
CISA
added 2026/04/20 12:0 p.m.17 views

​​Supply Chain Compromise Impacts Axios Node Package Manager​

The Cybersecurity and Infrastructure Security Agency CISA is releasing this alert to provide guidance in response to the software supply chain compromise of the Axios node package manager npm.1 Axios is an HTTP client for JavaScript that developers commonly use in Node.js and browser environments...

6AI score
Exploits0References9
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2026/04/20 12:0 a.m.18 views

[20260518] - Core - Transport encryption downgrade for password and username reset links

The password and username reset features created plain http links for https connections if the "Force SSL" flag wasn't explicitly set...

9.8CVSS5.8AI score0.0019EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2026/04/17 12:0 a.m.10 views

Anviz CrossChex Standard 安全漏洞

Anviz CrossChex Standard is a centralized control software developed by Anviz Corporation in the United States, used for access control and attendance data management. Anviz CrossChex Standard has a security vulnerability. This vulnerability arises from the ability of attackers to manipulate the...

7.5CVSS5.8AI score0.0021EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/15 11:15 p.m.8 views

CVE-2026-40193

maddy is a composable, all-in-one mail server. Versions prior to 0.9.3 contain an LDAP injection vulnerability in the auth.ldap module where user-supplied usernames are interpolated into LDAP search filters and DN strings via strings.ReplaceAll without any LDAP filter escaping, despite the...

8.2CVSS5.9AI score0.00419EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/04/15 11:15 p.m.32 views

CVE-2026-40193 Maddy Mail Server: LDAP Filter Injection via Unsanitized Username

maddy is a composable, all-in-one mail server. Versions prior to 0.9.3 contain an LDAP injection vulnerability in the auth.ldap module where user-supplied usernames are interpolated into LDAP search filters and DN strings via strings.ReplaceAll without any LDAP filter escaping, despite the...

8.2CVSS0.00419EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/04/15 11:15 p.m.3 views

CVE-2026-40193 Maddy Mail Server: LDAP Filter Injection via Unsanitized Username

maddy is a composable, all-in-one mail server. Versions prior to 0.9.3 contain an LDAP injection vulnerability in the auth.ldap module where user-supplied usernames are interpolated into LDAP search filters and DN strings via strings.ReplaceAll without any LDAP filter escaping, despite the...

8.2CVSS5.9AI score0.00419EPSS
Exploits1References3
AlpineLinux
AlpineLinux
added 2026/04/15 11:15 p.m.2 views

CVE-2026-40193

maddy is a composable, all-in-one mail server. Versions prior to 0.9.3 contain an LDAP injection vulnerability in the auth.ldap module where user-supplied usernames are interpolated into LDAP search filters and DN strings via strings.ReplaceAll without any LDAP filter escaping, despite the...

8.2CVSS5.9AI score0.00419EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2026/04/13 2:20 p.m.4 views

CVE-2025-66236 Apache Airflow: Secrets from Airflow config file logged in plain text in DAG run logs UI

Before Airflow 3.2.0, it was unclear that secure Airflow deployments require the Deployment Manager to take appropriate actions and pay attention to security details and security model of Airflow. Some assumptions the Deployment Manager could make were not clear or explicit enough, even though...

5.8AI score0.00439EPSS
Exploits0References2
Rows per page
Query Builder