Lucene search
K

26 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/06/18 6:7 a.m.7 views

Security Bulletin: IBM Enterprise Build of Quarkus is affected by multiple vulnerabilities

Summary IBM Enterprise Build of Quarkus is affected by vulnerabilities in Eclipse Netty and Eclipse Vert.x Vulnerability Details CVEID:CVE-2026-45416 DESCRIPTION: Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and...

10CVSS5.7AI score0.00606EPSS
Exploits1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.20 views

PT-2026-47589

Summary Netty's DNS resolver uses a predictable PRNG for generating DNS transaction IDs and defaults to a static UDP source port. This combination reduces the entropy of DNS queries, enabling DNS Cache Poisoning Kaminsky attack. Details Two factors contribute to this vulnerability in...

6.8CVSS5.5AI score
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/09 9:16 p.m.3 views

CVE-2026-40112

PraisonAI is a multi-agent teams system. Prior to 4.5.128, the Flask API endpoint in src/praisonai/api.py renders agent output as HTML without effective sanitization. The sanitizehtml function relies on the nh3 library, which is not listed as a required or optional dependency in pyproject.toml...

5.4CVSS6AI score0.00216EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/03/19 9:22 p.m.4 views

GHSA-VFX2-HV2G-XJ5F Protocol-Relative URL Injection via Single Backslash Bypass in Angular SSR

An Open Redirect vulnerability exists in @angular/ssr due to an incomplete fix for CVE-2026-27738. While the original fix successfully blocked multiple leading slashes e.g., ///, the internal validation logic fails to account for a single backslash \ bypass. When an Angular SSR application is...

6.9CVSS5.7AI score0.00255EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/02/19 7:41 p.m.11 views

OpenClaw replaced a deprecated sandbox hash algorithm

Affected Packages / Versions - npm package: openclaw - Affected versions: = 2026.2.14 - Fixed version pre-set: 2026.2.15 Description The sandbox identifier cache key for Docker/browser sandbox configuration used SHA-1 to hash normalized configuration payloads. SHA-1 is deprecated for cryptographi...

9.1CVSS5.7AI score0.00179EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/10 5:27 p.m.4 views

CVE-2026-25805 Zed does not show Parameter Values for MCP Tool Calls. Users cannot detect tool poisoning.

Zed is a multiplayer code editor. Prior to 0.219.4, Zed does not show with which parameters a tool is being invoked, when asking for allowance. Further it does not show after the tool was being invoked, which parameters were used. Thus, maybe unwanted or even malicious values could be used withou...

6.4CVSS5.6AI score0.00239EPSS
Exploits1References1
OSV
OSV
added 2026/02/02 5:31 p.m.4 views

GHSA-6WHJ-7QMG-86QJ Khoj has an IDOR in Notion OAuth Flow that Enables Index Poisoning

Summary An IDOR in the Notion OAuth callback allows an attacker to hijack any user's Notion integration by manipulating the state parameter. The callback endpoint accepts any user UUID without verifying the OAuth flow was initiated by that user, allowing attackers to replace victims' Notion...

5.4CVSS5.7AI score0.00361EPSS
Exploits1References5
Amazon
Amazon
added 2025/12/08 12:0 a.m.5 views

Medium: bind

Issue Overview: Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to inject forged data into the cache. This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12,...

8.6CVSS6AI score0.00509EPSS
Exploits1
NVD
NVD
added 2025/10/27 8:15 p.m.6 views

CVE-2025-59151

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level advertisement and internet tracker blocking application. Pi-hole Admin Interface before 6.3 is vulnerable to Carriage Return Line Feed CRLF injection. When a request is made to a file ending with the .lp extension, t...

8.2CVSS0.00398EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/10/22 4:4 p.m.5 views

CVE-2025-40780

A vulnerability was found in BIND resolvers caused by a weakness in the Pseudo Random Number Generator PRNG. This weakness allows an attacker to potentially predict the source port and query ID used by BIND, enabling cache poisoning attacks. If successful, the attacker can inject malicious DNS...

8.6CVSS6.4AI score0.00454EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2025/10/22 12:28 p.m.1 views

CVE-2025-11411

NLnet Labs Unbound up to and including version 1.24.1 is vulnerable to possible domain hijack attacks. Promiscuous NS RRSets that complement positive DNS replies in the authority section can be used to trick resolvers to update their delegation information for the zone. Usually these RRSets are...

7.1CVSS6.4AI score0.00311EPSS
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2020-9422

Malware in sbrugna...

5.3CVSS5.4AI score0.02072EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2019-0158

Malware in sbrugna...

8.2CVSS6.1AI score0.02587EPSS
Exploits0References19
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-6969

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.00738EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-47902

Malicious code in bioql PyPI...

9.3CVSS6.6AI score0.00595EPSS
Exploits0References1
OSV
OSV
added 2025/09/12 6:15 a.m.4 views

DEBIAN-CVE-2025-10148

curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two...

5.3CVSS7AI score0.00466EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/08/24 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2014-4883

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - resolv.c in the DNS resolver in uIP, and dns.c in the DNS resolver in lwIP 1.4.1 and earlier, does not use random values for ID fields and source ports of DNS...

4.3CVSS5.8AI score0.00572EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/09 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2023-38522

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache Traffic Server accepts characters that are not allowed for HTTP field names and forwards malformed requests to origin servers. This can be utilized for...

7.5CVSS7.1AI score0.00987EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 4:33 p.m.8 views

CVE-2020-25926

The DNS client in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Insufficient entropy in the DNS transaction id. The impact is: DNS cache poisoning remote. The component is: dnsquerytype. The attack vector is: a specific DNS response packet...

7.5CVSS6.9AI score0.01262EPSS
Exploits0
OSV
OSV
added 2025/02/26 7:1 a.m.3 views

UBUNTU-CVE-2022-49611

In the Linux kernel, the following vulnerability has been resolved: x86/speculation: Fill RSB on vmexit for IBRS Prevent RSB underflow/poisoning attacks with RSB. While at it, add a bunch of comments to attempt to document the current state of tribal knowledge about RSB attacks and what exactly i...

5.5CVSS6.2AI score0.00276EPSS
Exploits0References10
Rows per page
Query Builder