Lucene search
+L

1298 matches found

RedHat Linux
RedHat Linux
added 2026/05/19 1:41 p.m.47 views

Low: Red Hat Security Advisory: NetworkManager security update

An update for NetworkManager is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

3.3CVSS5.8AI score0.00162EPSS
Exploits0References3
OSV
OSV
added 2026/05/19 11:55 a.m.5 views

SUSE-SU-2026:2008-1 Security update for haveged

This update for haveged fixes the following issue - CVE-2026-41054: missing exit out of permission check could lead to root exploit bsc1264086. Changes for haveged: - Improvements on the linux kernel random subsystem have made move forward to socket communication within private network - Fix 'sto...

7.8CVSS5.8AI score0.00185EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/18 7:0 p.m.8 views

CVE-2026-45245 Summarize < 0.15.1 Unauthorized Daemon Request via Untrusted Events

Summarize prior to 0.15.1 contains a vulnerability in the hover summary feature that allows malicious pages to dispatch synthetic mouseover events over attacker-controlled links, causing the extension to make authenticated daemon requests using stored tokens without verifying event trustworthines...

7.4CVSS5.8AI score0.0033EPSS
Exploits1References4
EUVD
EUVD
added 2026/05/18 7:0 p.m.11 views

EUVD-2026-30795

Summarize prior to 0.15.1 contains a vulnerability in the hover summary feature that allows malicious pages to dispatch synthetic mouseover events over attacker-controlled links, causing the extension to make authenticated daemon requests using stored tokens without verifying event trustworthines...

7.4CVSS5.8AI score0.0033EPSS
Exploits1References4
GithubExploit
GithubExploit
added 2026/05/16 10:6 p.m.126 views

Exploit for Classic Buffer Overflow in Cisco Adaptive_Security_Appliance_Software

CVE-2025-20333 Scanner A Python-based diagnostic scanner for...

9.9CVSS8AI score0.40391EPSS
Exploits1
EUVD
EUVD
added 2026/05/15 8:37 p.m.18 views

EUVD-2026-30631

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, the validateurl function in backend/openwebui/retrieval/web/utils.py only validates the initial URL submitted by the caller. The HTTP clients used downstream sync requests, async...

8.5CVSS5.8AI score0.003EPSS
Exploits1References1
NVD
NVD
added 2026/05/14 3:16 p.m.23 views

CVE-2026-42559

RMCP is an official Rust SDK for the Model Context Protocol. Prior to version 1.4.0, the rmcp crate's Streamable HTTP server transport crates/rmcp/src/transport/streamablehttpserver/ did not validate the incoming Host header. This allowed a malicious public website, via a DNS rebinding attack, to...

8.8CVSS0.00213EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/13 9:32 p.m.13 views

EUVD-2026-30099

An improper certificate validation vulnerability in the Prisma Access Agent® for Android and Chrome OS enables an attacker to perform a man-in-the-middle MitM attack to intercept VPN traffic. By presenting a certificate for any domain issued by a trusted Certificate Authority, the attacker can...

8.6CVSS5.8AI score0.00188EPSS
Exploits0References2
NVD
NVD
added 2026/05/13 7:16 p.m.17 views

CVE-2026-0248

An improper certificate validation vulnerability in the Prisma Access Agent® for Android and Chrome OS enables an attacker to perform a man-in-the-middle MitM attack to intercept VPN traffic. By presenting a certificate for any domain issued by a trusted Certificate Authority, the attacker can...

8.6CVSS0.00188EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/13 7:5 p.m.8 views

CVE-2026-0248

An improper certificate validation vulnerability in the Prisma Access Agent® for Android and Chrome OS enables an attacker to perform a man-in-the-middle MitM attack to intercept VPN traffic. By presenting a certificate for any domain issued by a trusted Certificate Authority, the attacker can...

8.6CVSS5.8AI score0.00188EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/13 6:15 p.m.75 views

CVE-2026-0257 PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities

Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software allows the attacker to bypass security restrictions and establish an unauthorized VPN connection. Panorama and Cloud NGFW are not impacted by these issues...

7.8CVSS5.8AI score0.86678EPSS
Exploits11References1
GithubExploit
GithubExploit
added 2026/05/12 11:0 p.m.107 views

Exploit for Improper Input Validation in Microsoft

monikerlinktest cve-2024-21413 1. set up tun0 on router via o...

9.8CVSS6AI score0.9466EPSS
Exploits23
ICS
ICS
added 2026/05/12 7:0 a.m.36 views

Schnieider Electric EcoStruxure Machine Expert HVAC (SEVD-2026-132-01)

GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install physical controls so no unauthorized personnel can access...

7.5CVSS5.9AI score0.00125EPSS
Exploits0References11
ICS
ICS
added 2026/05/12 6:0 a.m.23 views

Subnet Solutions PowerSYSTEM Center

ADVISORY SUMMARY Successful exploitation of these vulnerabilities could allow an authenticated attacker to expose sensitive information or cause a CRLF injection. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities...

5.8AI score
Exploits0References13
ICS
ICS
added 2026/05/12 12:0 a.m.15 views

Siemens SIMATIC

SUMMARY SIMATIC CN 4100 contains multiple vulnerabilities which could potentially lead to a compromise in availability, integrity and confidentiality. Siemens has released a new version for SIMATIC CN 4100 and recommends to update to the latest version. 2. GENERAL RECOMMENDATIONS As a general...

6.7AI score
Exploits0References10
RedhatCVE
RedhatCVE
added 2026/05/11 8:26 p.m.13 views

CVE-2026-44284

FastGPT is an AI Agent building platform. Prior to version 4.14.17, FastGPT had an inconsistent SSRF protection gap in MCP tool URL handling. The direct MCP preview/run endpoints already rejected internal/private network URLs, but the MCP tool create/update endpoints could still save an internal...

6.3CVSS5.8AI score0.00235EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/11 6:31 p.m.14 views

EUVD-2026-29145

OpenClaw before 2026.4.20 contains a server-side request forgery vulnerability in browser CDP profile creation that skips strict-mode SSRF policy checks. Attackers can create stored profiles pointing to private-network or metadata endpoints that bypass security policies and are later probed durin...

5CVSS5.8AI score0.00246EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/11 4:46 p.m.38 views

CVE-2026-45000 OpenClaw < 2026.4.20 - Server-Side Request Forgery via Browser CDP Profile Creation

OpenClaw before 2026.4.20 contains a server-side request forgery vulnerability in browser CDP profile creation that skips strict-mode SSRF policy checks. Attackers can create stored profiles pointing to private-network or metadata endpoints that bypass security policies and are later probed durin...

5CVSS0.00246EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/11 4:46 p.m.8 views

CVE-2026-45000 OpenClaw < 2026.4.20 - Server-Side Request Forgery via Browser CDP Profile Creation

OpenClaw before 2026.4.20 contains a server-side request forgery vulnerability in browser CDP profile creation that skips strict-mode SSRF policy checks. Attackers can create stored profiles pointing to private-network or metadata endpoints that bypass security policies and are later probed durin...

5CVSS5.8AI score0.00246EPSS
Exploits0References4
OSV
OSV
added 2026/05/11 4:46 p.m.4 views

CVE-2026-45000 OpenClaw < 2026.4.20 - Server-Side Request Forgery via Browser CDP Profile Creation

OpenClaw before 2026.4.20 contains a server-side request forgery vulnerability in browser CDP profile creation that skips strict-mode SSRF policy checks. Attackers can create stored profiles pointing to private-network or metadata endpoints that bypass security policies and are later probed durin...

2.3CVSS6AI score0.00246EPSS
Exploits0References6
Rows per page
Query Builder