Lucene search
K

15141 matches found

Nuclei
Nuclei
added yesterday61 views

Redash Setup Configuration - Default Secrets Disclosure

Redash Setup Configuration is vulnerable to default secrets disclosure Insecure Default Initialization of Resource. If an admin sets up Redash versions =10.0 and prior without explicitly specifying the REDASHCOOKIESECRET or REDASHSECRETKEY environment variables, a default value is used for both...

8.1CVSS6.6AI score0.08017EPSS
Exploits1References5
IBM Security Bulletins
IBM Security Bulletins
added 3 days ago4 views

Security Bulletin: Multiple vulnerabilities that affects IBM Db2 Genius Hub

Summary The following dependency packages are being used by IBM Db2 Genius Hub. flatted-3.3.3.tgz , axios-1.15.1.tgz, immutable-4.0.0-rc.12.tgz , lodash-4.17.23.tgz, jspdf-3.0.2.tgz , swiper-11.2.10.tgz , picomatch-2.3.1.tgz , axios-1.12.2.tgz , router-1.23.0.tgz , minimatch-10.2.1.tgz ,...

7.5CVSS5.9AI score0.00521EPSS
Exploits2Affected Software1
OSV
OSV
added 3 days ago3 views

GHSA-PMCH-G965-GRMR Langroid: SQLChatAgent _validate_query blocklist misses pg_read_file family enabling arbitrary file read

Summary SQLChatAgent in langroid ships a validatequery defense-in-depth layer whose DANGEROUSSQLPATTERNS regex blocklist enumerates dangerous SQL primitives by specific function name. The list misses the canonical PostgreSQL filesystem-disclosure family pgreadfile, pgstatfile, pglslogdir,...

8.7CVSS6.1AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 3 days ago5 views

Langroid: SQLChatAgent _validate_query blocklist misses pg_read_file family enabling arbitrary file read

Summary SQLChatAgent in langroid ships a validatequery defense-in-depth layer whose DANGEROUSSQLPATTERNS regex blocklist enumerates dangerous SQL primitives by specific function name. The list misses the canonical PostgreSQL filesystem-disclosure family pgreadfile, pgstatfile, pglslogdir,...

6.1AI score
Exploits0References3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 3 days ago3 views

Security Bulletin: IBM Quantum Safe Remediator is affected by mutiple vulnerabilities

Summary The vulnerabilities are found in the dependent open source libraries used in IBM Quantum Safe Remediator code base. IBM Quantum Safe Remediator has addressed these vulnerabilities by updating the versions of the affected libraries. Vulnerability Details CVEID:CVE-2026-39824 DESCRIPTION:...

9.3CVSS6.4AI score0.00492EPSS
Exploits2Affected Software1
Nuclei
Nuclei
added 3 days ago92 views

Citrix StoreFront - Cross-Site Scripting

Reflected Cross-Site Scripting issue which is exploitable without authentication. This vulnerability was exploitable through coercing an error message during an XML parsing procedure in the SSO flow. id: CVE-2023-5914 info: name: Citrix StoreFront - Cross-Site Scripting author: DhiyaneshDK...

7.2CVSS6.5AI score0.73142EPSS
Exploits0References4
Securelist
Securelist
added 3 days ago7 views

Missed incidents, persistent threats, and response gaps: Insights from compromise assessment projects

The following analysis presents the key findings from Kaspersky Compromise Assessment engagements performed in 2025. A compromise assessment is an independent, expert-driven service that examines whether a target network has been compromised. The service combines threat intelligence analysis...

6.6AI score
Exploits0
Positive Technologies
Positive Technologies
added 3 days ago6 views

PT-2026-55461

Summary SQLChatAgent in langroid ships a validate query defense-in-depth layer whose DANGEROUS SQL PATTERNS regex blocklist enumerates dangerous SQL primitives by specific function name. The list misses the canonical PostgreSQL filesystem-disclosure family pg read file, pg stat file, pg ls logdir...

8.7CVSS6.2AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 3 days ago5 views

PT-2026-55407

Summary SQLChatAgent in langroid ships a validate query defense-in-depth layer whose DANGEROUS SQL PATTERNS regex blocklist enumerates dangerous SQL primitives by specific function name. The list misses the canonical PostgreSQL filesystem-disclosure family pg read file, pg stat file, pg ls logdir...

8.7CVSS6.2AI score
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 5 days ago3 views

Security Bulletin: IBM Event Endpoint Management is affected by multiple vulnerabilities

Summary IBM Event Endpoint Management is affected by multiple vulnerabilities which are fixed in IBM Event Endpoint Management version 11.8.0 Vulnerability Details CVEID:CVE-2026-2391 DESCRIPTION: Summary The arrayLimit option in qs does not enforce limits for comma-separated values when comma:...

9.4CVSS5.9AI score0.00517EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 5 days ago3 views

Security Bulletin: IBM Event Streams is affected by multiple vulnerabilities

Summary IBM Event Streams is affected by multiple vulnerabilities which are addressed in IBM Event Streams version 13.0.0 Vulnerability Details CVEID:CVE-2025-13465 DESCRIPTION: Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the .unset and .omit functions. An...

8.7CVSS5.8AI score0.01535EPSS
Exploits3Affected Software1
OSV
OSV
added 5 days ago4 views

RHSA-2026:33371 Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.18 security update

Bulletin has no description...

9.6CVSS6.9AI score0.0217EPSS
Exploits8References68
IBM Security Bulletins
IBM Security Bulletins
added 5 days ago5 views

Security Bulletin: Multiple security vulnerabilities in IBM Business Automation Manager Open Editions

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed in IBM Business Automation Manager Open Editions 9.5.0 Vulnerability Details CVEID:CVE-2026-33871 DESCRIPTION: Netty is an asynchronous, event-driven network application...

8.7CVSS6.8AI score0.01125EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 5 days ago4 views

Security Bulletin: Maximo AI Service uses multiple third party dependencies which are vulnerable to multiple CVEs.

Summary Maximo AI Service uses pdfminersix-20251107-py3-none-any.whl, requests-2.32.5-py3-none-any.whl, langchaincore-0.3.81-py3-none-any.whl, pythondotenv-1.0.1-py3-none-any.whl, langchaintextsplitters-0.3.11-py3-none-any.whl, qs-6.15.1.tgz, idna-3.10-py3-none-any.whl, idna-3.14-py3-none-any.whl...

6.9CVSS6AI score0.00408EPSS
Exploits3Affected Software1
RedHat Linux
RedHat Linux
added 5 days ago6 views

qs: qs: Denial of Service via improper input validation in array parsing

A flaw was found in qs, a module used for parsing query strings. A remote attacker can exploit an improper input validation vulnerability by sending specially crafted HTTP requests that use bracket notation e.g., a=value. This bypasses the arrayLimit option, which is designed to limit the size of...

6.3CVSS6.7AI score0.0041EPSS
Exploits1References6
IBM Security Bulletins
IBM Security Bulletins
added 6 days ago4 views

Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to vulnerability in qs

Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to vulnerability in qs. CVE-2026-2391 The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-2391 DESCRIPTION: Summary The arrayLimit option in qs does not enforce limits for...

7.5CVSS5.8AI score0.00478EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 6 days ago5 views

Security Bulletin: Multiple security vulnerabilities are addressed with Cloud Pak foundational services 4.18 shipped with IBM Business Automation Workflow containers June 2026

Summary IBM Business Automation Workflow containers include IBM Cloud Pak foundational services. IBM Business Automation Workflow containers June 2026 security fixes update this dependency beyond 4.18 to address security vulnerabilities. Vulnerability Details CVEID:CVE-2024-45310 DESCRIPTION: run...

9.8CVSS7.2AI score0.01945EPSS
Exploits4Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 6 days ago5 views

Security Bulletin: Multiple security vulnerabilities addressed with IBM Business Automation Workflow cumulative fixes June 2026

Summary In addition to updating many operating system level packages, the following security vulnerabilities are addressed with IBM Business Automation Workflow cumulative fixes. Vulnerability Details CVEID:CVE-2026-29063 DESCRIPTION: Immutable.js provides many Persistent Immutable data structure...

9.8CVSS8AI score0.01735EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 6 days ago6 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for June 2026.

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Cloud Pak for Business Automation released in June 2026. Vulnerability Details CVEID:CVE-2025-12635 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM...

9.8CVSS8.2AI score0.01815EPSS
Exploits5Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 6 days ago6 views

Security Bulletin: Multiple security vulnerabilities are addressed with Cloud Pak foundational services 4.18.0 shipped with IBM Cloud Pak for Business Automation iFixes for June 2026

Summary IBM Cloud Pak for Business Automation includes IBM Cloud Pak foundational services. IBM Cloud Pak for Business Automation June 2026 security fixes update this dependency beyond 4.18.0 to address security vulnerabilities. Vulnerability Details CVEID:CVE-2024-45310 DESCRIPTION: runc is a CL...

9.8CVSS8.4AI score0.01945EPSS
Exploits4Affected Software2
Rows per page
Query Builder