Lucene search
K

170 matches found

RedhatCVE
RedhatCVE
added 2026/06/30 3:1 a.m.11 views

CVE-2026-50229

A flaw was found in Apache Tomcat. This vulnerability, known as Cross-Site Scripting XSS, allows a remote attacker to inject malicious scripts into the 'number guess example' web page. When other users view the compromised page, these scripts can execute in their web browsers. This could lead to...

6.1CVSS5.8AI score0.00455EPSS
Exploits1References4
OSV
OSV
added 2026/05/29 10:17 p.m.6 views

GHSA-W7PM-9G55-MXFM stigmem-node's unsigned plugin override could be enabled without a second explicit acknowledgment

Impact A single configuration flag could disable plugin signature enforcement. If an operator unintentionally carried that setting into an environment where plugin paths are writable by less-trusted users, unsigned plugin code could be loaded. Patches Patched in 0.9.0a2. Disabling plugin signatur...

7.3CVSS5.9AI score
Exploits0References5
Cvelist
Cvelist
added 2026/05/26 9:3 p.m.33 views

CVE-2026-45574 epa4all-client: TLS Certificate Validation Disabled in Production

epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.2, an attacker on the network path between the ePA service and the Konnektor can present any TLS certificate self-signed, expired, wrong CN and intercept all SOAP traffic. This includes patient...

8.1CVSS0.00138EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/26 9:3 p.m.13 views

CVE-2026-45574 epa4all-client: TLS Certificate Validation Disabled in Production

epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.2, an attacker on the network path between the ePA service and the Konnektor can present any TLS certificate self-signed, expired, wrong CN and intercept all SOAP traffic. This includes patient...

8.1CVSS5.8AI score0.00138EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/15 6:29 p.m.8 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation due to disabled TLS certificate validation in production environments. An attacker can intercept sensitive SOAP traffic, including patient identifiers, authentication operations, document content, and...

8.6CVSS5.5AI score0.00138EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/11 9:37 a.m.73 views

CVE-2025-8325 Improper Access Control via Gateway API in Multiple WSO2 Products Allows Unauthorized Operations

The software fails to enforce role-based access controls for certain Gateway API invocations. Users with the 'Internal/Everyone' role can invoke these APIs, bypassing intended permission checks. This same vulnerability also affects Internal Service APIs, potentially exposing them in WSO2 APIM 3.x...

6.3CVSS0.00174EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.19 views

PT-2026-39584

Name of the Vulnerable Software and Affected Versions WSO2 APIM versions 3.x Description The software fails to enforce role-based access controls for certain Gateway API and Internal Service API invocations. Users assigned the 'Internal/Everyone' role can invoke these APIs, bypassing intended...

8.8CVSS5.8AI score0.00174EPSS
Exploits0References7
The Hacker News
The Hacker News
added 2026/04/20 11:30 a.m.8 views

Why Most AI Deployments Stall After the Demo

The fastest way to fall in love with an AI tool is to watch the demo. Everything moves quickly. Prompts land cleanly. The system produces impressive outputs in seconds. It feels like the beginning of a new era for your team. But most AI initiatives don't fail because of bad technology. They stall...

5.7AI score
Exploits0
OSV
OSV
added 2026/04/14 11:14 p.m.7 views

GHSA-PM7Q-RJJX-979P Oxia exposes bearer token in debug log messages on authentication failure

Summary When OIDC authentication fails, the full bearer token is logged at DEBUG level in plaintext. If debug logging is enabled in production, JWT tokens are exposed in application logs and any connected log aggregation system. Impact An attacker with access to application logs e.g., via a...

8.7CVSS5.9AI score0.00308EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/03/25 12:26 a.m.5 views

SUSE CVE-2026-27969

Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location e.g. an S3 bucket can manipulate backup manifest files so that files in the manifest - which may be files that they have also...

9.3CVSS6AI score0.00402EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.13 views

Siemens SINEC Security Monitor 安全漏洞

SINEC Security Monitor is a modular network security software for passive, non-intrusive, continuous network security monitoring during production at customer premises. Siemens SINEC Security Monitor suffers from an information disclosure vulnerability that can be exploited by attackers to obtain...

5.3CVSS5.8AI score0.00259EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2026/03/04 12:0 a.m.5 views

The vulnerability of the Production Environment module of the Netmake ScriptCase platform for developing web applications in PHP language allows a hacker to bypass the administrator password.

The vulnerability of the Production Environment module of the Netmake ScriptCase platform for developing web applications in PHP is related to errors in the representation of certain functions. Exploiting this vulnerability can allow a malicious actor to bypass the administrator’s password by...

7.8CVSS7.6AI score0.01955EPSS
Exploits5References4
OSV
OSV
added 2026/02/27 4:3 p.m.4 views

GHSA-R492-HJGH-C9GW Vitess users with backup storage access can write to arbitrary file paths on restore

Impact Anyone with read/write access to the backup storage location e.g. an S3 bucket can manipulate backup manifest files so that files in the manifest — which may be files that they have also added to the manifest and backup contents — are written to any accessible location on restore. This is ...

9.3CVSS6.1AI score0.00402EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/02/27 4:3 p.m.12 views

Vitess users with backup storage access can write to arbitrary file paths on restore

Impact Anyone with read/write access to the backup storage location e.g. an S3 bucket can manipulate backup manifest files so that files in the manifest — which may be files that they have also added to the manifest and backup contents — are written to any accessible location on restore. This is ...

9.3CVSS6.1AI score0.00402EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2026/02/26 2:16 a.m.11 views

CVE-2026-27969

Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location e.g. an S3 bucket can manipulate backup manifest files so that files in the manifest — which may be files that they have also...

9.3CVSS0.00402EPSS
Exploits0References3
CVE
CVE
added 2026/02/26 1:49 a.m.31 views

CVE-2026-27965

Vitess CVE-2026-27965 affects versions older than 23.0.3 and 22.0.4, where read/write access to backup storage (e.g., S3) lets an attacker modify backup manifest files and cause arbitrary code to run when the backup is restored, potentially gaining unauthorized access to production. A patch exist...

9.9CVSS5.8AI score0.00417EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/02/26 1:49 a.m.5 views

CVE-2026-27965 Vitess users with backup storage access can gain unauthorized access to production deployment environments

Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location e.g. an S3 bucket can manipulate backup manifest files so that arbitrary code is later executed when that backup is restored...

8.4CVSS6.2AI score0.00417EPSS
Exploits0References6
Qualys Blog
Qualys Blog
added 2026/02/04 5:0 p.m.9 views

TruConfirm: Autonomous, Agent-Led, Safe Exploit Validation for Real-World Risk Reduction

Key Takeaways CISOs still can’t answer the only question that matters: Is this exposure exploitable on this asset, in our production environment, against our controls, right now? The vulnerability firehose broke the old model: With 48,177 CVEs published in 2025, “critical” lists are too large to...

5.8AI score
Exploits0
NVD
NVD
added 2026/01/23 9:15 p.m.10 views

CVE-2025-52024

A vulnerability exists in the Aptsys POS Platform Web Services module thru 2025-05-28, which exposes internal API testing tools to unauthenticated users. By accessing specific URLs, an attacker is presented with a directory-style index listing all available backend services and POS web services,...

9.4CVSS0.00413EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.8 views

PT-2026-1700

Name of the Vulnerable Software and Affected Versions WebConsole affected versions not specified Description The Report Builder component stores user input directly into a web page and displays it to other users, potentially leading to a Cross-Site Scripting XSS attack. The scripts are executed...

5.4CVSS5.6AI score0.00149EPSS
Exploits0References5
Rows per page
Query Builder