Lucene search
K

11104 matches found

NVD
NVD
added 2026/06/02 11:16 p.m.16 views

CVE-2026-10718

Out of bounds write in openSeaChest’s Trim/Unmap operation in Seagate’s openSeaChest v26.03.0 on all supported platforms allows for writing extra memory describing a range of LBAs to deallocate 16 bytes outside of the allocated space when running this operation...

4.6CVSS0.00114EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/02 10:19 p.m.8 views

CVE-2026-10718

Out of bounds write in openSeaChest’s Trim/Unmap operation in Seagate’s openSeaChest v26.03.0 on all supported platforms allows for writing extra memory describing a range of LBAs to deallocate 16 bytes outside of the allocated space when running this operation...

4.6CVSS5.8AI score0.00114EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/02 7:9 p.m.10 views

EUVD-2026-34016

Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Request/Response Splitting' vulnerability in elixir-tesla tesla allows HTTP header injection via Tesla.Multipart.addcontenttypeparam/2. Tesla.Multipart.addcontenttypeparam/2 appends caller-supplied strings to the multipart...

2.1CVSS5.9AI score0.0017EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/02 7:9 p.m.10 views

CVE-2026-48596

Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Request/Response Splitting' vulnerability in elixir-tesla tesla allows HTTP header injection via Tesla.Multipart.addcontenttypeparam/2. Tesla.Multipart.addcontenttypeparam/2 appends caller-supplied strings to the multipart...

2.1CVSS5.9AI score0.0017EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/06/02 4:59 p.m.36 views

CVE-2026-33244

CVE-2026-33244 affects React Router in versions 7.5.1–7.13.1 when using Framework Mode with pre-rendering enabled. The issue is improper neutralization of the HTTP Location header value, allowing Cross-Site Scripting (XSS) in statically generated HTML if the redirect target comes from an untruste...

5.4CVSS5.8AI score0.00144EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/02 2:16 p.m.13 views

CVE-2026-32685

Path traversal vulnerability in Gleam's handling of custom documentation pages allows arbitrary file read and file write outside the intended documentation output directory. The documentation.pages entries from gleam.toml are incorporated into filesystem paths without sufficient validation or...

4.6CVSS0.00152EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/02 1:41 p.m.11 views

EUVD-2026-33927

Path traversal vulnerability in Gleam's handling of custom documentation pages allows arbitrary file read and file write outside the intended documentation output directory. The documentation.pages entries from gleam.toml are incorporated into filesystem paths without sufficient validation or...

4.6CVSS5.9AI score0.00152EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/02 1:23 p.m.12 views

CVE-2026-9844

Use of default credentials vulnerability in Roche Diagnostics navify Digital Pathology RabbitMQ Management interface modules allows Default Usernames and Passwords. This issue affects navify Digital Pathology: from 2.0.0 before 2.4.1...

8.8CVSS5.8AI score0.00239EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/02 1:9 p.m.37 views

CVE-2026-7313 CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity

CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from 8.0.5700 to 13.3.7652 allows a remote authenticated attacker to obtain plain-text credentials used connect to Sitefinity Insight service. Successful exploitation requires active integration with...

8.7CVSS0.00319EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/02 12:19 p.m.25 views

Security Bulletin: Security vulnerabilities have been identified in IBM DB2 shipped with IBM License Metric Tool v9.

Summary IBM DB2 is shipped with IBM License Metric Tool. Information about security vulnerabilities affecting IBM DB2 has been published in separate security bulletins. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions...

5.8AI score
Exploits0Affected Software1
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.6 views

gleam 安全漏洞

Gleam is an open-source, type-safe, and extensible system building language developed by Gleam. Versions of Gleam from 0.18.0-rc1 to 1.17.0 contain security vulnerabilities. These vulnerabilities are caused by path traversal issues, which may allow arbitrary directories to be deleted through...

5.6CVSS5.4AI score0.00152EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.4 views

WordPress plugin Slider Revolution 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.5AI score0.00153EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.6 views

AuthKit React Router Library 资源管理错误漏洞

AuthKit React Router Library is an open-source project by WorkOS, used in React Router 7. Versions 7.0.0 to 7.14.x of the library, along with @remix-run/server-runtime 2.10.0 to 2.17.4, have a resource management vulnerability. This vulnerability stems from unbounded path expansion at the manifes...

7.5CVSS5.4AI score0.00299EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.6 views

react-router 安全漏洞

react-router is a declarative routing library for React, open-sourced by Remix. Versions 7.7.0 to 7.13.1 of react-router contain security vulnerabilities. These vulnerabilities stem from improper redirection handling when using the unstable RSC API, which may lead to cross-site scripting attacks ...

7.5CVSS4.9AI score0.00294EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.7 views

Mint 安全漏洞

Mint is a functional underlying HTTP client library developed by Elixir Mint. Versions of Mint from 0.1.0 to 1.9.0 contained security vulnerabilities. These vulnerabilities were due to inconsistent interpretation of HTTP requests, which could allow attackers to cause asynchronous response frames ...

6.3CVSS5.4AI score0.00301EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.8 views

Mint 安全漏洞

Mint is a functional underlying HTTP client library developed by Elixir Mint. Versions of Mint from 0.2.0 to 1.9.0 contained security vulnerabilities. These vulnerabilities stemmed from the HTTP/2 server’s ability to insert unlimited entries through the PUSHPROMISE frame, which could lead to memo...

8.2CVSS5.4AI score0.00384EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.6 views

OpenTelemetry eBPF Instrumentation 安全漏洞

OpenTelemetry eBPF Instrumentation is an open-source eBPF-based lightweight telemetry data collection tool developed by OpenTelemetry. Versions of OpenTelemetry eBPF Instrumentation from 0.1.0 to 0.9.0 contained security vulnerabilities. These vulnerabilities stemmed from malformed MongoDB line...

7.5CVSS5.5AI score0.00462EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/01 5:45 p.m.27 views

CVE-2026-7770 IBM i Access Client Solutions (ACS) is vulnerable to remote code execution when configured to listen for requests from IBM i Navigator

IBM i Access Family 1.1.5.0 through 1.1.9.12 IBM i Access Client Solutions ACS is vulnerable to remote code execution when configured to listen for requests from IBM i Navigator...

8.8CVSS0.00439EPSS
Exploits0References1
CVE
CVE
added 2026/06/01 5:45 p.m.49 views

CVE-2026-7770

CVE-2026-7770 affects IBM i Access Family (ACS) versions 1.1.5.0–1.1.9.12. When ACS is configured to listen for requests from IBM i Navigator, it is vulnerable to remote code execution. The root cause is CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ...

8.8CVSS6.4AI score0.00439EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/01 4:57 p.m.14 views

CVE-2026-45284

Nextcloud is an open source content collaboration platform. From version 1.3.6 to before version 8.4.0, an improper check allowed users that where provided by LDAP to still authenticate towards user OIDC after they where deleted. This issue has been patched in version 8.4.0...

4.6CVSS5.7AI score0.00193EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder