Lucene search
K

381 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/13 3:8 p.m.5 views

CVE-2026-43484

In the Linux kernel, the following vulnerability has been resolved: mmc: core: Avoid bitfield RMW for claim/retune flags Move claimed and retune control flags out of the bitfield word to avoid unrelated RMW side effects in asynchronous contexts. The host-claimed bit shared a word with retune flag...

5.7AI score0.00114EPSS
Exploits0References8Affected Software1
F5 Networks
F5 Networks
added 2026/05/13 12:0 p.m.23 views

K000160876: Appliance mode iControl REST vulnerability CVE-2026-42930

Security Advisory Description When running in Appliance mode, an authenticated attacker assigned the Administrator role may be able to bypass Appliance mode restrictions on a BIG-IP system. CVE-2026-42930 Impact An authenticated attacker with local system access and the Administrator role may be...

8.7CVSS5.8AI score0.0048EPSS
Exploits0Affected Software11
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.12 views

PT-2026-40691

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the mmc core where the host-claimed bit shares a word with retune flags. This configuration leads to Read-Modify-Write RMW side effects in asynchronous contexts...

5.4AI score0.00114EPSS
Exploits0References18
CVE
CVE
added 2026/05/12 2:20 a.m.23 views

CVE-2026-34259

SAP Forecasting & Replenishment contains an OS Command Execution vulnerability. An authenticated user with administrative privileges can abuse a non-remote-enabled function to execute arbitrary operating system commands, potentially reading/modifying any system data or shutting down the system, c...

8.2CVSS6.1AI score0.00199EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.14 views

PT-2026-38699

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Hotspot. Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

5.8CVSS5.8AI score0.02203EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.12 views

PT-2026-38711

Vulnerability in the Java SE product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this...

5.8CVSS5.8AI score0.03132EPSS
Exploits0References11
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.9 views

FreeScout 安全漏洞

FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. Versions of FreeScout prior to 1.8.217 contained security vulnerabilities. These vulnerabilities stemmed from users with the PERMEDITUSERS privilege being able t...

5.4CVSS5.8AI score0.00262EPSS
Exploits0References2
OSV
OSV
added 2026/05/06 2:42 p.m.6 views

BIT-JAVA-MIN-2020-2800

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Lightweight HTTP Server. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network acce...

5.8CVSS6.7AI score0.02879EPSS
Exploits0References15
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.9 views

PT-2026-37897

Vulnerability in the Java SE product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this...

5.8CVSS6.8AI score0.03132EPSS
Exploits0References11
NVD
NVD
added 2026/05/04 8:16 p.m.22 views

CVE-2025-67796

IKUS Rdiffweb before 2.10.5 has an improper authorization flaw that allows an attacker with any valid or stolen access token to act as other users. The API does not enforce binding between the authenticated subject and the targeted user/tenant, so crafted requests can read or modify other users...

8.1CVSS0.00245EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/04 12:0 a.m.3 views

CVE-2025-67796

IKUS Rdiffweb before 2.10.5 has an improper authorization flaw that allows an attacker with any valid or stolen access token to act as other users. The API does not enforce binding between the authenticated subject and the targeted user/tenant, so crafted requests can read or modify other users...

5.8AI score0.00245EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/02 12:0 a.m.9 views

Sunnet CTMS SQL注入漏洞

Sunnet CTMS is an enterprise training software developed by Sunnet Corporation in China. Sunnet CTMS has a SQL injection vulnerability, which allows a remote attacker to inject arbitrary SQL commands to read, modify, and delete database content...

8.8CVSS6AI score0.00326EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/24 4:8 p.m.2 views

CVE-2026-6911 Authentication Bypass via Missing JWT Signature Verification in AWS Ops Wheel

Missing JWT signature verification in AWS Ops Wheel allows unauthenticated attackers to forge JWT tokens and gain unintended administrative access to the application, including the ability to read, modify, and delete all application data across tenants and manage Cognito user accounts within the...

9.8CVSS5.4AI score0.00254EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/23 12:31 p.m.13 views

EUVD-2026-25213

Borg SPM 2007 Sales Ended in 2008 developed by BorG Technology Corporation has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents...

9.8CVSS6AI score0.00358EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/23 12:0 a.m.10 views

Intrado 911 Emergency Gateway 安全漏洞

Intrado 911 Emergency Gateway is an internally deployed management device from the American company Intrado. There is a security vulnerability present in Intrado 911 Emergency Gateway, which stems from path traversal conditions. This vulnerability could allow attackers with existing network acces...

9.3CVSS5.8AI score0.00554EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/21 9:31 p.m.6 views

EUVD-2026-24309

Vulnerability in the PeopleSoft Enterprise HCM Human Resources product of Oracle PeopleSoft component: Employee Snapshot. The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise...

5.4CVSS5.7AI score0.00169EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/21 8:35 p.m.7 views

CVE-2026-34324

Vulnerability in the Oracle Life Sciences InForm product of Oracle Life Science Applications component: App Server. Supported versions that are affected are 7.0.1.0 and 7.0.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Life...

6.5CVSS5.7AI score0.00202EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.7 views

PT-2026-34145

Vulnerability in the Oracle Life Sciences InForm product of Oracle Life Science Applications component: App Server. Supported versions that are affected are 7.0.1.0 and 7.0.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Life...

6.5CVSS5.7AI score0.00202EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/20 7:36 a.m.6 views

CVE-2026-5964

EasyFlow .NET developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents...

9.8CVSS6AI score0.00366EPSS
Exploits0References3Affected Software1
SUSE CVE
SUSE CVE
added 2026/04/17 12:23 p.m.6 views

SUSE CVE-2023-20585

Insufficient checks of the RMP on host buffer access in IOMMU may allow an attacker with privileges and a compromised hypervisor to trigger an out of bounds condition without RMP checks, resulting in a potential loss of confidential guest integrity...

4.1CVSS6.6AI score0.00098EPSS
Exploits0References17
Rows per page
Query Builder