Lucene search
K

975 matches found

Nuclei
Nuclei
added 2 days ago45 views

Ignite Realtime Openfire <=4.4.2 - Server-Side Request Forgery

Ignite Realtime Openfire through version 4.4.2 allows attackers to send arbitrary HTTP GET requests in FaviconServlet.java, resulting in server-side request forgery. id: CVE-2019-18394 info: name: Ignite Realtime Openfire =4.4.3 to fix this vulnerability. reference: -...

9.8CVSS7.2AI score0.32304EPSS
Exploits1References5
EUVD
EUVD
added 6 days ago6 views

EUVD-2026-42625

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.0 before 0.10.0 with Redis configured, Socket.IO connect, user-join, join-channels, join-note, and the terminal websocket first-message authentication used decodetoken without the Redis-backed...

7.1CVSS5.9AI score0.00259EPSS
Exploits1References3
CVE
CVE
added 6 days ago10 views

CVE-2026-59219

Open WebUI 0.9.0–0.10.0: with Redis configured, the terminal websocket first-message authentication used decode_token without a Redis-backed is_valid_token revocation check, allowing revoked JWTs to continue authenticating realtime connections. Fixed in version 0.10.0. This affects realtime endpo...

7.1CVSS5.9AI score0.00259EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 6 days ago7 views

PT-2026-56884

Name of the Vulnerable Software and Affected Versions Open WebUI versions 0.9.0 through 0.9.x Description When Redis is configured, the authentication process for Socket.IO connect, user-join, join-channels, join-note, and the terminal websocket first-message uses the decode token function withou...

7.1CVSS6.1AI score0.00259EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2026/07/01 5:8 p.m.7 views

CVE-2026-53326

A flaw was found in the Linux kernel's debugobjects subsystem. During early boot on a debug PREEMPTRT kernel on an ARM64 system, interrupts can occur before the scheduler is fully enabled. In this specific window, the hard interrupt context handler may attempt to fill a pool, which can lead to a...

5.5CVSS5.7AI score0.00172EPSS
Exploits0References4
NVD
NVD
added 2026/07/01 2:16 p.m.7 views

CVE-2026-53326

In the Linux kernel, the following vulnerability has been resolved: debugobjects: Don't call fillpool in early boot hardirq context When booting a debug PREEMPTRT kernel on an ARM64 system, a "inconsistent HARDIRQ-ON-W - IN-HARDIRQ-W usage" lockdep warning message was reported to the console...

0.00172EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.30 views

RockyLinux 8 : kernel-rt (RLSA-2026:27812)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:27812 advisory. kernel: selinux: fix overlayfs mmap and mprotect access checks CVE-2026-46054 Tenable has extracted the preceding description block directly from the RockyLinux...

7.1CVSS6AI score0.00118EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/22 1:36 p.m.37 views

CVE-2026-9162 Global session revocation does not invalidate active WebSocket connections

Mattermost versions 11.7.x = 11.7.0, 11.6.x = 11.6.2, 11.5.x = 11.5.5, 10.11.x = 10.11.17 fail to invalidate cached authentication state for active WebSocket connections during global session revocation, which allows a user with an existing WebSocket connection to remain authenticated and continu...

4.3CVSS0.00202EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/06/17 6:7 p.m.13 views

Daytona: Cross-tenant data leak in notification WebSocket gateway via unverified organizationId join

Summary A cross-tenant authorization flaw in Daytona's notification WebSocket gateway allowed any authenticated user to subscribe to another organization's realtime notification channel and passively receive that organization's events. Impact The notification gateway's JWT handshake joined a...

6.5CVSS5.3AI score0.00275EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/17 10:8 a.m.6 views

RHSA-2026:26462 Red Hat Security Advisory: kernel-rt security update

Bulletin has no description...

7.8CVSS5.2AI score0.00514EPSS
Exploits4References110
OSV
OSV
added 2026/06/17 10:8 a.m.7 views

RHSA-2026:26428 Red Hat Security Advisory: kernel-rt security update

Bulletin has no description...

7.8CVSS4.8AI score0.004EPSS
Exploits0References43
OSV
OSV
added 2026/06/17 5:6 a.m.6 views

MAL-2026-6049 Malicious code in @mastra/voice-openai-realtime (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 623d77007529d1601a2da2b0ff1fc002dfa42282411ba1350b5bc720316d6c0f The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 5:6 a.m.10 views

Malicious code in @mastra/voice-openai-realtime (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 623d77007529d1601a2da2b0ff1fc002dfa42282411ba1350b5bc720316d6c0f The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.19 views

PT-2026-50595

Name of the Vulnerable Software and Affected Versions Daytona versions 0.101.0 through 0.184.0 Description A cross-tenant authorization flaw exists in the notification WebSocket gateway of the Daytona API service apps/api NestJS application. The JWT handshake joins a client-supplied organization...

6.5CVSS5.8AI score0.00275EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.13 views

RockyLinux 8 : kernel-rt (RLSA-2026:23259)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:23259 advisory. kernel: Linux kernel: smb: client: reject userspace cifs.spnego descriptions CVE-2026-46243 Tenable has extracted the preceding description block directly from t...

7.8CVSS6.4AI score0.00353EPSS
Exploits4References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.10 views

CVE-2026-5803

A security flaw has been discovered in bigsk1 openai-realtime-ui up to 188ccde27fdf3d8fab8da81f3893468f53b2797c. The affected element is an unknown function of the file server.js of the component API Proxy Endpoint. Performing a manipulation of the argument Query results in server-side request...

6.5CVSS6.2AI score0.00227EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/05 12:31 a.m.11 views

EUVD-2026-34388

Use after free in WebRTC in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.2AI score0.00456EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/04 11:5 p.m.8 views

CVE-2026-11200

Inappropriate implementation in WebRTC in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

5.5AI score0.00176EPSS
Exploits0References2
OSV
OSV
added 2026/06/01 8:22 a.m.7 views

SUSE-SU-2026:21958-1 Security update for the Linux Kernel RT (Live Patch 3 for SUSE Linux Enterprise 16)

This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.8.1 fixes various security issues The following security issues were fixed: - CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption bsc1264096. - CVE-2026-23243: RDMA/umad: Reject negative datalen in ibumadwrite bsc1259798. -...

7.8CVSS6.4AI score0.03663EPSS
Exploits17References13
OSV
OSV
added 2026/06/01 8:22 a.m.5 views

SUSE-SU-2026:21956-1 Security update for the Linux Kernel RT (Live Patch 6 for SUSE Linux Enterprise 16)

This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.27.1 fixes various security issues The following security issues were fixed: - CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption bsc1264096. - CVE-2026-23243: RDMA/umad: Reject negative datalen in ibumadwrite bsc1259798. -...

7.8CVSS6.1AI score0.03663EPSS
Exploits17References11
Rows per page
Query Builder