Lucene search
K

12626 matches found

EUVD
EUVD
added 2026/06/12 8:52 a.m.11 views

EUVD-2026-36393

An authentication bypass vulnerability exists in the OAuth2 TokenIntrospectionService in Apache CXF. Due to a missing 'throw' keyword in the security context check, the introspection endpoint /services/oauth2/introspect can be accessed by any unauthenticated network attacker. However note that th...

6.5CVSS5.3AI score0.00371EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.10 views

Fedora 43 : apptainer (2026-77b4ea4fb8)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-77b4ea4fb8 advisory. Update to upstream 1.5.1. Fixes CVE-2026-48785 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...

6AI score
Exploits0References2
Snyk
Snyk
added 2026/06/11 9:13 p.m.6 views

Unsafe Dependency Resolution

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Unsafe Dependency Resolution via manipulation of the extension metadata process. An attacker can execute arbitrary code by redirecting the loading process toward unscanned package payload...

8.8CVSS6.1AI score0.00419EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/11 8:59 a.m.13 views

CVE-2026-45505

A flaw was found in Apache ActiveMQ. This vulnerability allows an authenticated attacker to bypass a previous fix for CVE-2026-34197 by using non-parenthesized discovery wrappers. By crafting a malicious discovery URI, the attacker can trigger the VM transport's brokerConfig parameter to load a...

8.8CVSS6.3AI score0.00577EPSS
Exploits0References5
Snyk
Snyk
added 2026/06/10 11:12 p.m.8 views

Allocation of Resources Without Limits or Throttling

Overview Magick.NET-Q16-HDRI-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this...

8.7CVSS5.3AI score0.00346EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/10 11:12 p.m.12 views

Allocation of Resources Without Limits or Throttling

Overview Magick.NET-Q8-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package ar...

8.7CVSS5.3AI score0.00346EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/10 11:10 p.m.10 views

Missing Release of Memory after Effective Lifetime

Overview Magick.NET-Q16-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

5.1CVSS5.4AI score0.0011EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/10 11:10 p.m.10 views

Missing Release of Memory after Effective Lifetime

Overview Magick.NET-Q8-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

5.1CVSS5.4AI score0.0011EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/10 10:11 a.m.19 views

Security Bulletin: IBM Tivoli Composite Application Manager for Application Diagnostics installed IBM WebSphere Application Server is affected by multiple vulnerabilities when using when using Web Server Plug-ins.

Summary The security issue described in CVE-2026-8633, CVE-2026-8620 has been identified in WebSphere Application Server included as part of IBM Tivoli Composite Application Manager for Application Diagnostics. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...

9.8CVSS5.3AI score0.00847EPSS
Exploits0Affected Software1
CBLMariner
CBLMariner
added 2026/06/10 2:46 a.m.14 views

CVE-2026-42789 affecting package erlang for versions less than 26.2.5.21-1

CVE-2026-42789 affecting package erlang for versions less than 26.2.5.21-1. An upgraded version of the package is available that resolves this issue...

8CVSS5.4AI score0.00322EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.14 views

PT-2026-48489

Name of the Vulnerable Software and Affected Versions aws-cdk-lib versions prior to 2.245.0 aws-cdk-lib versions prior to 2.246.0 Windows Description OS command injection exists in the NodejsFunction local bundling pipeline. An actor who controls the value of one or more bundling...

7.3CVSS6.2AI score0.00936EPSS
Exploits1References11
Snyk
Snyk
added 2026/06/10 12:0 a.m.8 views

Improper Validation of Certificate with Host Mismatch

Overview Affected versions of this package are vulnerable to Improper Validation of Certificate with Host Mismatch via missing hostname verification in the auto-configuration. An attacker can impersonate a trusted mail server and intercept or manipulate SMTP communications because hostname...

5CVSS5.3AI score0.00123EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/10 12:0 a.m.9 views

Incorrect Authorization

Overview org.springframework.graphql:spring-graphql is a GraphQL Support for Spring Applications Affected versions of this package are vulnerable to Incorrect Authorization via annotation resolution for @Controller data fetchers in Spring GraphQL. An attacker can bypass authorization checks when...

8.3CVSS5.3AI score0.00352EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/09 6:33 p.m.9 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the osslcmsRecipientInfopwricrypt function. An attacker who supplies a malicious password-encrypted CMS message can crash an application, because the PasswordRecipientInfo.keyDerivationAlgorithm field is...

8.7CVSS6.5AI score0.00595EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/09 2:58 p.m.14 views

Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server used by IBM Rational ClearQuest (CVE-2026-8633, CVE-2026-8620)

Summary IBM WebSphere Application Server is used by the IBM Rational ClearQuest server. Information about security vulnerabilities affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

9.8CVSS5.4AI score0.00847EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2026/06/09 7:42 a.m.12 views

EUVD-2026-35374

The Apache Airflow Samba provider's GCSToSambaOperator joined GCS object names to the SMB destination path without a containment check, so an object named with ../ segments resolved a write path outside the configured destinationpath. An attacker able to write objects into the source GCS bucket —...

6.5CVSS5.6AI score0.00695EPSS
Exploits0References2
CVE
CVE
added 2026/06/09 7:42 a.m.22 views

CVE-2026-49818

The CVE concerns Apache Airflow Samba provider’s GCSToSambaOperator, which concatenates GCS object names to the SMB destination path without proper containment checks. This allows objects with ../ segments to traverse outside destination_path, enabling an unauthenticated-like attacker able to wri...

6.5CVSS5.6AI score0.00695EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/09 7:35 a.m.8 views

CVE-2026-34905 Apache Answer: Unlisted Questions Accessible via Direct API Access

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. The unlisted question feature did not enforce access restrictions on direct API endpoints, allowing authenticated users to discover and access unlisted...

5.4AI score0.00325EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 7:34 a.m.12 views

EUVD-2026-35369

Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. A crafted TIFF image could trigger excessive memory allocation during image decoding, allowing an authenticated user to cause the server process to crash. Users are...

6.5CVSS5.4AI score0.00479EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/09 12:0 a.m.16 views

Linux Distros Unpatched Vulnerability : CVE-2026-44119

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Privilege Management vulnerability in Apache HTTP Server 2.4.67 and earlier allows local .htaccess authors to read files with the privileges of the htt...

5.5CVSS6AI score0.00171EPSS
Exploits0References4
Rows per page
Query Builder