Lucene search
+L

12646 matches found

Snyk
Snyk
added 2026/07/03 12:17 p.m.5 views

Missing Origin Validation in WebSockets

Overview @theia/terminal is a Theia - Terminal Extension Affected versions of this package are vulnerable to Missing Origin Validation in WebSockets via the shell-terminal and terminals/:id WebSocket endpoints when origin validation is bypassed due to missing or manipulated headers. An attacker c...

8.8CVSS6.2AI score0.00159EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/03 7:48 a.m.10 views

CVE-2026-47897

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache Lucene.Net Lucene.Net.Replicator library. This issue affects Apache Lucene.Net.Replicator: from 4.8.0-beta00005 before 4.8.0-beta00018. Users are recommended to upgrade to version 4.8.0-beta00018,...

8.9CVSS5.9AI score0.00616EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/03 7:47 a.m.52 views

CVE-2026-47898 Apache Lucene.Net: XXE vulnerability in Lucene.Net.Analysis.Common PatternParser

Improper Restriction of XML External Entity Reference vulnerability in Apache Lucene.Net Lucene.Net.Analysis.Common library. This issue affects Apache Lucene.Net.Analysis.Common: from 4.8.0-beta00005 before 4.8.0-beta00018. Users are recommended to upgrade to version 4.8.0-beta00018, which fixes...

4CVSS0.00328EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/07/03 2:35 a.m.10 views

CVE-2026-54431

A flaw was found in liboauth2. The Demonstrating Proof-of-Possession DPoP verifier incorrectly accepts a malformed DPoP proof. This proof contains private key material in its JSON Web Key JWK header, which should be rejected according to RFC 9449. This vulnerability could allow an attacker to...

5.3CVSS5.8AI score0.00128EPSS
Exploits0References6
Snyk
Snyk
added 2026/07/01 7:25 p.m.5 views

Integer Overflow or Wraparound

Overview Magick.NET-Q16-HDRI-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this...

8.8CVSS6AI score0.0022EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/07/01 3:20 a.m.7 views

SUSE CVE-2026-50229

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in the number guess example for Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from 9.0.0.M1 through 9.0.118, from 8.5.0 through 8.5.100, fro...

6.1CVSS5.9AI score0.02569EPSS
Exploits1References3
OSV
OSV
added 2026/06/30 11:16 a.m.4 views

DEBIAN-CVE-2026-52760

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache ActiveMQ, Apache ActiveMQ Web Console. The browse page in the web console renders a message Id directly without sanitization. This allows an authenticated producer to send a message with a J...

6.1CVSS5.7AI score0.00667EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/30 9:55 a.m.8 views

EUVD-2026-40285

Improper Input Validation vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. An attacker that has access to publish or modify entries in LDAP that match the configured searchBase and searchFilter can instantiate denied transports inside the broker JVM. This can be used...

7.5CVSS5.7AI score0.00659EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/30 9:51 a.m.7 views

CVE-2026-50750

Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. Following the fix for CVE-2026-49270 an unauthenticated attacker can now cause broker OOM by sending an repeated BrokerInfo commands without sending a ConnectionInfo, until the broke...

5.8AI score0.00707EPSS
Exploits0References2Affected Software3
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.11 views

Apache Tomcat 9.0.0.M1 < 9.0.102

The version of Tomcat installed on the remote host is prior to 9.0.102. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat9.0.102security-9 advisory. - Missing Critical Step in Authentication vulnerability in Apache Tomcat when the JNDIRealm was configured to...

7.3CVSS6.1AI score0.00462EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/29 5:0 p.m.42 views

CVE-2026-13591 DeepMyst Mysti Contact Tracking ChannelBridge.ts _isTrackedConversation improper authorization

A weakness has been identified in DeepMyst Mysti 0.4.0. Affected is the function isTrackedConversation of the file src/managers/ChannelBridge.ts of the component Contact Tracking. This manipulation of the argument channelType causes improper authorization. The attack may be initiated remotely. A...

5CVSS0.00199EPSS
Exploits0References8
OSV
OSV
added 2026/06/29 11:50 a.m.10 views

PYSEC-2026-518 Ray's New Token Authentication is Disabled By Default

Anyscale Ray 2.52.0 contains an insecure default configuration in which token-based authentication for Ray management interfaces including the dashboard and Jobs API is disabled unless explicitly enabled by setting RAYAUTHMODE=token. In the default unauthenticated state, a remote attacker with...

9.3CVSS6.3AI score0.00474EPSS
Exploits5References12
Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.8 views

Debian dsa-6373 : golang-github-canonical-lxd-dev - security update

The remote Debian 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6373 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6373-1 [email protected] https://www.debian.org/securit...

7.2CVSS6.3AI score0.00389EPSS
Exploits2References22
Debian
Debian
added 2026/06/25 5:6 p.m.9 views

[SECURITY] [DSA 6364-1] chromium security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6364-1 [email protected] https://www.debian.org/security/ Andres Salomon June 25, 2026 https://www.debian.org/security/faq -...

9.6CVSS6.1AI score0.0026EPSS
Exploits1
Snyk
Snyk
added 2026/06/22 11:48 p.m.5 views

CSV Injection

Overview @actual-app/web is an Actual on the web Affected versions of this package are vulnerable to CSV Injection in the exportToCSV and exportQueryToCSV processes, where user-controlled input from fields such as Payee and Notes is passed to CSV export without neutralizing formula-triggering...

4.2CVSS5.9AI score0.00286EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/22 1:48 p.m.7 views

Security Bulletin: Vulnerability in node-tar affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in node-tar has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. The vulnerability have been addressed. Refer to details for additional information. Vulnerabilit...

9.3CVSS5.9AI score0.00445EPSS
Exploits1Affected Software2
RedhatCVE
RedhatCVE
added 2026/06/22 12:21 p.m.7 views

CVE-2026-50589

A flaw was found in OpenStack Ironic. An unauthenticated malicious user could exploit this vulnerability by submitting a specially crafted JSON JavaScript Object Notation string to certain API Application Programming Interface or JSON-RPC Remote Procedure Call service endpoints. This could lead t...

7.5CVSS5.8AI score0.00433EPSS
Exploits0References4
NVD
NVD
added 2026/06/22 8:16 a.m.16 views

CVE-2025-66336

Apache Doris MCP Server contains a SQL injection vulnerability in a metadata query path. A user-controlled database name is directly interpolated into a SQL query, and the query is executed without passing the caller's authorization context. This may allow an authenticated attacker, or an anonymo...

8.1CVSS0.00375EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/22 7:38 a.m.14 views

EUVD-2026-38219

Apache NiFi 1.12.0 through 2.9.0 are missing authorization when replacing Process Groups that include extension components with specific Required Permissions based on the Restricted annotation. The Restricted annotation indicates additional privileges required, but framework authorization did not...

7.5CVSS5.9AI score0.00393EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/22 7:36 a.m.11 views

EUVD-2026-38217

Improper escaping of database table names in the CaptureChangeMySQL Processor included with Apache NiFi 1.2.0 through 2.9.0 allows for injecting SQL commands using crafted naming. Manual quoted boundaries added in Apache NiFi 1.8.0 narrowed the scope of potential injection options, but did not...

5.2CVSS5.9AI score0.00385EPSS
Exploits0References1
Rows per page
Query Builder