Lucene search
+L

12646 matches found

Debian
Debian
added 2026/06/12 6:50 p.m.16 views

[SECURITY] [DSA 6342-1] jpeg-xl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6342-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 12, 2026 https://www.debian.org/security/faq -...

7.3CVSS5.8AI score0.00367EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/12 6:28 p.m.10 views

Security Bulletin: Multiple Security Vulnerabilities in Spring Framework Affect IBM Sterling B2B Integrator and IBM Sterling File Gateway

Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the security vulnerabilities in Spring Framework Vulnerability Details CVEID:CVE-2025-22233 DESCRIPTION: CVE-2024-38820 ensured Locale-independent, lowercase conversion for both the configured disallowedFields patter...

7.5CVSS6.9AI score0.01916EPSS
Exploits2Affected Software1
Atlassian
Atlassian
added 2026/06/12 11:29 a.m.11 views

DoS (Denial of Service) io.netty:netty-codec-http2 Dependency in Crowd Data Center

This High severity DoS Denial of Service vulnerability was introduced in versions 6.2.0, 6.3.0, 7.0.0, 7.1.0, and 7.2.0 of Crowd Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an...

7.5CVSS5.5AI score0.00887EPSS
Exploits1
Snyk
Snyk
added 2026/06/12 11:7 a.m.10 views

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview org.apache.cxf:cxf-rt-rs-security-oauth2 is a services framework. Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition due to a race condition in the AbstractOAuthDataProvider method when handling refresh tokens if the recycleRefreshTokens...

9.1CVSS5.4AI score0.00294EPSS
Exploits0References2
CVE
CVE
added 2026/06/12 9:5 a.m.53 views

CVE-2026-50634

CVE-2026-50634 affects Apache CXF's JwsJsonContainerRequestFilter. The vulnerability allows CXF to process metadata that was not authenticated by the accepted signature, bypassing the assumption that Content-Type or protected HTTP-header metadata came from a verified signature. This can influence...

6.5CVSS5.3AI score0.00278EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/12 8:55 a.m.9 views

EUVD-2026-36395

The JwtAccessTokenValidator class in Apache CXF fails to validate the 'aud' Audience claims of incoming JWT access tokens. This allows a JWT issued for one Resource Server to be successfully replayed against a completely different Resource Server, leading to Token Confusion/Routing attacks. Users...

5.1AI score0.00445EPSS
Exploits0References1
OSV
OSV
added 2026/06/12 8:55 a.m.4 views

CVE-2026-50627 Apache CXF: OAuth2: Missing JWT Audience and Issuer Validation in Access Token Validator

The JwtAccessTokenValidator class in Apache CXF fails to validate the 'aud' Audience claims of incoming JWT access tokens. This allows a JWT issued for one Resource Server to be successfully replayed against a completely different Resource Server, leading to Token Confusion/Routing attacks. Users...

9.1CVSS5.9AI score0.00445EPSS
Exploits0References9
CVE
CVE
added 2026/06/12 8:54 a.m.124 views

CVE-2026-49875

Apache CXF is affected by an XML External Entity (XXE) issue described as CVE-2026-49875. The vulnerability arises because EndpointReferenceUtils and W3CMultiSchemaFactory construct a SAXParserFactory without proper JAXP hardening, enabling out-of-band (OOB) external entity resolution. Affected c...

9.8CVSS5.3AI score0.00527EPSS
Exploits0References7Affected Software1
EUVD
EUVD
added 2026/06/12 8:52 a.m.13 views

EUVD-2026-36393

An authentication bypass vulnerability exists in the OAuth2 TokenIntrospectionService in Apache CXF. Due to a missing 'throw' keyword in the security context check, the introspection endpoint /services/oauth2/introspect can be accessed by any unauthenticated network attacker. However note that th...

6.5CVSS5.3AI score0.00371EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.10 views

Fedora 43 : apptainer (2026-77b4ea4fb8)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-77b4ea4fb8 advisory. Update to upstream 1.5.1. Fixes CVE-2026-48785 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...

6AI score
Exploits0References2
Snyk
Snyk
added 2026/06/11 9:13 p.m.7 views

Unsafe Dependency Resolution

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Unsafe Dependency Resolution via manipulation of the extension metadata process. An attacker can execute arbitrary code by redirecting the loading process toward unscanned package payload...

8.8CVSS6.1AI score0.00419EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/11 8:59 a.m.14 views

CVE-2026-45505

A flaw was found in Apache ActiveMQ. This vulnerability allows an authenticated attacker to bypass a previous fix for CVE-2026-34197 by using non-parenthesized discovery wrappers. By crafting a malicious discovery URI, the attacker can trigger the VM transport's brokerConfig parameter to load a...

8.8CVSS6.3AI score0.00577EPSS
Exploits0References5
Snyk
Snyk
added 2026/06/10 11:12 p.m.12 views

Allocation of Resources Without Limits or Throttling

Overview Magick.NET-Q8-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package ar...

8.7CVSS5.3AI score0.00346EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/10 11:12 p.m.9 views

Allocation of Resources Without Limits or Throttling

Overview Magick.NET-Q16-HDRI-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this...

8.7CVSS5.3AI score0.00346EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/10 11:10 p.m.10 views

Missing Release of Memory after Effective Lifetime

Overview Magick.NET-Q16-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

5.1CVSS5.4AI score0.0011EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/10 11:10 p.m.11 views

Missing Release of Memory after Effective Lifetime

Overview Magick.NET-Q8-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

5.1CVSS5.4AI score0.0011EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/10 10:11 a.m.19 views

Security Bulletin: IBM Tivoli Composite Application Manager for Application Diagnostics installed IBM WebSphere Application Server is affected by multiple vulnerabilities when using when using Web Server Plug-ins.

Summary The security issue described in CVE-2026-8633, CVE-2026-8620 has been identified in WebSphere Application Server included as part of IBM Tivoli Composite Application Manager for Application Diagnostics. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...

9.8CVSS5.3AI score0.00847EPSS
Exploits0Affected Software1
CBLMariner
CBLMariner
added 2026/06/10 2:46 a.m.14 views

CVE-2026-42789 affecting package erlang for versions less than 26.2.5.21-1

CVE-2026-42789 affecting package erlang for versions less than 26.2.5.21-1. An upgraded version of the package is available that resolves this issue...

8CVSS5.4AI score0.0033EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.14 views

PT-2026-48489

Name of the Vulnerable Software and Affected Versions aws-cdk-lib versions prior to 2.245.0 aws-cdk-lib versions prior to 2.246.0 Windows Description OS command injection exists in the NodejsFunction local bundling pipeline. An actor who controls the value of one or more bundling...

7.3CVSS6.2AI score0.00936EPSS
Exploits1References11
Snyk
Snyk
added 2026/06/10 12:0 a.m.9 views

Incorrect Authorization

Overview org.springframework.graphql:spring-graphql is a GraphQL Support for Spring Applications Affected versions of this package are vulnerable to Incorrect Authorization via annotation resolution for @Controller data fetchers in Spring GraphQL. An attacker can bypass authorization checks when...

8.3CVSS5.3AI score0.00352EPSS
Exploits0References2
Rows per page
Query Builder