Lucene search
K

12628 matches found

EUVD
EUVD
added 2026/06/09 7:34 a.m.12 views

EUVD-2026-35369

Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. A crafted TIFF image could trigger excessive memory allocation during image decoding, allowing an authenticated user to cause the server process to crash. Users are...

6.5CVSS5.4AI score0.00479EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/09 12:0 a.m.16 views

Linux Distros Unpatched Vulnerability : CVE-2026-44119

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Privilege Management vulnerability in Apache HTTP Server 2.4.67 and earlier allows local .htaccess authors to read files with the privileges of the htt...

5.5CVSS6.1AI score0.00171EPSS
Exploits0References3
OSV
OSV
added 2026/06/08 4:16 p.m.3 views

ALPINE-CVE-2026-44631

Buffer Underwrite vulnerability in Apache HTTP Server on crafted regular expressions in the configuration. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

9.8CVSS5.9AI score0.00486EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/08 3:17 p.m.13 views

EUVD-2026-35094

Improper Privilege Management vulnerability in Apache HTTP Server 2.4.67 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. This issue affects Apache HTTP Server: from through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the...

5.4AI score0.00171EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.25 views

PT-2026-47579

Impact PROXY protocol support for Puma was added in version 5.5.0. When PROXY protocol v1 support is enabled, Puma reads incoming bytes into an internal buffer. It waits for "r " to determine whether a PROXY v1 line is present. If an attacker opens a TCP connection and continuously sends bytes...

7.5CVSS5.9AI score0.0007EPSS
Exploits0References5
Snyk
Snyk
added 2026/06/08 12:0 a.m.9 views

Allocation of Resources Without Limits or Throttling

Overview org.springframework:spring-webflux is a Spring Framework module that contains support for reactive HTTP and WebSocket clients as well as for reactive server web applications including REST, HTML browser, and WebSocket style interactions. Affected versions of this package are vulnerable t...

8.2CVSS5.5AI score0.00399EPSS
Exploits0References2
Debian
Debian
added 2026/06/07 7:25 p.m.15 views

[SECURITY] [DSA 6327-1] request-tracker4 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6327-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 07, 2026 https://www.debian.org/security/faq -...

8.8CVSS5.5AI score0.00392EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/06 12:0 a.m.21 views

PT-2026-47163

Name of the Vulnerable Software and Affected Versions onedev versions prior to 15.0.6 Description Improper authorization exists in the Parent Project Handler component within the '/projects/' file. A remote attacker can manipulate the project.parentId argument to bypass authorization controls...

6.5CVSS6.6AI score0.00214EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.12 views

CVE-2025-62188

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Apache DolphinScheduler. This vulnerability may allow unauthorized actors to access sensitive information, including database credentials. This issue affects Apache DolphinScheduler versions 3.1.. Users are...

7.5CVSS5.3AI score0.00521EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:19 p.m.13 views

CVE-2026-9255

Missing input source validation in the tool authorization prompt in Kiro CLI before 1.28.0 allows a local attacker to execute arbitrary tools, including shell commands, without user approval by crafting content that is piped to kiro-cli via stdin. We recommend you to upgrade to kiro-cli version...

8.4CVSS5.8AI score0.00119EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/05 5:13 p.m.7 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the GetSecurity function in the WIM archive handler when processing a crafted WIM file. An attacker can cause a denial of service or potentially obtain minor information disclosure by supplying a specially crafted...

7.1CVSS5.4AI score0.00225EPSS
Exploits1References3
OSV
OSV
added 2026/06/05 5:40 a.m.8 views

BIT-AIRFLOW-2026-42360 Apache Airflow: Rendered template truncation bypasses nested sensitive-key masking

A bug in Apache Airflow's rendered-template field handling caused nested sensitive-key masking e.g. nested password / token / secret / apikey keys inside a JSON template structure to be bypassed when the rendered field exceeded core maxtemplatedfieldlength: Airflow stringified the structure befor...

6.5CVSS5.4AI score0.00335EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/04 7:37 p.m.19 views

Supply chain compromise via malicious @cap-js/openapi

Impact On May 19, 2026, a compromised version of @cap-js/[email protected] was published. The malicious packages harvested credentials and attempted self-propagation. If a compromised version was installed, all credentials accessible on that machine npm tokens, cloud provider credentials, SSH keys,...

5.8AI score
Exploits0References4Affected Software1
Snyk
Snyk
added 2026/06/04 12:16 a.m.10 views

Use of Weak Hash

Overview gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Use of Weak Hash via the saveaudiotocache function of the Audio Cache Key Handler component. Different audio outputs with identical samples therefore...

2.5CVSS5.3AI score0.00106EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/06/04 12:0 a.m.51 views

Debian dsa-6322 : frr - security update

The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6322 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6322-1 [email protected]...

7.5CVSS6.2AI score0.00689EPSS
Exploits9References39
OSV
OSV
added 2026/06/03 9:16 p.m.13 views

GHSA-JMMV-H3MP-59V8 Docling Core: Unsafe remote filename resolution

Impact In versions = 1.5.0, = 2.74.1 Workarounds If upgrading is not immediately possible, avoid passing untrusted URLs into remote fetch functionality. References - Fix release: v2.74.1...

8.6CVSS5.8AI score0.00055EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/03 9:16 p.m.14 views

Docling Core: Unsafe remote filename resolution

Impact In versions = 1.5.0, = 2.74.1 Workarounds If upgrading is not immediately possible, avoid passing untrusted URLs into remote fetch functionality. References - Fix release: v2.74.1...

5.8AI score0.00055EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/06/02 9:39 p.m.7 views

Allocation of Resources Without Limits or Throttling

Overview std/mime is a Go standard library package std/mime Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. Go Vulnerability Report: Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU...

8.7CVSS5.4AI score0.0056EPSS
Exploits0References3
Atlassian
Atlassian
added 2026/06/02 4:29 p.m.8 views

BASM (Broken Authentication & Session Management) org.apache.tomcat:tomcat-catalina Dependency in Confluence Data Center and Server

This is a vulnerability in a non-Atlassian Confluence dependency. Atlassian's application of this dependency presents a lower, non-critical assessed risk. This Critical severity BASM Broken Authentication & Session Management vulnerability was introduced in versions 6.13.0, 7.4.0, 7.13.0, 7.19.0,...

9.8CVSS5.3AI score0.01233EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.15 views

PT-2026-47147

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53-2.1 Description An issue in Google Chrome allows attackers to affect the system. Recommendations Update to version 149.0.7827.53-2.1...

9.6CVSS5.8AI score0.00985EPSS
Exploits0References432
Rows per page
Query Builder