Lucene search
K

212 matches found

Nuclei
Nuclei
added 11 hours ago102 views

Dragonfly2 < 2.1.0-beta.1 - Hardcoded JWT Secret

Dragonfly is an open source P2P-based file distribution and image acceleration system. It is hosted by the Cloud Native Computing Foundation CNCF as an Incubating Level Project. Dragonfly uses JWT to verify user. However, the secret key for JWT, "Secret Key", is hard coded, which leads to...

9.8CVSS6AI score0.33618EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 6 days ago5 views

New API: SSRF Protection Bypass via Unresolved Hostname in Notification URLs

Summary The default SSRF protection configuration did not apply IP filtering to hostnames. With ApplyIPFilterForDomain disabled by default, URL validation checked domain allow/block rules but did not resolve a hostname and validate the resolved IP address. Authenticated users could configure...

7.7CVSS6AI score0.00437EPSS
Exploits0References3Affected Software1
CVE
CVE
added 6 days ago11 views

CVE-2026-13696

HAVELSAN Inc. Liman MYS is affected by CVE-2026-13696 due to improper neutralization of special elements in LDAP queries (LDAP injection) in versions prior to release.Master.1107. The issue enables network-based LDAP injection with high impact on confidentiality, integrity, and availability (CVSS...

8.8CVSS5.9AI score0.00355EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago31 views

CVE-2026-34047 Coolify: WebSocket Endpoint Access Control Flaw Leading to Remote Code Execution

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, terminal WebSocket bootstrap routes did not enforce the expected authorization middleware, allowing an authenticated user to access terminal functionality for resources...

9.9CVSS0.00373EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/30 10:37 p.m.26 views

CVE-2026-13819

Out of bounds read in ANGLE in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: High...

0.00308EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.8 views

SAMSUNG Mobile devices 安全漏洞

Samsung Mobile devices are a series of mobile devices produced by Samsung Electronics in South Korea. This includes smartphones, tablets, etc. Devices prior to the SMR Jun-2026 Release 1 version have security vulnerabilities. These vulnerabilities stem from improper permission allocation, which m...

6.9CVSS5.4AI score0.00093EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/06/04 11:3 p.m.8 views

CVE-2026-10900

Use after free in Passwords in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...

7.5CVSS5.5AI score0.00286EPSS
Exploits0
Microsoft KB
Microsoft KB
added 2026/05/29 2:0 p.m.28 views

Description of the security update for SharePoint Server 2019: May 12, 2026 (KB5002870)

Description of the security update for SharePoint Server 2019: May 12, 2026 KB5002870 Summary Important: If you're currently running SharePoint Workflow Manager, you must install the SharePoint Workflow Manager KB5002799 to your farm before you install this cumulative update. If you're currently...

8.8CVSS5.9AI score0.03219EPSS
Exploits4
Cvelist
Cvelist
added 2026/05/21 5:10 p.m.44 views

CVE-2026-48238 Open ISES Tickets < 3.44.2 SQL Injection via ajax/mobile_main.php id Parameter

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/mobilemain.php where the id GET parameter is concatenated into the WHERE clause of a SELECT statement used as a ticket-existence sanity check without sanitization. Authenticated attackers can craft requests that alter...

7.1CVSS0.00214EPSS
Exploits0References3
Microsoft KB
Microsoft KB
added 2026/05/12 2:0 p.m.30 views

Description of the security update for Word 2016: May 12, 2026 (KB5002858)

Description of the security update for Word 2016: May 12, 2026 KB5002858 Summary This security update resolves a Microsoft Office remote code execution vulnerability and Microsoft Word Information Disclosure Vulnerability. To learn more about the vulnerabilities, see the following security...

8.4CVSS6.5AI score0.04421EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/04/30 12:11 p.m.6 views

CVE-2024-13971 Arbitrary File Read and Server Side Request Forgery via XML External Entities in Lobster_pro

Unauthenticated attackers can exploit a weakness in the XML parser functionality of Lobsterpro prior to version 4.12.6-GA. This allows them to obtain read access to files on the application server and adjacent network shares, and perform HTTP GET requests to arbitrary services...

7.7CVSS5.5AI score0.0047EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2026/04/08 9:20 p.m.5 views

CVE-2026-5870

Integer overflow in Skia in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

6.3AI score0.00303EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/07 3:23 p.m.19 views

CVE-2026-35526

Strawberry GraphQL is a library for creating GraphQL APIs. Prior to 0.312.3, Strawberry GraphQL's WebSocket subscription handlers for both the graphql-transport-ws and legacy graphql-ws protocols allocate an asyncio.Task and associated Operation object for every incoming subscribe message without...

7.5CVSS5.9AI score0.00274EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/04/06 2:50 a.m.5 views

CLEANSTART-2026-SQ68600 Security fixes for CVE-2023-45288, CVE-2024-24786, CVE-2024-45338, CVE-2025-22868, CVE-2025-22869, CVE-2025-22872, CVE-2025-47911, CVE-2025-47913, CVE-2025-47914, CVE-2025-58181, CVE-2025-58190, CVE-2025-65637, ghsa-4f99-4q7p-p3gh, ghsa-4v7x-pqxf-cx7m, ghsa-6v2p-p543-phr9, ghsa-8r3f-844c-mc37, ghsa-f6x5-jh6r-wrfv, ghsa-hcg3-q754-cr77, ghsa-j5w8-q4qc-rx2x, ghsa-qxp5-gwg8-xv66, ghsa-v778-237x-gjrc, ghsa-vvgc-356p-c3xw applied in versions: 1.18.2-r0

Multiple security vulnerabilities affect the kube-fluentd-operator package. These issues are resolved in later releases. See references for individual vulnerability details...

7.5CVSS7.1AI score0.91969EPSS
Exploits4References35
Vulnrichment
Vulnrichment
added 2026/03/24 3:11 a.m.7 views

CVE-2026-4736 Math Issue in No-Chicken/Echo-Mate

Improper Handling of Values vulnerability in No-Chicken Echo-Mate SDK/rv1106-sdk/sysdrv/source/kernel/include/net/netfilter modules. This vulnerability is associated with program files nftables.H‎, nftbyteorder.C‎, nftmeta.C‎. This issue affects Echo-Mate: before V250329...

8.8CVSS5.8AI score0.00088EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/03/23 4:21 p.m.3 views

Important: Red Hat Security Advisory: RHTAS 1.3.3 - Red Hat Trusted Artifact Signer Release

The 1.3.3 release of Red Hat Trusted Artifact Signer OpenShift Operator. For more details please visit the product documentation at https://access.redhat.com/documentation/en-us/redhattrustedartifactsigner/1.3 The RHTAS Operator can be used with OpenShift Container Platform 4.16, 4.17, 4.18, 4.19...

8.9CVSS6.9AI score0.02667EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/03/16 12:0 a.m.8 views

SAMSUNG Secure Folder 安全漏洞

Samsung Secure Folder is a privacy protection software developed by South Korea’s Samsung Corporation. Versions of Samsung Secure Folder prior to the SMR Mar-2026 Release 1 had security vulnerabilities. These vulnerabilities stemmed from improper export of Android application components, which...

8.4CVSS5.9AI score0.00159EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/11 10:4 p.m.5 views

CVE-2026-3938

Insufficient policy enforcement in Clipboard in Google Chrome prior to 146.0.7680.71 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.00171EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.17 views

PT-2026-24219

A vulnerability has been identified in SICAM SIAPP SDK All versions V2.1.7. An out-of-bounds write vulnerability exists in SICAM SIAPP SDK. This could allow an attacker to write data beyond the intended buffer, potentially leading to denial of service, or arbitrary code execution...

7.8CVSS5.9AI score0.00143EPSS
Exploits0References5
OSV
OSV
added 2026/03/04 12:39 a.m.5 views

CLEANSTART-2026-VC01496 Security fixes for GHSA-F6X5-JH6R-WRFV, GHSA-J5W8-Q4QC-RX2X applied in versions: 0.8.4-r0

Multiple security vulnerabilities affect the k8ssandra-client-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

5.8AI score
Exploits0References3
Rows per page
Query Builder