Lucene search
K

88881 matches found

Vulnrichment
Vulnrichment
added 2026/06/12 5:7 p.m.10 views

CVE-2026-48558 SimpleHelp Authentication Bypass via Missing OIDC JWT Signature Verification

SimpleHelp versions 5.5.15 and prior and 6.0 pre-release versions contain an authentication bypass vulnerability in the OIDC authentication flow. When OIDC authentication is configured, identity tokens submitted during login are accepted without verifying their cryptographic signature. In a...

10CVSS5.5AI score0.0116EPSS
Exploits1References3
OSV
OSV
added 2026/06/12 12:25 p.m.7 views

OESA-2026-2623 openvpn security update

OpenVPN is a full-featured open source SSL VPN solution that accommodates a wide range of configurations, including remote access, site-to-site VPNs, Wi-Fi security, and enterprise-scale remote access solutions with load balancing, failover, and fine-grained access-controls. Starting with the...

6.9CVSS5.4AI score0.00317EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/12 6:43 a.m.29 views

CVE-2026-12060 Hepta Platforms|Heptabase - Exposed Dangerous

Heptabase developed by Hepta Platforms has a Exposed Dangerous Method or Function vulnerability, allowing unauthenticated remote attackers to leverage social engineering techniques to trick a victim into opening or loading a malicious webpage within the Heptabase application, thereby gaining...

6.9CVSS0.00313EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/06/12 2:32 a.m.12 views

SUSE CVE-2026-10118

A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered, triggers an integer overflow in the tilingPatternFill function. This overflow leads to an undersized heap memory allocation, allowing a subsequent...

7.8CVSS5.7AI score0.00252EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.15 views

PT-2026-48975

Name of the Vulnerable Software and Affected Versions CodeAstro Human Resource Management System version 1.0 Description A security flaw in the Projects Management Page component allows for remote cross-site scripting XSS, which is a technique where malicious scripts are injected into trusted...

5.1CVSS4.5AI score0.00203EPSS
Exploits0References9
GitLab Advisory Database
GitLab Advisory Database
added 2026/06/12 12:0 a.m.14 views

SwiftNIO NIOHTTP1: HTTPDecoder accepts unbounded HTTP/1 header blocks, enabling remote DoS

The HTTPDecoder in NIOHTTP1 enforces no limit on the total size of an HTTP/1 message's header block or on the number of header fields per message. A remote peer can submit an arbitrary number of small, valid headers in a single request and have them all accumulated into the resulting HTTPHeaders...

5.6AI score0.00048EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/06/11 6:40 p.m.26 views

CVE-2026-45177 Idira Secrets Manager SaaS Edge: Authentication Bypass of an internal validation mechanism

Idira Secrets Manager SaaS Edge versions prior to 1.8 exhibit improper access control within its internal authentication components. A remote, unauthenticated attacker could exploit this by submitting a specially crafted request. Under specific circumstances, this could allow the attacker to...

9.1CVSS0.00503EPSS
Exploits0References1
CVE
CVE
added 2026/06/11 5:18 p.m.21 views

CVE-2026-47157

aiograpi (Python) before 0.9.10 accepted server-supplied signup challenge paths and built request URLs before validating that the paths were relative Instagram API paths. An attacker who can influence a challenge response (e.g., on a local network, via DNS, or via a proxy) could cause challenge h...

6.5CVSS5.4AI score0.00195EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/11 1:24 p.m.6 views

openssl: Multi-RecipientInfo Bleichenbacher Oracle in CMS_decrypt() and PKCS7_decrypt()

A flaw was found in OpenSSL's CMSdecrypt and PKCS7decrypt functions. This vulnerability, a Bleichenbacher-style oracle, could allow a remote attacker to decrypt or sign messages using the victim's private RSA key. Exploitation requires the attacker to provide specially crafted CMS or S/MIME...

3.7CVSS5.4AI score0.0035EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/11 11:30 a.m.8 views

CVE-2026-11956 TwiN gatus OIDC Session Cookie oidc.go setSessionCookie missing secure attribute

A vulnerability was determined in TwiN gatus 5.36.0. Impacted is the function setSessionCookie of the file security/oidc.go of the component OIDC Session Cookie Handler. Executing a manipulation can lead to sensitive cookie without secure attribute. The attack can be launched remotely. This attac...

6.3CVSS5AI score0.00191EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/11 1:43 a.m.6 views

bind: BIND: Denial of Service via maliciously crafted DNSSEC-validated zone

A flaw was found in BIND. A remote attacker could exploit this vulnerability by sending a maliciously crafted DNSSEC-validated zone to a BIND resolver. This could cause the resolver to consume excessive CPU resources, leading to a denial of service DoS for legitimate users...

7.5CVSS7.9AI score0.01545EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.13 views

PT-2026-48696

A remote unauthenticated attacker may be able to conduct credential-guessing attacks against user accounts in Sonatype Nexus Repository via authentication endpoints...

8.7CVSS5.5AI score0.00503EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.22 views

PT-2026-48659

A vulnerability was determined in TwiN gatus 5.36.0. Impacted is the function setSessionCookie of the file security/oidc.go of the component OIDC Session Cookie Handler. Executing a manipulation can lead to sensitive cookie without secure attribute. The attack can be launched remotely. This attac...

6.3CVSS4.9AI score0.00191EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.17 views

PT-2026-48703

Name of the Vulnerable Software and Affected Versions Idira Secrets Manager SaaS Edge versions prior to 1.8 Description Improper access control within internal authentication components allows a remote, unauthenticated attacker to submit a specially crafted request. This can lead to the...

9.1CVSS5.8AI score0.00503EPSS
Exploits0References4
NVD
NVD
added 2026/06/10 8:17 p.m.17 views

CVE-2026-6893

A flaw was found in dracut. A remote attacker on the adjacent network can exploit this vulnerability by providing specially crafted DHCP Dynamic Host Configuration Protocol options, such as a malicious hostname, to a system using dracut's legacy DHCP path. These options are improperly handled and...

7.5CVSS0.01131EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/06/10 2:35 p.m.7 views

CVE-2026-49759 Stack buffer overflow in SCTP error cause parsing in inet_drv allows remote VM crash

Stack-based Buffer Overflow vulnerability in Erlang OTP erts inetdrv allows an unauthenticated remote attacker to crash the BEAM VM by sending a crafted SCTP ERROR chunk. The sctpparseerrorchunk function in erts/emulator/drivers/common/inetdrv.c parses SCTP ERROR chunks and writes cause codes int...

8.8CVSS5.6AI score0.00497EPSS
Exploits0References5
CVE
CVE
added 2026/06/10 12:42 p.m.38 views

CVE-2026-52758

Summary: Ghidra before 12.1 suffers a SQL injection in the BSim filter types where user-supplied values are directly concatenated into SQL queries without escaping or parameterization. This enables remote attackers to inject arbitrary SQL via the BSim network query protocol, potentially reading, ...

8.8CVSS5.8AI score0.00309EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/10 11:41 a.m.6 views

mysql: Group Replication Plugin unspecified vulnerability (CPU Apr 2026)

Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Group Replication Plugin. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker...

6.5CVSS7.1AI score0.00303EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/10 7:9 a.m.16 views

qt: Qt SVG: Arbitrary QML/JavaScript code injection via malicious SVG file

A flaw was found in the Qt SVG module and the VectorImage component in Qt Quick. This vulnerability allows a remote attacker to inject arbitrary QML/JavaScript code by tricking a user into loading a specially crafted malicious SVG file. Successful exploitation could lead to denial of service,...

9.3CVSS5.7AI score0.00224EPSS
Exploits0References5
NVD
NVD
added 2026/06/10 5:16 a.m.10 views

CVE-2026-26241

A buffer overflow vulnerability has been reported to affect File Station 5. The remote attackers can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5243 and later...

9.1CVSS0.00318EPSS
Exploits0References1
Rows per page
Query Builder