Lucene search
+L

18664 matches found

Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.18 views

PT-2026-42431

Name of the Vulnerable Software and Affected Versions Netatalk versions 2.0.0 through 4.4.2 Description An incorrect calculation in the hextoint macro occurs due to improper handling of uppercase characters. This allows a remote authenticated attacker to cause limited data modification by providi...

3.1CVSS5.8AI score0.00257EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.13 views

Netatalk 安全漏洞

Netatalk is an open-source software developed by Netatalk. It provides AFP file server functionality for Classic Mac OS and macOS on Unix-like operating systems. Versions 2.0.0 to 4.4.2 of Netatalk have security vulnerabilities. These vulnerabilities stem from improper handling of uppercase...

3.1CVSS5.8AI score0.00257EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.12 views

PT-2026-42428

Name of the Vulnerable Software and Affected Versions Netatalk versions 1.5.0 through 4.4.2 Description Authentication modules fail to check the return value of the seteuid function. This may allow a remote authenticated attacker to retain elevated privileges under error conditions. Recommendatio...

5CVSS5.8AI score0.00277EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.14 views

PT-2026-42435

A dead bounds check in the Spotlight RPC unmarshaller in Netatalk 3.0.0 through 4.4.2 results in an unreachable code path that provides no effective bounds protection, which may allow a remote authenticated attacker to obtain limited information via crafted Spotlight RPC requests...

3.1CVSS5.9AI score0.00186EPSS
Exploits0References2
CVE
CVE
added 2026/05/14 7:37 p.m.22 views

CVE-2026-8597

CVE-2026-8597 : Missing integrity verification in the Triton inference handler of the Amazon SageMaker Python SDK (v2 before 2.257.2; v3 before 3.8.0) may allow a remote authenticated actor with S3 write access to replace model artifacts in S3 with a crafted pickle payload, enabling code executio...

7.2CVSS6.2AI score0.0039EPSS
Exploits0References4
OSV
OSV
added 2026/05/14 7:37 p.m.3 views

CVE-2026-8597 Missing integrity verification in Triton inference handler in Amazon SageMaker Python SDK

Missing integrity verification in the Triton inference handler in Amazon SageMaker Python SDK v2 before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated actor to achieve code execution in inference containers via replacement of model artifacts in S3 with a specially crafted pickle...

6.4CVSS6.5AI score0.0039EPSS
Exploits0References6
CVE
CVE
added 2026/05/14 7:35 p.m.25 views

CVE-2026-8596

CVE-2026-8596: The ModelBuilder/Serve path in the Amazon SageMaker Python SDK stores the HMAC signing key in cleartext. A remote, authenticated actor with SageMaker describe API permissions and S3 write access to the model artifact path could extract the key from API responses and forge integrity...

8.5CVSS6.2AI score0.00439EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/14 7:35 p.m.7 views

CVE-2026-8596 Cleartext storage of HMAC signing key in Amazon SageMaker Python SDK ModelBuilder/Serve path

Cleartext storage of sensitive information in the ModelBuilder/Serve component in Amazon SageMaker Python SDK before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated actor to extract the HMAC signing key from SageMaker API responses and forge valid integrity signatures for special...

8.5CVSS6.2AI score0.00439EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/13 6:30 p.m.14 views

EUVD-2026-30041

A potential improper file path validation vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user to move or access files belonging to other users on the same device...

8.6CVSS5.8AI score0.00391EPSS
Exploits0References3
NVD
NVD
added 2026/05/13 4:17 p.m.13 views

CVE-2026-6282

A potential improper file path validation vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user to move or access files belonging to other users on the same device...

8.6CVSS0.00391EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/13 2:15 p.m.12 views

CVE-2026-6282

A potential improper file path validation vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user to move or access files belonging to other users on the same device...

8.6CVSS5.8AI score0.00391EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/13 2:15 p.m.11 views

CVE-2026-6282

A potential improper file path validation vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user to move or access files belonging to other users on the same device...

8.6CVSS5.8AI score0.00391EPSS
Exploits0References2
CVE
CVE
added 2026/05/13 2:15 p.m.16 views

CVE-2026-6282

Technical details about CVE-2026-6282 (affected Lenovo devices, vulnerable components, impact, and fixes) are not provided in the available documents. Monitor Lenovo advisories and the CVE listing for updates.

8.6CVSS5.8AI score0.00391EPSS
Exploits0References2
F5 Networks
F5 Networks
added 2026/05/13 12:38 p.m.15 views

K000160973: iControl SOAP vulnerability CVE-2026-42063

Security Advisory Description A vulnerability exists in iControl SOAP where an authenticated attacker with the Resource Administrator or Administrator role can download sensitive files. CVE-2026-42063 Impact This vulnerability may allow a remote, authenticated attacker with Resource Administrator...

6.9CVSS5.7AI score0.0029EPSS
Exploits0Affected Software11
NVD
NVD
added 2026/05/13 4:17 a.m.9 views

CVE-2026-6888

Successful exploitation of the SQL injection vulnerability could allow a remote authenticated attacker to execute arbitrary commands via a specific interface, potentially enabling the attacker to access, modify, or delete sensitive information within the database...

7.2CVSS0.00375EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/13 3:16 a.m.10 views

CVE-2026-6888 SQL Injection Vulnerability

Successful exploitation of the SQL injection vulnerability could allow a remote authenticated attacker to execute arbitrary commands via a specific interface, potentially enabling the attacker to access, modify, or delete sensitive information within the database...

7.2CVSS6AI score0.00375EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.18 views

PT-2026-40699

A potential improper file path validation vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user to move or access files belonging to other users on the same device...

8.6CVSS5.8AI score0.00391EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/12 9:31 p.m.10 views

EUVD-2026-29737

A vulnerability in the configuration processing logic of Access Points running AOS-10 could allow an authenticated remote attacker to execute system commands under certain pre-existing conditions. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying...

7.2CVSS6.1AI score0.00616EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/12 3:31 p.m.17 views

EUVD-2026-29489

An exposed dangerous method on the Core Server of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to leak access credentials...

6.5CVSS5.8AI score0.00701EPSS
Exploits0References2
NVD
NVD
added 2026/05/12 3:16 p.m.17 views

CVE-2026-8043

External control of a file name in Ivanti Xtraction before version 2026.2 allows a remote authenticated attacker to read sensitive files and write arbitrary HTML files to a web directory, leading to information disclosure and possible client-side attacks...

9.6CVSS0.00869EPSS
Exploits0References1
Rows per page
Query Builder