Lucene search
K

1390 matches found

Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.16 views

PT-2026-37566

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Reliable Delivery Service RDS implementation where a shortcut was introduced allowing connections to transition from RDS CONN ERROR directly back to RDS CONN...

7.5CVSS5.8AI score0.00523EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.13 views

PT-2026-37756

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Sound. Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf, 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploi...

3.7CVSS6.8AI score0.01357EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.8 views

PT-2026-37769

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u371-perf, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 21.3.6, 22.3.2; Oracle GraalVM for...

3.7CVSS6.2AI score0.01127EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.16 views

PT-2026-37930

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Difficult to exploit vulnerabili...

4.3CVSS6.5AI score0.03763EPSS
Exploits0References11
EUVD
EUVD
added 2026/04/27 1:16 p.m.7 views

EUVD-2026-25851

A weakness has been identified in SourceCodester Pharmacy Sales and Inventory System 1.0. This vulnerability affects unknown code of the file /ajax.php?action=deletereceiving. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has...

7.5CVSS7.4AI score0.00254EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/24 12:14 a.m.29 views

CVE-2026-31955 Xibo CMS has Authenticated Server-Side Request Forgery (SSRF) in Remote DataSet Functionality

Xibo is an open source digital signage platform with a web content management system and Windows display player software. An authenticated Server-Side Request Forgery SSRF vulnerability in versions prior to 4.4.1 allows users with DataSet permissions to make arbitrary HTTP requests from the CMS...

4.9CVSS0.00282EPSS
Exploits0References2
NVD
NVD
added 2026/04/15 4:17 a.m.7 views

CVE-2026-39842

OpenRemote is an open-source IoT platform. Versions 1.21.0 and below contain two interrelated expression injection vulnerabilities in the rules engine that allow arbitrary code execution on the server. The JavaScript rules engine executes user-supplied scripts via Nashorn's ScriptEngine.eval...

9.9CVSS0.00924EPSS
Exploits2References2
Debian CVE
Debian CVE
added 2026/04/13 1:40 p.m.5 views

CVE-2026-31425

In the Linux kernel, the following vulnerability has been resolved: rds: ib: reject FRMR registration before IB connection is established rdsibgetmr extracts the rdsibconnection from conn-ctransportdata and passes it to rdsibregfrmr for FRWR memory registration. On a fresh outgoing connection, ic...

5.5CVSS5.2AI score0.00114EPSS
Exploits0
NVD
NVD
added 2026/04/10 3:16 p.m.9 views

CVE-2026-31262

Cross Site Scripting vulnerability in Altenar Sportsbook Software Platform SB2 v.2.0 allows a remote attacker to obtain sensitive information and execute arbitrary code via the URL parameter...

6.1CVSS0.00229EPSS
Exploits1References2
CVE
CVE
added 2026/04/10 12:0 a.m.8 views

CVE-2026-31262

CVE-2026-31262 is a Cross Site Scripting vulnerability in Altenar Sportsbook Software Platform (SB2) version 2.0. The entry states that a remote attacker can obtain sensitive information and execute arbitrary code via a URL parameter. Connected documents consistently describe the issue as XSS in ...

6.1CVSS6.1AI score0.00229EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/04/01 8:44 p.m.10 views

CVE-2026-1491

CVE-2026-1491 affects IBM Verify Identity Access Container (11.0–11.0.2) and IBM Security Verify Access Container (10.0–10.0.9.1), plus corresponding Identity Access products, with an information disclosure risk due to inconsistent interpretation of HTTP requests by a reverse proxy (CWE-444). The...

5.3CVSS5.9AI score0.00371EPSS
Exploits0References1Affected Software4
Vulnrichment
Vulnrichment
added 2026/04/01 8:44 p.m.3 views

CVE-2026-1491 Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access

IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 IBM Security Verify could allow a remote attacker to access sensitive...

5.3CVSS5.9AI score0.00371EPSS
Exploits0References1
CVE
CVE
added 2026/04/01 8:41 p.m.10 views

CVE-2026-2862

CVE-2026-2862 affects IBM Verify Identity Access Container (11.0–11.0.2) and IBM Security Verify Access Container (10.0–10.0.9.1), plus IBM Verify Identity Access (11.0–11.0.2) and IBM Security Verify Access (10.0–10.0.9.1). Root cause is an inconsistent interpretation of an HTTP request by a rev...

5.3CVSS5.9AI score0.00371EPSS
Exploits0References1Affected Software4
Tenable Nessus
Tenable Nessus
added 2026/03/23 12:0 a.m.5 views

Qnap QTS and QuTS hero Improper Neutralization of CRLF Sequences (CVE-2024-14026)

An improper neutralization of CRLF sequences 'CRLF Injection' vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify application data. We have already fixed the...

7.8CVSS5.8AI score0.00624EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.10 views

Google Chrome 输入验证错误漏洞

Google Chrome is a web browser developed by Google Inc. In versions prior to 146.0.7680.153, there was a vulnerability related to input validation. This vulnerability stemmed from an integer overflow in the Dawn component of the browser’s Mac system, which could allow remote attackers to exploit...

4.3CVSS5.9AI score0.00176EPSS
Exploits0References2
Redos
Redos
added 2026/03/19 12:0 a.m.6 views

ROS-20260319-73-0011

A vulnerability in the inhttp, insplunk and inelasticsearch plugins of the Fluent Bit log collection and processing tool is related to incorrect input data type validation when processing the tagkey parameter. Exploitation of the vulnerability could allow an attacker acting remotely to disclose a...

9.1CVSS5.8AI score0.00632EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/02/26 10:14 a.m.13 views

CVE-2026-3152

A flaw has been found in itsourcecode College Management System 1.0. This issue affects some unknown processing of the file /admin/teacher-salary.php. This manipulation of the argument teacherid causes sql injection. It is possible to initiate the attack remotely. The exploit has been published a...

9.8CVSS5.4AI score0.00379EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/02/25 12:0 a.m.11 views

Cisco Catalyst SD-WAN Manager(Cisco SD-WAN vManage) 信息泄露漏洞

Cisco Catalyst SD-WAN Manager Cisco SD-WAN vManage is a highly customizable dashboard provided by the American company Cisco. It simplifies and automates the deployment, configuration, management, and operation of Cisco SD-WAN. Cisco Catalyst SD-WAN Manager has a vulnerability related to...

7.5CVSS7.4AI score0.10245EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/25 12:0 a.m.10 views

Parse Dashboard 访问控制错误漏洞

Parse Dashboard is an dashboard tool open source by the Parse Platform. Versions of Parse Dashboard from 7.3.0-alpha.42 to 9.0.0-alpha.7 contain access control vulnerability issues. This vulnerability stems from multiple security vulnerabilities in the AI Agent API endpoints, which may allow...

9.9CVSS6AI score0.0045EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2026/02/14 12:0 a.m.10 views

VulnCheck KEV: CVE-2021-39152

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. ...

8.5CVSS7.4AI score0.11468EPSS
In wildExploits2References2
Rows per page
Query Builder