Lucene search
K

483 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in bluez

BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. User interaction is required to exploit this vulnerability, as the target must connect...

8CVSS7.7AI score0.0229EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 10:54 a.m.14 views

CVE-2026-46848

Vulnerability in the WebLogic Server product of Oracle Fusion Middleware component: Console. Supported versions that are affected are 14.1.2.0.0 and 15.1.1.0.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where WebLogic Server executes to...

7.9CVSS0.00152EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/12 7:59 p.m.27 views

CVE-2026-42850 Kitty has a shell command injection

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, it is possible to inject commands within the subshell through kitty error. A special escape code will make kitty return an error, this error is not escaped and will be correctly echoed back to the terminal with CRLF, as su...

7.4CVSS0.00287EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/11 8:59 a.m.10 views

CVE-2026-22899

A NULL pointer dereference vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following version: File Station 5...

6.5CVSS5.5AI score0.0028EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/11 8:59 a.m.11 views

CVE-2026-24724

An incorrect authorization vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to bypass intended access restrictions. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.52...

8.6CVSS5.5AI score0.00259EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 a.m.12 views

CVE-2026-34657

CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could result in an arbitrary file system write. An attacker could leverage this vulnerability to write to...

5.5CVSS5.6AI score0.0017EPSS
Exploits0References1
SUSE Linux
SUSE Linux
added 2026/06/10 1:16 p.m.6 views

Security update for kubernetes1.28

This update for kubernetes1.28 fixes the following issues: Security fixes: CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265740. CVE-2026-35469: github.com/moby/spdystream: memory amplification in SPDY frame parsing leads to deni...

7.5CVSS5.4AI score0.00781EPSS
Exploits0References10
Cvelist
Cvelist
added 2026/06/09 8:1 p.m.38 views

CVE-2026-47914 Acrobat Reader | Use After Free (CWE-416)

Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS0.00285EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 7:24 p.m.19 views

CVE-2026-47909

Dreamweaver Desktop (Windows/macOS) prior to or equal to version 21.7 is affected by an Improper Input Validation vulnerability that can lead to arbitrary file system read. The issue allows access to sensitive files/directories outside the intended scope and requires user interaction: a victim mu...

6.3CVSS5.6AI score0.00148EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/06/09 7:24 p.m.23 views

CVE-2026-47910

Dreamweaver Desktop (Windows/macOS)

6.3CVSS5.6AI score0.00137EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/09 6:16 p.m.14 views

CVE-2026-34706

InCopy versions 21.3, 20.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS0.00139EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 6:16 p.m.13 views

CVE-2026-34703

InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this...

5.5CVSS0.0013EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 4:48 p.m.30 views

CVE-2026-47983 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...

5.4CVSS0.00207EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.16 views

PT-2026-48246

Name of the Vulnerable Software and Affected Versions Acrobat Reader versions 24.001.30365 through 26.001.21651 Description A Use After Free issue exists in the font handling component, which could lead to arbitrary code execution in the context of the current user. This occurs when a victim open...

7.8CVSS7.8AI score0.00285EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:38 p.m.11 views

CVE-2026-34315

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Web Services. Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0 and 15.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...

6.5CVSS7.4AI score0.00226EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:22 p.m.8 views

CVE-2026-34643

After Effects versions 26.0, 25.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS6.1AI score0.00148EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/29 5:50 p.m.6 views

Improper Control of Dynamically-Managed Code Resources

Overview org.webjars.npm:vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Improper Control of Dynamically-Managed Code Resources through the NodeVM constructor in lib/nodevm.js. An attacker can obtain host...

10CVSS6.2AI score0.00382EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/14 3:41 p.m.9 views

CVE-2026-44501

DataHub is an open-source metadata platform. Prior to 1.5.0.3, The DataHub frontend datahub-frontend-react deserializes attacker-controlled Java objects from the REDIRECTURL HTTP cookie during the OIDC callback flow, with no integrity protection no HMAC, no encryption. This is a Deserialization o...

4.3CVSS5.8AI score0.00139EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.12 views

PT-2026-40946

STIGQter is an open-source reimplementation of DISA's STIG Viewer. From 0.1.2 to before 1.2.7, an attacker can achieve local code execution LCE with the privileges of the user running STIGQter. This requires user interaction: the victim must open the malicious .stigqter file and explicitly run th...

8.4CVSS6.2AI score0.00151EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/13 7:28 p.m.8 views

CVE-2026-33377

An Editor can overwrite a dashboard not owned by them to acquire admin on that specific dashboard. The user must have write access to the dashboard to escalate privilege...

7.1CVSS5.8AI score0.00226EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder