Lucene search
K

14234 matches found

CVE
CVE
added 2026/06/29 3:58 p.m.18 views

CVE-2026-13748

CVE-2026-13748 affects Snowflake CLI prior to 3.19. The vulnerability arises from improper restriction of file path resolution, allowing an attacker-controlled repository or project content to cause the CLI to read arbitrary local files and transmit or embed their contents during deployment or SQ...

6.3CVSS6AI score0.00139EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.14 views

PT-2026-53311

Name of the Vulnerable Software and Affected Versions Snowflake CLI versions prior to 3.19 Description Improper restriction of file path resolution allows arbitrary local file content to be read and transmitted to Snowflake services. An attacker can exploit this by providing crafted repository or...

6.3CVSS6.1AI score0.00139EPSS
Exploits0References6
NVD
NVD
added 2026/06/26 10:16 p.m.10 views

CVE-2026-50765

A stored cross-site scripting XSS vulnerability in the patron restriction type administration page of Koha Library Management System 0 through 25.11 versions allow an authenticated remote attacker with administrator privileges to inject arbitrary web scripts via the restriction type label...

6.1CVSS0.0022EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/26 3:9 p.m.9 views

CVE-2026-41567

A flaw was found in Moby, the open-source container framework, and Docker Engine. A malicious container image can exploit this vulnerability to achieve arbitrary code execution with full daemon privileges, including host root access. This occurs when a user uploads a compressed archive to the...

7.5CVSS6.4AI score0.00153EPSS
Exploits0References4
OSV
OSV
added 2026/06/26 8:29 a.m.2 views

SUSE-SU-2026:22376-1 Security update for google-guest-agent

This update for google-guest-agent fixes the following issues - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2 :path pseudo- header bsc1260264. - CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allo...

10CVSS6.7AI score0.01557EPSS
Exploits1References21
Cvelist
Cvelist
added 2026/06/26 1:11 a.m.42 views

CVE-2026-50744

A bypass to the admin‑only restriction of the XML‑RPC API in Revive Adserver 6.0.7. The API response for the ox.login method returned a session ID cookie in the HTTP headers, and although the method correctly returned an error, the associated session was not invalidated. As a result, the leaked...

4.3CVSS0.00173EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/06/26 12:0 a.m.6 views

CVE-2026-50765

A stored cross-site scripting XSS vulnerability in the patron restriction type administration page of Koha Library Management System 0 through 25.11 versions allow an authenticated remote attacker with administrator privileges to inject arbitrary web scripts via the restriction type label...

5.8AI score0.0022EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/26 12:0 a.m.24 views

CVE-2026-50765

A stored cross-site scripting XSS vulnerability in the patron restriction type administration page of Koha Library Management System 0 through 25.11 versions allow an authenticated remote attacker with administrator privileges to inject arbitrary web scripts via the restriction type label...

0.0022EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.12 views

PT-2026-52981

Name of the Vulnerable Software and Affected Versions Koha Library Management System versions 0 through 25.11 Description A stored cross-site scripting XSS issue exists in the patron restriction type administration page. An authenticated remote attacker with administrator privileges can inject...

6.1CVSS5.8AI score0.0022EPSS
Exploits1References7
ATTACKERKB
ATTACKERKB
added 2026/06/26 12:0 a.m.6 views

CVE-2026-50765

A stored cross-site scripting XSS vulnerability in the patron restriction type administration page of Koha Library Management System 0 through 25.11 versions allow an authenticated remote attacker with administrator privileges to inject arbitrary web scripts via the restriction type label...

6.1CVSS5.8AI score0.0022EPSS
Exploits1References3
CVE
CVE
added 2026/06/26 12:0 a.m.11 views

CVE-2026-50765

CVE-2026-50765 is a Cross-Site Scripting (XSS) vulnerability in Koha Library Management System (through version 25.11) affecting the patron restriction type administration page. An authenticated administrator can inject arbitrary scripts via the restriction type label (display_text field). The is...

6.1CVSS5.8AI score0.0022EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/25 7:34 p.m.5 views

CVE-2026-40983

A flaw was found in Micrometer. A remote attacker can provide specially crafted gRPC gRPC Remote Procedure Call requests, which may lead to a denial-of-service DoS condition. This vulnerability allows an attacker to disrupt the availability of the affected system. Mitigation To mitigate this issu...

7.5CVSS5.9AI score0.00474EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/25 9:31 a.m.3 views

EUVD-2026-39339

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftfib: fix stale stack leak via the OIFNAME register For NFTFIBRESULTOIFNAME the destination register is declared with len = IFNAMSIZ four 32-bit registers, but on the lookup-fail, RTNLOCAL and oif-mismatch paths...

5.8AI score0.00122EPSS
Exploits0References9
OSV
OSV
added 2026/06/25 9:16 a.m.3 views

UBUNTU-CVE-2026-53134

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftfib: fix stale stack leak via the OIFNAME register For NFTFIBRESULTOIFNAME the destination register is declared with len = IFNAMSIZ four 32-bit registers, but on the lookup-fail, RTNLOCAL and oif-mismatch paths...

4.8CVSS5.8AI score0.00122EPSS
Exploits0References11
EUVD
EUVD
added 2026/06/25 8:39 a.m.6 views

EUVD-2026-39327

In the Linux kernel, the following vulnerability has been resolved: tcp: restrict SOATTACHFILTER to priv users This patch restricts the use of SOATTACHFILTER cBPF on TCP sockets to users with CAPNETADMIN capability. This blocks potential side-channel attack where an unprivileged application...

5.8AI score0.00128EPSS
Exploits0References6
CVE
CVE
added 2026/06/25 8:38 a.m.20 views

CVE-2026-53134

A vulnerability in the Linux kernel netfilter NFT_FIB code (CVE-2026-53134) could leak uninitialized kernel stack via the OIFNAME result register on certain lookup-fail paths. The issue stems from NFT_FIB_RESULT_OIFNAME writes only a single byte and leaves the remaining IFNAMSIZ span stale in nft...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References8Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/25 7:51 a.m.9 views

CVE-2026-56121

A flaw was found in Feast. This vulnerability allows unauthenticated or unauthorized attackers to achieve remote code execution. By sending a specially crafted gRPC request to the registry server, attackers can exploit an unsafe deserialization process. This enables them to execute operating syst...

9.8CVSS6.3AI score0.00862EPSS
Exploits1References7
CVE
CVE
added 2026/06/24 4:30 p.m.6 views

CVE-2026-53077

The vulnerability CVE-2026-53077 affects the Linux kernel RDS/IB code: it restricted usage to the initial network namespace, with the non-initial namespaces not supported and the existing code likely malfunctioning. Multiple advisories note the issue has been resolved/patched (e.g., Debian/Ubuntu...

7.8CVSS5.8AI score0.0012EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/24 1:20 p.m.32 views

CVE-2026-57284

Jenkins Pipeline: Groovy Plugin 4331.v9d06ed4658ff and earlier does not restrict the types that can be instantiated through the Pipeline Snippet Generator, allowing attackers to instantiate types related to job or system configuration other than Pipeline steps...

0.00275EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/24 7:25 a.m.8 views

CVE-2026-49468

A flaw was found in LiteLLM, a proxy server AI Gateway used to call Large Language Model LLM APIs. A remote attacker could exploit a Host-header parsing vulnerability in the proxy authentication layer. By sending a crafted Host header, an attacker could gain unauthenticated access to protected...

9.8CVSS6AI score0.00559EPSS
Exploits1References5
Rows per page
Query Builder