Lucene search
K

14238 matches found

Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.7 views

PT-2026-51971

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the net/rds component where the RDS/IB Reliable Datagram Sockets over InfiniBand code does not function correctly when used in network namespaces other than the initia...

7.8CVSS5.8AI score0.0012EPSS
Exploits0References10
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/23 4:46 p.m.8 views

Security Bulletin: IBM® Db2® federated server is affected by a vulnerability in log4j-core-2.17.2 (CVE-2025-68161)

Summary IBM® Db2® federated server is affected by a vulnerability in log4j-core-2.17.2 CVE-2025-68161 Vulnerability Details CVEID:CVE-2025-68161 DESCRIPTION: The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer...

6.3CVSS6.3AI score0.00743EPSS
Exploits1Affected Software1
EUVD
EUVD
added 2026/06/23 2:25 p.m.7 views

EUVD-2026-38451

FOSSBilling is a free, open-source billing and client management system. Starting in version 0.5.4 and prior to version 0.8.0, an authorization bypass in the API role handling allows unauthenticated access to privileged /api/system/ endpoints. Because system resolves to the cron admin identity,...

10CVSS5.9AI score0.00408EPSS
Exploits0References3
OSV
OSV
added 2026/06/23 9:40 a.m.2 views

OPENSUSE-SU-2026:21143-1 Security update for gleam

This update for gleam fixes the following issues: Changes in gleam: - Update to 1.17.0: Fixed security vulnerabilities: - Restrict custom documentation page path and source values so gleam docs build cannot escape the docs output directory or project root bsc1267396, CVE-2026-32685 - Restrict...

5.6CVSS5.8AI score0.00152EPSS
Exploits0References6
Patchstack
Patchstack
added 2026/06/23 12:0 a.m.5 views

WordPress Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin <= 2.11.4 - Authenticated (Contributor+) Account Takeover vulnerability

Authenticated Contributor+ Account Takeover vulnerability discovered by tiborisaak in WordPress Plugin Ultimate Member versions = 2.11.4...

8.8CVSS5.8AI score0.00499EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/22 2:17 p.m.7 views

CVE-2026-56447

MISP allowed an authenticated site administrator to set the Kafkardkafkaconfig setting to an arbitrary filesystem path. MISP subsequently parsed the referenced INI file and passed its options to rdkafka. A crafted attacker-controlled configuration file could use rdkafka options such as...

9.3CVSS0.00342EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/22 12:39 p.m.6 views

EUVD-2026-38231

MISP allowed an authenticated site administrator to set the Kafkardkafkaconfig setting to an arbitrary filesystem path. MISP subsequently parsed the referenced INI file and passed its options to rdkafka. A crafted attacker-controlled configuration file could use rdkafka options such as...

9.3CVSS6.4AI score0.00342EPSS
Exploits0References1
CVE
CVE
added 2026/06/22 12:39 p.m.21 views

CVE-2026-56447

The CVE describes a vulnerability in MISP where an authenticated site administrator could set the Kafka_rdkafka_config to an arbitrary filesystem path. MISP parses the referenced INI and forwards its options to librdkafka; a crafted INI could utilize options like plugin.library.paths to load an a...

9.3CVSS6.4AI score0.00342EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/06/22 12:31 p.m.27 views

CVE-2026-56446

MISP is affected by CVE-2026-56446 where an authenticated site administrator could configure an arbitrary filesystem path for the NDJSON error log via JsonLogTool. Logged data can contain attacker-controlled content, enabling direction of log output to a web-accessible PHP file and potentially in...

8.7CVSS6.6AI score0.00383EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.10 views

SUSE SLES12 Security Update : amazon-ssm-agent (SUSE-SU-2026:2468-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2468-1 advisory. This update for amazon-ssm-agent fixes the following issues Update to version 3.3.4624.0: - CVE-2025-22869: golang.org/x/crypto/ssh...

10CVSS7AI score0.00868EPSS
Exploits3References52
OSV
OSV
added 2026/06/19 11:3 a.m.4 views

SUSE-SU-2026:2467-1 Security update for amazon-ssm-agent

This update for amazon-ssm-agent fixes the following issues Update to version 3.3.4624.0: - CVE-2025-22869: golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh bsc1239342. - CVE-2025-22870: golang.org/x/net/proxy: proxy bypass using IPv6 zone IDs bsc1238702. ...

10CVSS7.2AI score0.00868EPSS
Exploits3References31
CVE
CVE
added 2026/06/18 1:51 p.m.21 views

CVE-2026-12539

Docker Sandboxes (sbx) ICMP egress restriction can be bypassed after daemon restart. The issue arises because the authorizer is applied only at network creation and is not re-applied to networks rebuilt from disk on restart, allowing a restart-surviving sandbox to forward ICMP to arbitrary hosts....

5.7CVSS5.5AI score0.00097EPSS
Exploits0References2
CVE
CVE
added 2026/06/17 10:17 p.m.23 views

CVE-2026-54533

vantage6 node (open-source infrastructure for privacy-preserving analysis) contains an Improper Access Control vulnerability prior to version 5.0.0 that could allow malicious algorithms to access other algorithms’ input and output files. Version 5.0.0 fixes the issue. As a workaround, verify and ...

6.9CVSS5.2AI score0.00285EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.21 views

PT-2026-50565

Name of the Vulnerable Software and Affected Versions Steeltoe.Management.Endpoint versions prior to 4.2.0 Steeltoe.Management.EndpointCore versions prior to 3.4.0 Description Steeltoe actuator endpoints default to EndpointPermissions.Restricted, which maps to Cloud Foundry's read basic data...

6.5CVSS5.8AI score0.00231EPSS
Exploits0References9
Snyk
Snyk
added 2026/06/16 8:59 p.m.9 views

Improper Restriction of Names for Files and Other Resources

Overview yt-dlp is an A youtube-dl fork with additional features and patches Affected versions of this package are vulnerable to Improper Restriction of Names for Files and Other Resources via insufficient sanitization of file extensions during the file download. An attacker can cause arbitrary...

9.6CVSS6.4AI score0.00555EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/06/16 7:4 p.m.28 views

Deno: WebSocket API sandbox bypass via missing post-DNS check

Summary When a WebSocket connection was opened, Deno checked the destination hostname against --deny-net rules but did not re-check the IP addresses that hostname resolved to. An attacker-controlled script could use a specially crafted domain name that passes the hostname check yet resolves to a...

5.2CVSS5.4AI score0.00101EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.15 views

PT-2026-50154

Name of the Vulnerable Software and Affected Versions Deno versions prior to 2.8.1 Description When opening a WebSocket connection, the runtime validates the destination hostname against --deny-net rules but fails to re-verify the IP addresses the hostname resolves to. This allows an...

5.2CVSS5.9AI score0.00101EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/06/15 8:16 p.m.16 views

Starlette: Arbitrary HTTP method dispatched to `HTTPEndpoint` attributes via `getattr`

Summary When dispatching a request, HTTPEndpoint selects the handler by lowercasing the HTTP method and looking it up as an attribute with getattr, without restricting the lookup to a known set of HTTP verbs. When an HTTPEndpoint subclass is registered through Route... without an explicit methods...

5.3CVSS5.4AI score0.00213EPSS
Exploits0References4Affected Software1
GithubExploit
GithubExploit
added 2026/06/15 4:12 p.m.71 views

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Portwell Engineering_Toolkits

No d...

9.3CVSS5.2AI score0.00159EPSS
Exploits1
NVD
NVD
added 2026/06/15 12:16 p.m.13 views

CVE-2026-34025

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains an IP restriction bypass vulnerability in the login process. The application restricts user logins based on the IP address associated with a branch location, but the client IP address is derived from the HTTP...

5.3CVSS0.00283EPSS
Exploits1References2
Rows per page
Query Builder