Lucene search
K

35222 matches found

Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.6 views

PT-2026-53948

Name of the Vulnerable Software and Affected Versions IBM Langflow OSS versions 1.0.0 through 1.10.0 Description Users with access to Redis can execute arbitrary code with full application privileges. This allows for the compromise of all secrets, data, and system integrity. Recommendations At th...

9.8CVSS6.1AI score0.00386EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.8 views

PT-2026-53968

Name of the Vulnerable Software and Affected Versions IBM UrbanCode Deploy versions 7.3 through 7.3.2.18 IBM DevOps Deploy versions 8.0 through 8.0.1.13 IBM DevOps Deploy versions 8.1 through 8.1.2.6 IBM DevOps Deploy versions 8.2 through 8.2.1.0 Description Authenticated users may be able to...

6.5CVSS5.9AI score0.00234EPSS
Exploits0References5
OSV
OSV
added 2026/06/30 12:0 a.m.4 views

MAL-2026-6691 Malicious code in polymarket-clob-maths (npm)

Malicious npm package published as part of a coordinated DeFi-themed infostealer campaign targeting Polymarket developers. polymarket-clob-maths uses a dropper technique: a postinstall hook fetches a remote bundle from trabalhos-flax.vercel.app and executes a syncSession function that runs a...

5.9AI score
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/29 5:16 p.m.4 views

CVE-2026-56783 Parseable < 2.9.2 - Cleartext Credential Exposure in Notification Target API

Parseable before 2.9.2 contains an information disclosure vulnerability in the notification-target API endpoints that returns webhook tokens and basic-auth credentials in cleartext due to commented-out secret-masking functionality. Any authenticated user with the GetAlert action, including...

7.1CVSS5.8AI score0.00264EPSS
Exploits0References5
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-373 LangChain serialization injection vulnerability enables secret extraction in dumps/loads APIs

Summary A serialization injection vulnerability exists in LangChain's dumps and dumpd functions. The functions do not escape dictionaries with 'lc' keys when serializing free-form dictionaries. The 'lc' key is used internally by LangChain to mark serialized objects. When user-controlled data...

9.3CVSS7.8AI score0.1383EPSS
Exploits5References11
Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-11625

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bytes::Random::Secure versions through 0.29 for Perl share internal state across forked processes. When an object is initialised before forking, or when the...

7.5CVSS5.8AI score0.00309EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/26 11:12 p.m.7 views

EUVD-2026-39498

pnpm: Repository config can expand victim environment secrets into registry requests before scripts run...

6.5CVSS5.8AI score0.00212EPSS
Exploits1References2
NVD
NVD
added 2026/06/26 10:16 p.m.10 views

CVE-2026-55069

Kestra is an open-source, event-driven orchestration platform. Prior to 1.3.24, this vulnerability exists in the BasicAuth authentication component of the Kestra OSS workflow orchestration platform. An attacker who gains read access to the PostgreSQL database can exploit SHA-512's high computatio...

8.7CVSS0.00158EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/06/26 8:55 p.m.8 views

CVE-2026-49984

Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.23, the local internal-storage backend validates user-supplied paths for .. traversal before it converts Windows-style backslashes to forward slashes. An attacker can therefore smuggle a traversal sequence past...

7.7CVSS6AI score0.00386EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/06/26 8:50 p.m.28 views

CVE-2026-55069 Kestra BasicAuth Password Stored as SHA-512 Enables Offline Brute-Force Attack

Kestra is an open-source, event-driven orchestration platform. Prior to 1.3.24, this vulnerability exists in the BasicAuth authentication component of the Kestra OSS workflow orchestration platform. An attacker who gains read access to the PostgreSQL database can exploit SHA-512's high computatio...

8.7CVSS0.00158EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/06/26 8:50 p.m.8 views

CVE-2026-55069

Kestra is an open-source, event-driven orchestration platform. Prior to 1.3.24, this vulnerability exists in the BasicAuth authentication component of the Kestra OSS workflow orchestration platform. An attacker who gains read access to the PostgreSQL database can exploit SHA-512's high computatio...

8.7CVSS5.8AI score0.00158EPSS
Exploits1References2Affected Software1
Chainguard
Chainguard
added 2026/06/26 8:22 p.m.6 views

GHSA-RM3J-F69W-WQMQ vulnerabilities

Vulnerabilities for packages: zitadel, guac, terraform-provider-aws-fips, splunk-otel-collector, crossplane-provider-azure-alertsmanagement, src, teleport, opentelemetry-collector, vault-fips, crossplane-provider-aws-opensearchserverless-fips, chainloop-cli, kyverno-fips,...

5.9AI score
Exploits0
Chainguard
Chainguard
added 2026/06/26 8:22 p.m.9 views

GHSA-Q4H4-GMJ2-QVW2 vulnerabilities

Vulnerabilities for packages: zitadel, guac, terraform-provider-aws-fips, splunk-otel-collector, crossplane-provider-azure-alertsmanagement, src, teleport, opentelemetry-collector, vault-fips, crossplane-provider-aws-opensearchserverless-fips, chainloop-cli, kyverno-fips,...

5.9AI score
Exploits0
Chainguard
Chainguard
added 2026/06/26 8:22 p.m.4 views

GHSA-45GG-VH54-H5M9 vulnerabilities

Vulnerabilities for packages: kubescape-server, mattermost-fips, zitadel, kine, prometheus-elasticsearch-exporter, gitea, kyverno, opentelemetry-collector, drone-fips, nemo, gitea-fips, kyverno-fips, cilium-cli, trivy, external-secrets-operator-fips, cloud-provider-aws, chisel-fips, kuma,...

5.9AI score
Exploits0
Wolfi
Wolfi
added 2026/06/26 8:22 p.m.11 views

GHSA-RM3J-F69W-WQMQ vulnerabilities

Vulnerabilities for packages: guac, helm, sealed-secrets, crossplane-provider-azure-managedidentity, kubernetes, docker-machine-driver-linode, rancher-agent, gptscript, knative-serving, nuclei, crossplane-provider-aws-elasticache, pulumi-language-dotnet, k3s, hcloud, external-secrets-operator,...

5.9AI score
Exploits0
Wolfi
Wolfi
added 2026/06/26 8:22 p.m.6 views

GHSA-W879-237Q-WC7R vulnerabilities

Vulnerabilities for packages: guac, helm, crossplane-provider-azure-managedidentity, kubernetes, rancher-agent, gptscript, knative-serving, nuclei, pulumi-language-dotnet, k3s, hcloud, external-secrets-operator, kyverno, argo-cd, scorecard, tflint, cosign, terragrunt, crossplane-provider-azure-sq...

5.9AI score
Exploits0
Wolfi
Wolfi
added 2026/06/26 8:22 p.m.5 views

GHSA-F5WC-C3C7-36MC vulnerabilities

Vulnerabilities for packages: guac, helm, kubernetes, rancher-agent, gptscript, knative-serving, nuclei, pulumi-language-dotnet, k3s, kyverno, external-secrets-operator, scorecard, argo-cd, terragrunt, gitlab-kas, zarf, spire-server, witness, cloud-provider-aws, pulumi-language-yaml, wolfictl,...

5.9AI score
Exploits0
NVD
NVD
added 2026/06/26 9:16 a.m.8 views

CVE-2026-11702

Bytes::Random::Secure::Tiny versions through 1.011 for Perl share internal state across forked processes. When an object is initialised before forking, then the internal state for the PRNG is shared across processes and identical random streams will be produced. Secrets generated in multiprocess...

7.5CVSS0.00292EPSS
Exploits0References5
NVD
NVD
added 2026/06/26 9:16 a.m.10 views

CVE-2026-11625

Bytes::Random::Secure versions through 0.29 for Perl share internal state across forked processes. When an object is initialised before forking, or when the functional interface is used, then the internal state for the PRNG is shared across processes and identical random streams will be produced...

7.5CVSS0.00309EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/26 8:13 a.m.36 views

CVE-2026-11702 Bytes::Random::Secure::Tiny versions through 1.011 for Perl share internal state across forked processes

Bytes::Random::Secure::Tiny versions through 1.011 for Perl share internal state across forked processes. When an object is initialised before forking, then the internal state for the PRNG is shared across processes and identical random streams will be produced. Secrets generated in multiprocess...

0.00292EPSS
Exploits0References5
Rows per page
Query Builder