Lucene search
K

374 matches found

EUVD
EUVD
added 5 days ago8 views

EUVD-2026-41212

Craft CMS: Sensitive File Disclosure / Server-Side File Read...

6CVSS5.9AI score0.00268EPSS
Exploits0References3
OSV
OSV
added 5 days ago5 views

MINI-5J6X-P3XH-WQQV

Bulletin has no description...

5.9AI score
Exploits0
CVE
CVE
added 2026/07/01 11:20 p.m.19 views

CVE-2026-55792

Craft CMS is vulnerable in versions 4.0.0-RC1 through 4.17.x and 5.0.0-RC1 through 5.9.x due to dataUrl() being in the Twig sandbox allowlist. A control panel user with the utility:system-messages permission can embed a file-reading payload in system emails, causing the server to read targeted fi...

6CVSS5.8AI score0.00268EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/01 11:20 p.m.34 views

CVE-2026-55792 Craft CMS: Sensitive File Disclosure / Server-Side File Read

Craft CMS is a content management system CMS. In versions starting from 4.0.0-RC1 and prior to 4.18.0, and 5.0.0-RC1 and above, prior to 5.10.0, the dataUrl Twig function is included in Craft’s Twig sandbox allowlist, allowing any control panel user granted the utility:system-messages permission ...

6CVSS0.00268EPSS
Exploits0References2
OSV
OSV
added 2026/07/01 5:50 p.m.2 views

MINI-5C7H-WFH5-C433

Bulletin has no description...

7CVSS5.7AI score0.00157EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.6 views

PT-2026-54860

Name of the Vulnerable Software and Affected Versions Craft CMS versions 4.0.0-RC1 through 4.17.9 Craft CMS versions 5.0.0-RC1 through 5.9.9 Description Control panel users with the utility:system-messages permission can embed a file-reading payload into system email templates because the dataUrl...

6CVSS5.8AI score0.00268EPSS
Exploits0References10
OSV
OSV
added 2026/06/26 7:32 p.m.2 views

MINI-GXJ8-QV8R-H4XV

Bulletin has no description...

5.5CVSS5.7AI score0.00317EPSS
Exploits0
EUVD
EUVD
added 2026/06/25 10:21 p.m.10 views

EUVD-2026-31395

golang.org/x/crypto/ssh: FIDO/U2F security key physical presence check can be bypassed...

9.1CVSS5.8AI score0.00373EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/06/25 10:21 p.m.8 views

golang.org/x/crypto: FIDO/U2F security key physical presence check can be bypassed

The Verify method for FIDO/U2F security key types [email protected], [email protected] did not check the User Presence flag. Signatures generated without physical touch were accepted, allowing unattended use of a hardware security key. To restore the previous behavior,...

9.1CVSS6AI score0.00373EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/06/22 5:18 p.m.3 views

MINI-X8W8-QXQV-J797

Bulletin has no description...

9.1CVSS5.7AI score0.00533EPSS
Exploits0
OSV
OSV
added 2026/06/21 3:19 p.m.6 views

MINI-2F7M-R4QJ-FMG2

Bulletin has no description...

8.2CVSS5.7AI score0.00393EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.9 views

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS : Go Cryptography vulnerabilities (USN-8447-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8447-1 advisory. It was discovered that Go Cryptography did not properly handle SSH global request responses. ...

10CVSS6.3AI score0.00533EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/06/14 12:0 a.m.9 views

SUSE SLED15 / SLES15 Security Update : cosign (SUSE-SU-2026:2365-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:2365-1 advisory. This update for cosign fixes the following issue - CVE-2026-39395: Incorrect attestation verification due to malformed...

5.3CVSS5.4AI score0.00241EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.10 views

Amazon Linux 2 : runfinch-finch, --advisory ALAS2DOCKER-2026-128 (ALASDOCKER-2026-128)

The version of runfinch-finch installed on the remote host is prior to 1.17.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-128 advisory. An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounde...

10CVSS5.8AI score0.00533EPSS
Exploits0References28
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.16 views

Amazon Linux 2 : containerd, --advisory ALAS2NITRO-ENCLAVES-2026-109 (ALASNITRO-ENCLAVES-2026-109)

The version of containerd installed on the remote host is prior to 2.1.7-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2026-109 advisory. An authenticated SSH client that repeatedly opened channels which were rejected by the server caused...

10CVSS7AI score0.00533EPSS
Exploits0References28
Amazon
Amazon
added 2026/06/08 12:0 a.m.20 views

Important: nerdctl

Issue Overview: Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680 Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt ...

10CVSS6.1AI score0.00533EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.17 views

Amazon Linux 2 : nerdctl, --advisory ALAS2-2026-3334 (ALAS-2026-3334)

The version of nerdctl installed on the remote host is prior to 2.2.2-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3334 advisory. Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680 Parsing...

10CVSS6.1AI score0.00533EPSS
Exploits0References40
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.13 views

Amazon Linux 2023 : containerd, containerd-stress (ALAS2023-2026-1784)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1784 advisory. An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected...

10CVSS7AI score0.00533EPSS
Exploits0References28
RedhatCVE
RedhatCVE
added 2026/06/05 7:44 p.m.9 views

CVE-2026-39831

A flaw was found in golang.org/x/crypto/ssh. The Verify method, responsible for FIDO/U2F security key types, did not properly check for user presence. This allowed signatures to be accepted without requiring a physical touch on the hardware security key. As a result, an attacker could potentially...

9.1CVSS5.9AI score0.00373EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/05/25 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-39831

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Verify method for FIDO/U2F security key types [email protected], sk-ssh- [email protected] did not check the User Presence flag. Signatur...

9.1CVSS5.9AI score0.00373EPSS
Exploits0References3
Rows per page
Query Builder