Lucene search
K

6205 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.8 views

Amazon Linux 2023 : libnetapi, libnetapi-devel, libsmbclient (ALAS2023-2026-1895)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1895 advisory. unauthenticated udp packet crashes AD DC nbt server CVE-2026-3238 Samba file servers and classic non-AD domain controllers offer theSamValidatePasswordChange and SamValidatePasswordReset RPC...

9.8CVSS6.6AI score0.12797EPSS
Exploits9References8
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-12199

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability in nltk.app.wordnetapp up to version 3.9.3 allows unauthenticated remote shutdown of the local WordNet Browser HTTP server when started in its...

7.5CVSS7.1AI score0.00325EPSS
Exploits0References3
CVE
CVE
added 2026/06/19 3:53 p.m.18 views

CVE-2026-12621

GridTime 3000 GNSS Time Server Password Reset form is vulnerable to XSS due to improper neutralization of input during web page generation. Affected from 1.0r0.03 up to, but not including, 1.2r0.0. Base CVSS v4 score is 5.3 (Medium). No exploitation details are provided in the documents; no remed...

5.4CVSS5.8AI score0.00136EPSS
Exploits0References1Affected Software1
Debian CVE
Debian CVE
added 2026/06/18 6:1 p.m.10 views

CVE-2026-48937

A flaw in Node.js HTTP/2 server API can cause servers to keep accepting data even after sending a GOAWAY frame. This vulnerability affects two supported release lines: Node.js 22 and Node.js 24...

5.3CVSS5.3AI score0.00445EPSS
Exploits0
OSV
OSV
added 2026/06/18 1:52 p.m.4 views

GHSA-VMF9-XX9W-86WX PraisonAI ToolsMCPServer legacy SSE transport accepts attacker Host/Origin and exposes registered tools

PraisonAI ToolsMCPServer legacy SSE transport accepts attacker Host/Origin and exposes registered tools Summary praisonaiagents.mcp.ToolsMCPServer.runsse builds a Starlette MCP HTTP+SSE server around mcp.server.sse.SseServerTransport. The server exposes /sse and /messages/, but it does not valida...

8.3CVSS5.6AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.14 views

PT-2026-49891

Name of the Vulnerable Software and Affected Versions Oracle WebCenter Content version 12.2.1.4.0 Oracle WebCenter Content version 14.1.2.0.0 Description An issue exists in the Content Server component of Oracle WebCenter Content. An unauthenticated attacker with network access via HTTP can...

9CVSS5.9AI score0.00366EPSS
Exploits0References5
NVD
NVD
added 2026/06/10 11:16 p.m.17 views

CVE-2026-46692

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an attacker who can connect to a magick -distribute-cache service can cause a heap buffer over-write in the server process. This issue has been patched in...

4.1CVSS0.00092EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/06/10 9:46 p.m.9 views

CVE-2026-46692

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an attacker who can connect to a magick -distribute-cache service can cause a heap buffer over-write in the server process. This issue has been patched in...

4.1CVSS5.5AI score0.00092EPSS
Exploits0
F5 Networks
F5 Networks
added 2026/06/10 7:13 p.m.20 views

K000161669: Apache HTTP Server vulnerabilities CVE-2026-24072 and CVE-2026-23918

Security Advisory Description CVE-2026-24072 An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. Users are recommended to upgrade to version 2.4.67, which fixes this issue...

8.8CVSS7.8AI score0.4581EPSS
Exploits17
RedHat Linux
RedHat Linux
added 2026/06/10 5:38 p.m.18 views

Moderate: Red Hat Security Advisory: Red Hat build of Keycloak 26.6.3 Update

New Red Hat build of Keycloak 26.6.3 packages are available from the Customer Portal Red Hat build of Keycloak 26.6.3 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. Security fixes...

8.8CVSS5.5AI score0.00476EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 12:26 a.m.11 views

EUVD-2026-35915

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.2.7, 5.3.5, 5.4.4, 5.5.4, and 6.0.1, an out-of-bounds read flaw exists in the DHCP server option parser parseoptions in components/lwip/apps/dhcpserver/dhcpserver.c shipped with ESP-IDF's lwIP component. The pars...

6.5CVSS5.5AI score0.00246EPSS
Exploits0References7
NVD
NVD
added 2026/06/09 2:16 p.m.14 views

CVE-2026-11793

A stack buffer overflow flaw was found in 389 Directory Server. The checkPrefix function in pw.c copies an attacker-controlled algorithm ID into a 256-byte stack buffer without bounds checking when parsing reversible-encrypted attribute values. An attacker with Directory Manager privileges can...

4.9CVSS0.00282EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2026/06/09 2:0 p.m.21 views

Windows DHCP Client Information Disclosure Vulnerability

Out-of-bounds read in Windows DHCP Client allows an unauthorized attacker to disclose information locally...

6.8CVSS6.6AI score0.00338EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/09 12:0 a.m.11 views

EulerOS 2.0 SP11 : kata-containers (EulerOS-SA-2026-2208)

"According to the versions of the kata-containers package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input...

9.1CVSS6.6AI score0.01557EPSS
Exploits1References2
OSV
OSV
added 2026/06/08 10:59 p.m.17 views

GHSA-CMM3-54F8-PX4J Netty's Default QUIC token handler accepts any client-supplied token

NoQuicTokenHandler is the tokenHandler used when the application does not set one. Its writeToken returns false server will not send Retry — acceptable, but validateToken unconditionally return 0. In QuicheQuicServerCodec.handlePacket, a non-negative return from validateToken is interpreted as...

7.5CVSS5.4AI score0.00143EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.12 views

MiracleLinux 8 : bind9.16-9.16.23-0.22.el8_10.6 (AXSA:2026-763:02)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-763:02 advisory. bind: BIND 9 server memory exhaustion during GSS-API TKEY negotiation CVE-2026-3039 bind: BIND: Denial of Service via specially crafted DNS messages...

7.5CVSS5.6AI score0.0181EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/05 7:54 p.m.10 views

CVE-2026-11419

A path traversal vulnerability exists in the Altium Enterprise Server Vault Service UploadController due to improper validation of a user-controlled path component in image upload requests. An authenticated user can supply a crafted absolute path so that the configured storage root is discarded,...

9.4CVSS6AI score0.00548EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:23 p.m.15 views

CVE-2026-25874

LeRobot through 0.5.1 contains an unsafe deserialization vulnerability in the async inference pipeline where pickle.loads is used to deserialize data received over unauthenticated gRPC channels without TLS in the policy server and robot client components. An unauthenticated network-reachable...

9.8CVSS6.6AI score0.15547EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:20 p.m.12 views

CVE-2026-32999

Insufficient character filtering in backup agent signing module on Comet Backup server allows authenticated tenant administrator to execute an arbitrary code on behalf of a privileged user on the affected server and connected devices...

9CVSS6AI score0.00313EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:16 p.m.18 views

CVE-2026-42099

Sparx Pro Cloud Server is vulnerable to a Race Condition in the /dataapi/dlinternalartifact.php endpoint. The application downloads the properties of the object pointed by guid parameter and saves loaded content in current location DIR under the specified name. An attacker with repository access...

7.7CVSS6.1AI score0.00724EPSS
Exploits1References1
Rows per page
Query Builder