Lucene search
K

6212 matches found

Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.14 views

Unity Linux 20.1070e Security Update: mysql (UTSA-2026-017753)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017753 advisory. Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. Supported versions that are affected are 8.0.23 and prior. Easily exploitable...

4.9CVSS6.7AI score0.01188EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.8 views

Unity Linux 20.1070e Security Update: mysql (UTSA-2026-017439)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017439 advisory. Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.26 and prior. Easily exploitable...

7.1CVSS6.7AI score0.02192EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/08 10:52 p.m.13 views

free5GC's UDR nudr-dr DELETE amf-subscriptions panics on missing subsId when UE state exists (nil pointer dereference)

Summary free5GC's UDR nudr-dr DELETE /subscription-data/ueId/servingPlmnId/ee-subscriptions/subsId/amf-subscriptions handler contains a nil-pointer dereference reachable from a single authenticated request, after one preparatory authenticated EE-subscription create. The handler checks , ok =...

6.5CVSS5.8AI score0.0035EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2026/05/08 10:38 p.m.7 views

GHSA-9PGH-J74G-QJ6M Open WebUI Vulnerable to Arbitrary File Upload and Path Traversal

CONFIDENTIAL KL-CAN-2024-002 Vulnerability Details | | Field | Value | |---|-------|-------| | 1 | Discoverer | Jaggar Henry & Sean Segreti of KoreLogic, Inc. | | 2 | Date Submitted | 2024.03.12 | | 3 | Title | Open WebUI Arbitrary File Upload + Path Traversal | | 5 | Affected Vendor | Open WebUI...

7.3CVSS6.2AI score0.00336EPSS
Exploits1References3
NVD
NVD
added 2026/05/08 2:16 p.m.17 views

CVE-2026-41493

YARD is a Ruby Documentation tool. Prior to version 0.9.42, a path traversal vulnerability was discovered in YARD when using yard server to serve documentation. This bug would allow unsanitized HTTP requests to access arbitrary files on the machine of a yard server host under certain conditions...

7.5CVSS0.00388EPSS
Exploits0References2
CVE
CVE
added 2026/05/08 12:0 a.m.56 views

CVE-2024-45257

CVE-2024-45257 concerns BYOB (Build Your Own Botnet) 2.0. A command injection vulnerability exists on the payload build page, exploitable via a crafted build parameter that triggers arbitrary command execution on the server (root cause in core/generators.py). Public materials (including Metasploi...

7.3CVSS6.1AI score0.03891EPSS
Exploits3References3
OSV
OSV
added 2026/05/07 11:51 a.m.16 views

BIT-VALKEY-2026-23479 redis-server use-after-free in unblock client flow may allow remote code execution

Redis is an in-memory data structure store. In redis-server from 7.2.0 until 8.6.3, the unblock client flow does not handle an error return from processCommandAndResetClient when re-executing a blocked command. If a blocked client is evicted during this flow, an authenticated attacker can trigger...

8.8CVSS6.1AI score0.01286EPSS
Exploits4References11
vulnersOsv
vulnersOsv
added 2026/05/07 6:31 a.m.8 views

org.apereo.cas:cas-server-support-configuration-cloud-amqp (>=8.0.0-RC1 <=8.0.0-RC4), org.apereo.cas:cas-server-webapp-init-config-server (>=8.0.0-RC1 <=8.0.0-RC4) +2 more potentially affected by CVE-2026-41002 via org.springframework.cloud:spring-cloud-config-server (>=5.0.0 <=5.0.2)

org.springframework.cloud:spring-cloud-config-server MAVEN version =5.0.0, =8.0.0-RC1, =8.0.0-RC1, =5.0.0, =5.0.0, =5.0.1 Source cves: CVE-2026-41002 Source advisory: OSV:GHSA-86WQ-234Q-R6WG...

8.1CVSS5.8AI score0.0022EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.16 views

PT-2026-38343

Name of the Vulnerable Software and Affected Versions MongoDB Server versions prior to 8.2.7 Description An authenticated user can cause a denial of service by crashing the mongod process. This occurs when running $rankFusion or $scoreFusion with an empty pipeline on a view. During view resolutio...

7.1CVSS5.8AI score0.0023EPSS
Exploits0References12
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.10 views

GnuTLS 安全漏洞

GnuTLS is an open-source, free security communication library developed by GnuTLS that enables the implementation of SSL, TLS, and DTLS protocols. There is a security vulnerability in gnutls, which stems from the incorrect matching of usernames containing the NUL character with truncated username...

9.8CVSS5.8AI score0.0105EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/06 8:22 p.m.10 views

CVE-2026-7812

A vulnerability was found in 54yyyu code-mcp up to 4cfc4643541a110c906d93635b391bf7e357f4a8. The impacted element is the function gitoperation of the file src/codemcp/server.py of the component MCP Tool. Performing a manipulation of the argument operation results in command injection. The attack...

7.5CVSS6.8AI score0.01339EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/05/06 1:41 p.m.8 views

kernel: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache

A flaw was found in the Linux kernel's NFSv4.0 server nfsd. A remote, unauthenticated attacker can exploit this heap overflow vulnerability in the NFSv4.0 LOCK replay cache. By using two cooperating NFSv4.0 clients, where one sets a lock with a large owner string and another requests a conflictin...

9.8CVSS6.4AI score0.0049EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2026/05/06 12:0 a.m.7 views

com.brihaspathee.artemis:config-server (>=0.0.1 <=1.0.2), com.brihaspathee.sapphire:config-server (>=1.0.0 <=1.0.7) +17 more potentially affected by CVE-2026-40981 via org.springframework.cloud:spring-cloud-config-server (>=4.0.0 <=4.3.2)

org.springframework.cloud:spring-cloud-config-server MAVEN version =4.0.0, =0.0.1, =1.0.0, =3.0.3, =0.5, =0.0.1, =0.1.41-Beta, =1.0.1, =1.2.1-rc1, =7.0.0, =7.0.0, =26.01.01, =26.06.01 - org.octopusden.cloud.config-server:config-server =2.0.4 and more Source cves: CVE-2026-40981 Source advisory:...

7.5CVSS5.7AI score0.00435EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.6 views

RHCOS 4 : OpenShift Container Platform 4.1.11 openshift (RHSA-2019:2504)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:2504 advisory. - kubernetes: API server allows access to cluster-scoped custom resources as if resources were namespaced CVE-2019-11247 Note that Nessus has...

8.1CVSS7.2AI score0.02092EPSS
Exploits0References5
OSV
OSV
added 2026/05/05 10:16 p.m.9 views

DEBIAN-CVE-2026-28780

Heap-based Buffer Overflow vulnerability in modproxyajp of Apache HTTP Server. If modproxyajp connects to a malicious AJP server this AJP server can send a malicious AJP message back to modproxyajp and cause it to write 4 attacker controlled bytes after the end of a heap based buffer. This issue...

9.8CVSS5.8AI score0.01376EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/05 9:14 p.m.46 views

Hysteria: A specially constructed quic package can crash the server OOM when the sniff is enabled

Summary A specially constructed quic package can crash the server OOM when the sniff is enabled. Details When the server has sniff enabled, a valid connection can request the server to forward UDP traffic and construct a huge crypto length. The server will allocate memory according to this length...

5.8AI score
Exploits0References2Affected Software1
vulnersOsv
vulnersOsv
added 2026/05/05 8:16 p.m.8 views

a-mailx (=0.1.0), a2 (>=0.1.0 <=0.3.17) +362 more potentially affected by CVE-2026-35397 via jupyter-server (>=0.0.5 <=2.17.0)

jupyter-server PYPI version =0.0.5, =0.1.0, =0.14.0.3, =0.3.0, =0.1.0b0, =1.3.4, =0.18.3, =0.1.0, =1.0.1, =0.1.0, =0.14.0 and more Source cves: CVE-2026-35397 Source advisory: OSV:PYSEC-2026-68...

8.8CVSS6.3AI score0.00583EPSS
Exploits2
vulnersOsv
vulnersOsv
added 2026/05/05 4:32 p.m.7 views

a-mailx (=0.1.0), a2 (>=0.1.0 <=0.3.17) +362 more potentially affected by CVE-2025-61669 via jupyter-server (>=0.0.5 <=2.17.0)

jupyter-server PYPI version =0.0.5, =0.1.0, =0.14.0.3, =0.3.0, =0.1.0b0, =1.3.4, =0.18.3, =0.1.0, =1.0.1, =0.1.0, =0.14.0 and more Source cves: CVE-2025-61669 Source advisory: OSV:GHSA-QH7Q-6QM3-653W...

6.3CVSS7AI score0.00265EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/05/05 4:16 p.m.7 views

a-mailx (=0.1.0), a2 (>=0.1.0 <=0.3.17) +362 more potentially affected by CVE-2025-61669 via jupyter-server (>=0.0.5 <=2.17.0)

jupyter-server PYPI version =0.0.5, =0.1.0, =0.14.0.3, =0.3.0, =0.1.0b0, =1.3.4, =0.18.3, =0.1.0, =1.0.1, =0.1.0, =0.14.0 and more Source cves: CVE-2025-61669 Source advisory: OSV:PYSEC-2026-67...

6.3CVSS7AI score0.00265EPSS
Exploits1
CVE
CVE
added 2026/05/05 2:41 p.m.36 views

CVE-2026-34000

The CVE-2026-34000 issue affects the X.Org X server (Xwayland context) with an out-of-bounds read in XKB geometry processing, specifically in CheckSetGeom() and XkbAddGeomKeyAlias. An attacker with an X11 connection, locally or remotely, can read uninitialized/out-of-bounds memory and may crash t...

9.1CVSS5.7AI score0.00489EPSS
Exploits0References27Affected Software2
Rows per page
Query Builder