Lucene search
K

10983 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.16 views

Amazon Linux 2 : bind, --advisory ALAS2-2026-3321 (ALAS-2026-3321)

The version of bind installed on the remote host is prior to 9.11.4-26.P2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3321 advisory. Fix GSS-API resource leak CVE-2026-3039 An unauthenticated remote attacker can crash any affected named instance with a...

7.5CVSS5.6AI score0.0181EPSS
Exploits0References6
Fedora
Fedora
added 2026/06/06 1:2 a.m.31 views

[SECURITY] Fedora 44 Update: libinput-1.31.3-1.fc44

libinput is a library that handles input devices for display servers and other applications that need to directly deal with input devices. It provides device detection, device handling, input device event processing and abstraction so minimize the amount of custom input code the user of libinput...

5.6AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.12 views

CVE-2026-30624

Agent Zero 0.9.8 contains a remote code execution vulnerability in its External MCP Servers configuration feature. The application allows users to define MCP servers using a JSON configuration containing arbitrary command and args values. These values are executed by the application when the...

8.6CVSS6.9AI score0.00405EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:24 p.m.9 views

CVE-2026-44653

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, users with only VIEW access to an MCP server can retrieve the server's decrypted admin-managed secrets through GET /api/mcp/servers and GET /api/mcp/servers/:serverName. The returned...

6.5CVSS5.4AI score0.00276EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:23 p.m.9 views

CVE-2026-35443

NamelessMC is website software for Minecraft servers. In version 2.2.4, modules/Forum/classes/ForumPostReactionContext.php only verifies that the caller can view the forum, but it does not re-enforce topic-level viewothertopics authorization. As a result, in forums where users may enter the forum...

5.3CVSS5.4AI score0.00235EPSS
Exploits0References1
Fedora
Fedora
added 2026/06/05 4:9 a.m.28 views

[SECURITY] Fedora 43 Update: cockpit-362-1.fc43

The Cockpit Web Console enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELinux troubleshooting, interactive command-line sessions, and more...

8CVSS5.8AI score0.01016EPSS
Exploits0
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.6 views

Arista CloudVision eXchange 安全漏洞

Arista CloudVision eXchange is a control plane exchange platform developed by Arista Technologies in the United States, aimed at data centers and enterprise networks. There is a security vulnerability in Arista CloudVision eXchange. This vulnerability stems from EOS switches’ lack of flexibility...

7.1CVSS5.3AI score0.00235EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/04 10:3 a.m.14 views

CVE-2026-44211

Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. In versions 2.13.0 and prior, there is a cross-origin WebSocket hijack vulnerability in Cline Kanban servers. At time of publication, there are no publicly available patches...

9.6CVSS5.8AI score0.0018EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/03 7:27 p.m.12 views

CVE-2026-6477

A flaw was found in PostgreSQL libpq. A server superuser can exploit a buffer overflow vulnerability in the PQfn function, which is used by client functions such as loexport, loread, lolseek64, and lotell64. This allows the superuser to send an arbitrarily large response, overwriting the client's...

8.8CVSS6.5AI score0.00464EPSS
Exploits0References4
NVD
NVD
added 2026/06/03 2:16 p.m.19 views

CVE-2026-5241

A vulnerability in the LightGlue model loading path of huggingface/transformers version 5.2.0 allows an attacker-controlled model repository to execute arbitrary code during model initialization. The issue arises because the trustremotecode parameter, intended to prevent remote code execution, is...

9.6CVSS0.00531EPSS
Exploits1References7
OSV
OSV
added 2026/06/03 7:11 a.m.11 views

USN-8375-1 nginx vulnerabilities

It was discovered that the nginx ngxmailsmtpmodule module incorrectly handled certain memory operations when doing SMTP authentication. This could possibly result in sensitive information being sent to the authentication server. CVE-2025-53859 It was discovered that nginx incorrectly handled...

9.2CVSS6AI score0.61469EPSS
Exploits43References13
Packet Storm News
Packet Storm News
added 2026/06/03 12:0 a.m.35 views

Description-Code Inconsistency in Real-World MCP Servers: Measurement, Detection, and Security Implications

The Model Context Protocol MCP has emerged as a critical standard empowering Large Language Models LLMs to utilize external tools. In this ecosystem, LLMs rely on natural language descriptions provided by MCP servers to select and execute functions. This interaction implicitly assumes that tool...

6AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/03 12:0 a.m.184 views

Linux Distros Unpatched Vulnerability : CVE-2026-49975

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's modhttp leads to denial of service via malicious HTTP requests. This issue...

7.5CVSS7.1AI score0.11471EPSS
Exploits8References2
NVD
NVD
added 2026/06/02 11:16 p.m.16 views

CVE-2026-44653

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, users with only VIEW access to an MCP server can retrieve the server's decrypted admin-managed secrets through GET /api/mcp/servers and GET /api/mcp/servers/:serverName. The returned...

6.5CVSS0.00276EPSS
Exploits1References1
CVE
CVE
added 2026/06/02 10:40 p.m.30 views

CVE-2026-44653

LibreChat contains a vulnerability in versions up to 0.8.3 where users with only VIEW access to an MCP server can retrieve decrypted admin secrets via GET /api/mcp/servers and GET /api/mcp/servers/:serverName. The API returns plaintext values for apiKey.key and oauth.client_secret, enabling viewe...

6.5CVSS5.7AI score0.00276EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2026/06/02 4:44 p.m.11 views

EUVD-2026-33983

NamelessMC is website software for Minecraft servers. In version 2.2.4, core/classes/Misc/ProfilePostReactionContext.php only verifies that the wall post exists and does not enforce blocked/private-profile visibility. This means that authenticated low-privileged users can add reactions to private...

5.3CVSS5.8AI score0.00235EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/02 4:8 p.m.13 views

EUVD-2026-33976

NamelessMC is website software for Minecraft servers. In version 2.2.4,core/classes/Misc/ProfilePostReactionContext.php only verifies that the wall post exists and does not enforce blocked/private-profile visibility. modules/Core/queries/reactions.php allows unauthenticated GET requests for...

6.9CVSS5.8AI score0.00272EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/02 3:29 p.m.10 views

EUVD-2026-33960

NamelessMC is website software for Minecraft servers. In versions 2.2.4 and prior, the OAuth callback handling does not validate the state parameter server-side before exchanging the authorization code. This allows an attacker to capture a valid OAuth callback URL for their own account and cause ...

5.4CVSS5.8AI score0.00114EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/02 2:15 p.m.40 views

CVE-2026-48862 Unbounded conn.streams growth in Mint HTTP/2 client via unenforced PUSH_PROMISE concurrency

Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint Mint allows attacker-controlled HTTP/2 servers to exhaust memory in a Mint client via PUSHPROMISE flooding. In lib/mint/http2.ex, Mint.HTTP2.decodepushpromiseheadersandaddresponse/5 inserts a :reservedremote entry...

8.2CVSS0.00384EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.19 views

PT-2026-45787

Name of the Vulnerable Software and Affected Versions elixir-mint versions 0.1.0 through 1.8.x Description An issue exists where attacker-controlled HTTP/2 servers can cause memory exhaustion in a client. This occurs because the HTTP/2 receive path does not cap the accumulator when a HEADERS fram...

8.2CVSS6AI score0.00384EPSS
Exploits0References13
Rows per page
Query Builder