Lucene search
K

7923 matches found

Vulnrichment
Vulnrichment
added 2026/04/06 9:33 p.m.3 views

CVE-2026-35411 Directus is an Open Redirect in Admin 2FA Setup Page

Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.16.1, Directus is vulnerable to an open redirect via the redirect query parameter on the /admin/tfa-setup page. When an administrator who has not yet configured Two-Factor Authentication 2FA visits a...

4.3CVSS5.9AI score0.00256EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/06 9:33 p.m.8 views

CVE-2026-35411

Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.16.1, Directus is vulnerable to an open redirect via the redirect query parameter on the /admin/tfa-setup page. When an administrator who has not yet configured Two-Factor Authentication 2FA visits a...

4.3CVSS5.9AI score0.00256EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/04/06 9:33 p.m.14 views

CVE-2026-35411 Directus is an Open Redirect in Admin 2FA Setup Page

Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.16.1, Directus is vulnerable to an open redirect via the redirect query parameter on the /admin/tfa-setup page. When an administrator who has not yet configured Two-Factor Authentication 2FA visits a...

4.3CVSS0.00256EPSS
Exploits0References1
CVE
CVE
added 2026/04/06 9:33 p.m.22 views

CVE-2026-35411

Directus prior to 11.16.1 is vulnerable to an open redirect on the /admin/tfa-setup page via the redirect parameter. An administrator who has not configured 2FA can be presented with the legitimate 2FA setup page, and after completing setup the app redirects to an attacker‑controlled URL without ...

4.3CVSS5.9AI score0.00256EPSS
Exploits0References1Affected Software1
GithubExploit
GithubExploit
added 2026/04/06 6:55 p.m.104 views

VulnHive-AI

Pentest Agent AI-powered penetration testing agent using Clau...

5.9AI score
Exploits0
NVD
NVD
added 2026/04/06 6:16 p.m.6 views

CVE-2026-35043

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.38, the cloud deployment path in src/bentoml/internal/cloud/deployment.py was not included in the fix for CVE-2026-33744. Line 1648 interpolates systempackages directly into a...

7.8CVSS0.00315EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/06 5:10 p.m.1 views

CVE-2026-35043 BentoML: command injection in cloud deployment setup script (deployment.py)

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.38, the cloud deployment path in src/bentoml/internal/cloud/deployment.py was not included in the fix for CVE-2026-33744. Line 1648 interpolates systempackages directly into a...

7.8CVSS6.5AI score0.00315EPSS
Exploits1References1
CVE
CVE
added 2026/04/06 5:10 p.m.10 views

CVE-2026-35043

CVE-2026-35043 affects BentoML prior to 1.4.38. The cloud deployment path in bentoml/_internal/cloud/deployment.py interpolates system_packages directly into a shell command in the generated setup.sh, enabling remote code execution on the CI/CD cloud build infrastructure during deployment. The is...

7.8CVSS6.5AI score0.00315EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2026/04/06 3:31 p.m.4 views

EUVD-2026-19241

A vulnerability was identified in Free5GC 4.2.0. This affects an unknown function of the component NGSetupRequest Handler. Such manipulation leads to denial of service. The attack may be launched remotely. The exploit is publicly available and might be used...

6.9CVSS5.7AI score0.00419EPSS
Exploits0References8
NVD
NVD
added 2026/04/06 3:17 p.m.3 views

CVE-2026-5661

A vulnerability was identified in Free5GC 4.2.0. This affects an unknown function of the component NGSetupRequest Handler. Such manipulation leads to denial of service. The attack may be launched remotely. The exploit is publicly available and might be used...

6.9CVSS0.00419EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/04/06 2:8 p.m.5 views

CVE-2026-5661 Free5GC NGSetupRequest denial of service

A vulnerability was identified in Free5GC 4.2.0. This affects an unknown function of the component NGSetupRequest Handler. Such manipulation leads to denial of service. The attack may be launched remotely. The exploit is publicly available and might be used...

6.9CVSS5.7AI score0.00419EPSS
Exploits0References7
CVE
CVE
added 2026/04/06 2:8 p.m.7 views

CVE-2026-5661

The CVE-2026-5661 affects Free5GC 4.2.0, specifically the NGSetupRequest Handler. The vulnerability allows denial of service via remote manipulation of the NGSetupRequest function. The attack can be launched remotely, and a public exploit is available. No remediation details are provided in the s...

6.9CVSS5.7AI score0.00419EPSS
Exploits0References7
NVD
NVD
added 2026/04/06 8:16 a.m.3 views

CVE-2026-31409

In the Linux kernel, the following vulnerability has been resolved: ksmbd: unset conn-binding on failed binding request When a multichannel SMB2SESSIONSETUP request with SMB2SESSIONREQFLAGBINDING fails ksmbd sets conn-binding = true but never clears it on the error path. This leaves the connectio...

8.8CVSS0.00454EPSS
Exploits0References7
OSV
OSV
added 2026/04/06 8:16 a.m.4 views

UBUNTU-CVE-2026-31409

In the Linux kernel, the following vulnerability has been resolved: ksmbd: unset conn-binding on failed binding request When a multichannel SMB2SESSIONSETUP request with SMB2SESSIONREQFLAGBINDING fails ksmbd sets conn-binding = true but never clears it on the error path. This leaves the connectio...

8.8CVSS5.7AI score0.00454EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2026/04/06 8:9 a.m.5 views

kernel: Linux kernel: Local denial of service and memory leak in DAMON sysfs via setup failure

A flaw was found in the Linux kernel's Data Access MONitor DAMON sysfs interface. A local attacker, typically a privileged user, could exploit a cleanup bug during DAMON context setup. If the setup fails after the attrs directory is created, stale sysfs directories are left behind. This can lead ...

5.5CVSS5.9AI score0.00122EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/04/06 7:38 a.m.2 views

CVE-2026-31409

In the Linux kernel, the following vulnerability has been resolved: ksmbd: unset conn-binding on failed binding request When a multichannel SMB2SESSIONSETUP request with SMB2SESSIONREQFLAGBINDING fails ksmbd sets conn-binding = true but never clears it on the error path. This leaves the connectio...

8.8CVSS5.2AI score0.00454EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/06 12:0 a.m.3 views

PT-2026-30605

A vulnerability was identified in Free5GC 4.2.0. This affects an unknown function of the component NGSetupRequest Handler. Such manipulation leads to denial of service. The attack may be launched remotely. The exploit is publicly available and might be used...

6.9CVSS5.7AI score0.00419EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/04/06 12:0 a.m.7 views

free5GC 安全漏洞

free5GC is an open-source project for the 5th generation 5G mobile core network. Version 4.2.0 of free5GC contains a security vulnerability, which stems from issues with the NGSetupRequest Handler component and could lead to denial-of-service attacks...

6.9CVSS6.1AI score0.00419EPSS
Exploits0References7
OSV
OSV
added 2026/04/05 7:35 p.m.4 views

MAL-2026-2494 Malicious code in databasetapes (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d859d21aa59dfad2efc5c2f98253cd1cc808621fb3b7525037c104324e27dfe8 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

6AI score
Exploits0References9
Microsoft CVE
Microsoft CVE
added 2026/04/05 8:2 a.m.4 views

util-linux: TOCTOU Race Condition in util-linux mount(8) - Loop Device Setup

...

4.7CVSS5.8AI score0.00118EPSS
Exploits1
Rows per page
Query Builder