Lucene search
K

6412 matches found

Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.12 views

PT-2026-51307

Name of the Vulnerable Software and Affected Versions MISP Core affected versions not specified Description Broken access-control checks exist in the bulk deletion flows for Event Reports and Sharing Groups. The deleteSelection handlers authorized deletions using broad role-level permissions...

9.4CVSS5.8AI score0.00261EPSS
Exploits0References9
Amazon
Amazon
added 2026/06/22 12:0 a.m.5 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: smb: client: reject userspace cifs.spnego descriptions CVE-2026-46243 Affected Packages: kernel Note: This advisory is applicable to Amazon Linux 2 - Kernel-5.4 Extra. Visit this page to learn more about Amazon...

7.8CVSS5.7AI score0.00353EPSS
Exploits4
CVE
CVE
added 2026/06/19 1:10 p.m.16 views

CVE-2026-47339

CVE-2026-47339 affects Apache APISIX (authz-casdoor plugin). Under default configuration, it allows an attacker to authenticate using credentials from a different source, indicating an incorrect authorization vulnerability across versions 2.14.1 through 3.16.0. The risk is described as high (per ...

8.1CVSS5.9AI score0.00285EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/19 1:10 p.m.31 views

CVE-2026-47339 Apache APISIX: authz-casdoor incorrect session sharing

Incorrect Authorization vulnerability in Apache APISIX. An attacker can capitalise on authz-casdoor plugin under default configuration to authenticate themselves with credentials from a different source. This issue affects Apache APISIX: from 2.14.1 through 3.16.0. Users are recommended to upgrad...

5.3CVSS0.00285EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

A flaw was discovered in the handling of SMB2 read requests within the kernel’s ksmbd module. The issue arises due to the lack of proper validation of user-provided data, which can lead to reading data beyond the end of an allocated buffer. An attacker can exploit this vulnerability to disclose...

7.5CVSS7AI score0.01095EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Jetty9

In Eclipse Jetty versions 9.4.0 to 9.4.56, a buffer can be released incorrectly when encountering a gzip error during the inflation of a request body. This can lead to corrupted data and/or inadvertent sharing of data between requests...

7.2CVSS6.7AI score0.00432EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Linux, Linux 5.10

The non-transparent sharing of branch predictor selectors between contexts in some Intel processors may allow an authorized user to potentially enable information disclosure through local access...

6.5CVSS6.6AI score0.00508EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in Samba

In DCE/RPC, it is possible to share handles cookies for resource state between multiple connections through a mechanism called “association groups”. These handles can reference connections to our sam.ldb database. However, while the database is correctly shared, the user credentials are only...

8.8CVSS7.1AI score0.01888EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.1 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: smb: client: fixed UAF in smb2reconnectserver The UAF bug occurs because smb2reconnectserver accesses a session that is already being torn down by another thread that is executing cifsputsmbses. This can happen when a the client...

4.4CVSS6.2AI score0.00228EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Tomcat9

The simplified implementation of blocking reads and writes introduced in Tomcat 10, and backported to Tomcat 9.0.47 and later versions, exposed a long-standing but extremely difficult to trigger concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60, and...

3.7CVSS6.7AI score0.01746EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in Linux, Linux 5.10

The non-transparent sharing of the branch predictor within the context of some Intel processors may allow an authorized user to potentially enable information disclosure through local access...

6.5CVSS6.7AI score0.00447EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/19 3:0 a.m.7 views

CVE-2026-56132

In libexpat before 2.8.2, there is a heap-based buffer overflow in doProlog in xmlparse.c because scaffold backing array reallocation is mishandled when there is data-structure sharing across parsers...

6.9CVSS5.5AI score0.00088EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2026/06/19 3:0 a.m.6 views

CVE-2026-56132

In libexpat before 2.8.2, there is a heap-based buffer overflow in doProlog in xmlparse.c because scaffold backing array reallocation is mishandled when there is data-structure sharing across parsers...

6.9CVSS6AI score0.00088EPSS
Exploits0
NVD
NVD
added 2026/06/18 2:17 p.m.16 views

CVE-2026-56007

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in OceanWP Ocean Product Sharing allows Stored XSS. This issue affects Ocean Product Sharing: from n/a through 2.2.2...

5.9CVSS0.00143EPSS
Exploits0References1
CVE
CVE
added 2026/06/18 9:44 a.m.15 views

CVE-2026-56007

CVE-2026-56007 affects WordPress Ocean Product Sharing plugin versions up to and including 2.2.2. The issue is a Stored Cross-Site Scripting (XSS) vulnerability caused by improper neutralization of input during web page generation in OceanWP Ocean Product Sharing. The vulnerability impact is limi...

5.9CVSS5.2AI score0.00143EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/18 9:44 a.m.18 views

CVE-2026-56007 WordPress Ocean Product Sharing plugin <= 2.2.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in OceanWP Ocean Product Sharing allows Stored XSS. This issue affects Ocean Product Sharing: from n/a through 2.2.2...

5.9CVSS0.00143EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/18 9:44 a.m.10 views

EUVD-2026-37870

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in OceanWP Ocean Product Sharing allows Stored XSS. This issue affects Ocean Product Sharing: from n/a through 2.2.2...

5.9CVSS5.2AI score0.00143EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/18 9:44 a.m.6 views

CVE-2026-56007

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in OceanWP Ocean Product Sharing allows Stored XSS. This issue affects Ocean Product Sharing: from n/a through 2.2.2...

5.9CVSS5.2AI score0.00143EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/06/18 9:43 a.m.9 views

WordPress Ocean Product Sharing plugin <= 2.2.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Ocean Product Sharing versions = 2.2.2...

5.9CVSS5.2AI score0.00143EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/06/17 10:16 p.m.8 views

CVE-2026-48989

Windows-MCP is an open-source project that integrates AI agents with Windows. In versions prior to 0.7.5, certain HTTP modes exposed the MCP control plane without authentication while enabling wildcard CORS alloworigins=, allowmethods=, allowheaders=. Because the same server also exposed a...

9.3CVSS0.00397EPSS
Exploits0References2
Rows per page
Query Builder