Lucene search
+L

712 matches found

Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.13 views

PT-2026-39821

Name of the Vulnerable Software and Affected Versions iOS versions prior to 26.5 iPadOS versions prior to 26.5 macOS Tahoe versions prior to 26.5 tvOS versions prior to 26.5 Description A null pointer dereference—a condition where a program attempts to read or write to a memory location that is...

6.2CVSS5.8AI score0.00159EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.13 views

PT-2026-39824

Name of the Vulnerable Software and Affected Versions iOS versions prior to 26.5 iPadOS versions prior to 26.5 macOS Tahoe versions prior to 26.5 visionOS versions prior to 26.5 watchOS versions prior to 26.5 Description A permissions issue exists where an app may be able to bypass certain Privac...

5.5CVSS5.8AI score0.00129EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.15 views

PT-2026-39772

Name of the Vulnerable Software and Affected Versions iOS versions prior to 18.7.9 iPadOS versions prior to 18.7.9 iOS versions prior to 26.5 iPadOS versions prior to 26.5 macOS Tahoe versions prior to 26.5 tvOS versions prior to 26.5 visionOS versions prior to 26.5 watchOS versions prior to 26.5...

8.8CVSS5.8AI score0.00693EPSS
Exploits0References96
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.18 views

PT-2026-39805

An issue with app access to camera metadata was addressed with improved logic. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, visionOS 26.5. An app may be able to capture a user's screen...

5.8AI score0.00123EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.13 views

Apple多款产品 安全漏洞

Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. Apple VisionOS is an operating system designed for AR glasses. Several Apple products have security...

8.8CVSS7.1AI score0.00693EPSS
Exploits0References10
Oracle linux
Oracle linux
added 2026/05/05 12:0 a.m.14 views

python-tornado security update

6.5.5-1.1 - Update to 6.5.5 Resolves: RHEL-160934...

8.7CVSS7.3AI score0.00375EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/05/01 12:0 a.m.12 views

Wireshark 4.6.x < 4.6.5 Multiple Vulnerabilities (macOS)

The version of Wireshark installed on the remote macOS / Mac OS X host is prior to 4.6.5. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-4.6.5 advisory. - RF4CE Profile protocol dissector crash in Wireshark 4.6.0 to 4.6.3 and 4.4.0 to 4.4.13 allows denial of...

8.8CVSS6.1AI score0.0039EPSS
Exploits42References151
ATTACKERKB
ATTACKERKB
added 2026/04/24 6:56 p.m.6 views

CVE-2026-41894

SiYuan is an open-source personal knowledge management system. Prior to 3.6.5, the fix for CVE-2026-30869 only added a denylist check IsSensitivePath but did not address the root cause — a redundant url.PathUnescape call in serveExport. An authenticated attacker can use double URL encoding...

9.8CVSS5.6AI score0.01028EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/04/24 6:53 p.m.3 views

CVE-2026-41421 SiYuan Desktop Notification XSS Leads to Electron RCE

SiYuan is an open-source personal knowledge management system. Prior to 3.6.5, SiYuan desktop renders notification messages as raw HTML inside an Electron renderer. The notification route POST /api/notification/pushMsg accepts a user-controlled msg value, forwards it through the backend broadcast...

8.8CVSS6.1AI score0.00134EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/04/17 12:0 a.m.7 views

Unity Linux 20.1070a Security Update: pcs (UTSA-2026-007275)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007275 advisory. Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, a single maliciously crafted HTTP request can block the server's...

7.5CVSS6.4AI score0.00403EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/14 6:26 p.m.9 views

CVE-2026-34623

Adobe Experience Manager versions 6.5.24, FP11.7 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of thi...

5.4CVSS5.8AI score0.00157EPSS
Exploits0References2
CVE
CVE
added 2026/04/14 6:25 p.m.21 views

CVE-2026-34624

Adobe Experience Manager (AEM) up to version 6.5.24, FP11.7 and earlier is affected by a DOM-based XSS (CWE-79). The issue allows an attacker to manipulate the DOM to execute malicious JavaScript in the victim’s browser, with exploitation requiring user interaction (victim visits a crafted webpag...

5.4CVSS5.8AI score0.00157EPSS
Exploits0References1Affected Software2
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.14 views

PT-2026-32898

Adobe Experience Manager versions 6.5.24, FP11.7 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of thi...

5.4CVSS5.8AI score0.00157EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/04/13 2:11 p.m.8 views

WordPress SpeakOut! Email Petitions plugin <= 4.6.5 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin SpeakOut! Email Petitions versions = 4.6.5...

6AI score0.00296EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/04/11 2:5 p.m.11 views

OESA-2026-1905 ncurses security update

The ncurses new curses library is a free software emulation of curses in System V Release 4.0 SVr4, and more. It uses terminfo format, supports pads and color and multiple highlights and forms characters and function-key mapping, and has all the other SVr4-curses enhancements over BSD curses. SVr...

9.8CVSS6.2AI score0.00414EPSS
Exploits1References2
OSV
OSV
added 2026/04/10 7:9 p.m.3 views

CVE-2026-27460 Tandoor Recipes Affected by Denial of Service via Recipe Import

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.5, a critical Denial of Service DoS vulnerability was in the recipe import functionality. This vulnerability allows an authenticated user to crash the server or make a significantly...

6.5CVSS6AI score0.00298EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.8 views

Tandoor Recipes 安全漏洞

Tandoor Recipes is an open-source application developed by Tandoor Recipes for managing recipes, planning meals, creating shopping lists, and more. Versions of Tandoor Recipes prior to 2.6.5 contained security vulnerabilities. These vulnerabilities stemmed from defects in the recipe import...

6.5CVSS5.8AI score0.00298EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/04/08 6:18 p.m.19 views

CVE-2026-34782 Zammad has improper access control in AI assistance controller for text tools

Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the REST endpoint POST /api/v1/aiassistance/texttools/:id was not checking if a user is privileged to use the text tool, resulting in being able to use it in all situations. This vulnerability is fixed i...

5.3CVSS0.00169EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/08 6:12 p.m.4 views

CVE-2026-34721 Zammad has Cross-site request forgery (CSRF) in OAuth callback endpoints

Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the OAuth callback endpoints for Microsoft, Google, and Facebook external credentials do not validate a CSRF state parameter. This vulnerability is fixed in 7.0.1 and 6.5.4...

5.9CVSS5.9AI score0.00103EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/08 6:2 p.m.4 views

EUVD-2026-20559

Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the webhook model was missing a proper validation for loop back addresses, or link-local addresses — only the URL scheme HTTP/HTTPS as well as the hostname was checked. This could end up in retrieving...

8.3CVSS5.9AI score0.00244EPSS
Exploits0References1
Rows per page
Query Builder