Lucene search
K

2065 matches found

EUVD
EUVD
added 6 days ago8 views

EUVD-2026-42148

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the devcontainer recreate endpoint relied on route middleware that checked only ActionRead on the workspace and, unlike the sibling delete endpoint, perform...

5.4CVSS6AI score0.00394EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/03 12:31 a.m.9 views

EUVD-2026-41451

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS spamBlocker module allows Stored XSS. This vulnerability is an additional unmitigated attack path for CVE-2025-1071. This issue affects Fireware OS 12.0 up to and...

4.8CVSS5.7AI score0.00234EPSS
Exploits0References2
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-402 Remote Code Execution via path traversal bypass in lollms

CVE-2024-4320 describes a vulnerability in the parisneo/lollms software, specifically within the ExtensionBuilder.buildextension function. The vulnerability arises from the /mountextension endpoint, where a path traversal issue allows attackers to navigate beyond the intended directory structure...

9.8CVSS7.6AI score0.01154EPSS
Exploits1References6
SUSE CVE
SUSE CVE
added 2026/06/12 2:25 a.m.9 views

SUSE CVE-2026-46523

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2.23 and 6.9.13-48, a crafted MSL image can trigger a heap-use-after-free. Versions 7.1.2.23 and 6.9.13-48 fix the issue...

5.5CVSS5.2AI score0.00301EPSS
Exploits0References6
Packet Storm News
Packet Storm News
added 2026/06/07 12:0 a.m.8 views

AutoSUT: The Environment Semantics Gap in Structured CTI for Adversary Emulation

Structured Cyber Threat Intelligence CTI is increasingly used for adversary emulation, detection evaluation, and cyber range design. However, these workflows still require a target System Under Test SUT whose environment is not fully described by public CTI. We measure how much of that environmen...

5.5AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/06 12:0 a.m.11 views

PT-2026-47135

Name of the Vulnerable Software and Affected Versions OptinCraft – Drag & Drop Optins & Popup Builder for WordPress versions prior to 1.2.1 Description The plugin is subject to generic SQL Injection, a flaw where an attacker can interfere with the queries that an application makes to its database...

4.9CVSS5.6AI score0.00259EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.9 views

CVE-2025-31975

HCL BigFix Service Management SM is affected by an Information Disclosure – Server Banner issue was identified. Exposed server banners may reveal software versions and system details, potentially aiding attackers in targeting known vulnerabilities...

5.3CVSS5.5AI score0.00172EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/05 7:36 p.m.17 views

Security Bulletin: The following vulnerabilities that can affect IBM Storage Scale Management GUI, Cloudkit or HDFS layer are now fixed in 5.2.3.7 and 6.0.1.0 or higher

Summary The following vulnerabilities, which can affect IBM Storage Scale Management GUI CVE-2026-26996, CVE-2026-27903, CVE-2026-27904, CVE-2026-2739 , Cloudkit used to provision Storage Scale in supported cloud providers CVE-2026-24051 or HDFS layer for Hadoop deployments CVE-2025-33042 are now...

8.7CVSS7.4AI score0.00602EPSS
Exploits3Affected Software1
CVE
CVE
added 2026/06/02 7:0 p.m.16 views

CVE-2019-25723

CVE-2019-25723 describes an improper input handling vulnerability in Dräger Perseus A500 software 2.00–2.02 . An external attacker can cause a DoS by sending specially crafted, non-Medibus‑compliant data through the Medibus interface , flooding the internal processor and triggering a warm restart...

6.3CVSS5.8AI score0.00236EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/02 7:0 p.m.14 views

EUVD-2019-20159

Dräger Perseus A500 software versions 2.00 through 2.02 contains an improper input handling vulnerability that allows external attackers to cause a denial of service by sending specifically crafted non-Medibus-compliant data through the Medibus interface. Attackers can overload the internal...

6.3CVSS5.8AI score0.00236EPSS
Exploits0References2
CVE
CVE
added 2026/06/02 6:44 p.m.20 views

CVE-2019-25722

The CVE-2019-25722 entry concerns Dräger SC Monitoring devices (SC 6002XL, SC 6802XL, SC 7000, SC 8000, SC 9000 XL). Affected component: source code contains hard-coded plaintext credentials that can be used by a local attacker to access service and clinical accounts; a remote attacker can send m...

7.6CVSS5.9AI score0.00193EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/02 6:44 p.m.8 views

CVE-2019-25722 Dräger SC Monitoring Devices Hard-coded Credentials and DoS

Dräger SC Monitoring devices SC 6002XL, SC 6802XL, SC 7000, SC 8000, SC 9000 XL contain hard-coded plaintext credentials in source code and a denial-of-service vulnerability that allows local and remote attackers to compromise device integrity across all software versions. A local attacker with...

7.6CVSS5.9AI score0.00193EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.13 views

PT-2026-45815

Name of the Vulnerable Software and Affected Versions Dräger Atlan A350 versions 1.00 through 1.01 Description Improper input handling allows attackers to cause a denial of service by sending specifically crafted non-Medibus-compliant data through the Medibus interface. Transmitting malformed dat...

6.3CVSS5.8AI score0.00241EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.16 views

PT-2026-45811

Name of the Vulnerable Software and Affected Versions Dräger SC Monitoring devices SC 6002XL, SC 6802XL, SC 7000, SC 8000, SC 9000 XL affected versions not specified Description These devices contain hard-coded plaintext credentials in the source code and are susceptible to a denial-of-service...

7.6CVSS5.6AI score0.00193EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/29 12:38 a.m.12 views

EUVD-2026-33229

An access bypass vulnerability in Drupal TFA Basic Plugins allows users with the administer users permission to view or generate recovery codes for other users. This issue affects TFA Basic Plugins: from 7.x-1.0 through 7.x-1.2...

5.1CVSS5.8AI score0.00321EPSS
Exploits1References3
CVE
CVE
added 2026/05/27 12:56 p.m.24 views

CVE-2026-5065

CVE-2026-5065: IBM Controller versions 11.0.1, 11.1.0, 11.1.1, and 11.1.2 contain hard-coded credentials used for inbound authentication, outbound communication, or internal data encryption. Affected products: IBM Controller 11.0.1–11.1.2. Severity is high (CVSS v3.1: 8.8, NETWORK attack vector, ...

8.8CVSS5.8AI score0.0019EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/26 11:59 p.m.13 views

CVE-2026-8606

A Server-Side Request Forgery SSRF vulnerability was identified in GitHub Enterprise Server that allowed an attacker to cause the server to issue HTTP requests to internal services via the security advisories package lookup feature. By directing requests to an internal management service and...

7CVSS5.8AI score0.00386EPSS
Exploits0References7Affected Software1
The Hacker News
The Hacker News
added 2026/05/20 11:38 a.m.26 views

GitHub Breached — Employee Device Hack Led to Exfiltration of 3,800+ Internal Repos

GitHub on Tuesday said it's investigating unauthorized access to its internal repositories after the notorious threat actor known as TeamPCP listed the platform's source code and internal organizations for sale on a cybercrime forum. "While we currently have no evidence of impact to customer...

6.1AI score
Exploits0
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.9 views

GitLab 安全漏洞

GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD continuous integration and delivery. There were security vulnerabilities in versions prior to GitLab EE...

4.3CVSS5.9AI score0.00146EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/13 2:12 p.m.8 views

CVE-2026-40629 BIG-IP SSL/TLS vulnerability

When SSL profiles are configured on a virtual server, undisclosed traffic can cause the virtual server to stop processing new client connections. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

8.7CVSS5.8AI score0.00324EPSS
Exploits0References1
Rows per page
Query Builder