Lucene search
K

16898 matches found

Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.17 views

PT-2026-49200

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains a hard-coded cryptographic key in the SafeSystem.Infrastructure.Security.dll component. An attacker with access to the application files can reverse engineer the DLL and recover the hard-coded cryptographic key. This...

6.8CVSS5.2AI score0.0012EPSS
Exploits1References3
NVD
NVD
added 2026/06/09 5:17 p.m.14 views

CVE-2026-47292

Inclusion of functionality from untrusted control sphere in Visual Studio Code allows an unauthorized attacker to elevate privileges locally...

7.8CVSS0.00368EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 5:6 p.m.11 views

CVE-2026-42987 Windows Deployment Services (WDS) Remote Code Execution

...

8.1CVSS5.4AI score0.00589EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 5:4 p.m.9 views

CVE-2026-47287 Visual Studio Code Tampering Vulnerability

...

6.5CVSS5.4AI score0.00622EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.20 views

PT-2026-47330

Name of the Vulnerable Software and Affected Versions phpMyFAQ versions prior to 4.1.4 Description Attachment passwords are hashed using SHA-1, which is a cryptographically broken algorithm susceptible to collision attacks. A collision attack occurs when two different inputs produce the same hash...

6.9CVSS5.8AI score0.00182EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.13 views

Google Chrome 输入验证错误漏洞

Google Chrome is a web browser developed by the American company Google. Google Chrome has a vulnerability related to input validation, which stems from Skia’s insufficient validation of untrusted inputs...

3.1CVSS5.3AI score0.002EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.12 views

CVE-2026-29199

phpBB before 3.3.16 is vulnerable to Host Header Injection that can lead to password rest link poisoning. When forceservervars is disabled, the servers hostname may be extracted from the HTTP Host header which is used to generate the password reset link URL. An attacker who can manipulate the Hos...

8.1CVSS5.5AI score0.00249EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.15 views

PT-2026-48562

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.1.2-24 Description ImageMagick is free and open-source software used for editing and manipulating digital images. A negative heap buffer over-write occurs when using an image with a mask and the Floyd-Steinberg...

7.8CVSS5.7AI score0.01849EPSS
Exploits4References88
vulnersOsv
vulnersOsv
added 2026/06/03 9:3 p.m.22 views

@accounter/client (>=0.0.3 <=0.0.12-alpha-20260427054851-6925deba4595cf0c72d3875df0a094608b394a27), @appigram/react-code-split-ssr (=1.3.7) +130 more potentially affected by CVE-2026-42211 via react-router (>=7.0.0 <=7.14.1)

react-router NPM version =7.0.0, =0.0.3, =0.0.2, =3.5.2, =1.1.0, =1.0.1-MON-198808-web-js-deps-batch-1.0, =0.0.1, =3.4.9, =0.1.9, =1.27.1, =1.27.1, =0.3.1, =0.5.1 and more Source cves: CVE-2026-42211 Source advisory: OSV:GHSA-49RJ-9FVP-4H2H...

8.1CVSS5.7AI score0.00416EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/01 10:3 p.m.13 views

CVE-2026-48811

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.221, FreeScout allows a non-admin user to permanently delete an internal note private thread from any conversation, even after that user's access to the mailbox containing the conversation has been...

4.3CVSS5.7AI score0.00155EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/31 11:15 p.m.9 views

CVE-2026-10202

A vulnerability was identified in OFCMS 1.1.3. This issue affects the function Query of the file \ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\system\SystemDictController.java of the component JSON Query Interface. The manipulation leads to sql injection. The attack can be initiated...

6.5CVSS6.4AI score0.00192EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/31 12:0 a.m.9 views

OFFIS DCMTK 安全漏洞

OFFIS DCMTK is a collection of libraries and applications developed by the German company OFFIS that implement most DICOM standards. It includes software for checking, processing, and converting DICOM image files, handling offline media, sending and receiving images via network connections, as we...

6.5CVSS6.7AI score0.00247EPSS
Exploits0References5
OSV
OSV
added 2026/05/29 8:16 p.m.11 views

DEBIAN-CVE-2026-45149

The brace-expansion library generates arbitrary strings containing a common prefix and suffix. From 5.0.0 to before 5.0.6, the max option was being applied too late. When expanding a single large numeric range like 1..10000000, the sequence generation loop generates all 10 million intermediate...

7.5CVSS6AI score0.00278EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/29 6:15 p.m.38 views

CVE-2026-49383

In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible...

3.3CVSS0.00109EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/29 2:46 p.m.12 views

EUVD-2018-21919

PHP-SHOP 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to add administrative users by crafting malicious HTML forms. Attackers can trick authenticated administrators into visiting a page containing a hidden form that automatically submits POST...

6.9CVSS5.7AI score0.00162EPSS
Exploits0References3
Redos
Redos
added 2026/05/29 12:0 a.m.14 views

ROS-20260529-73-0019

The vulnerability of the software for interacting with servers via CURL is related to the storage of dangerous files. Exploiting this vulnerability allows a remote attacker to compromise the integrity of data...

6.5CVSS7.3AI score0.04313EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.19 views

PT-2026-44127

Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: 36f5fb58366a67b713c02f6fd985e924fcc09e31...

8.8CVSS5.8AI score0.00324EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/26 8:16 p.m.16 views

EUVD-2026-31987

MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.0, MaxKB's webhook trigger endpoint /api/trigger/v1/webhook/triggerid is accessible without authentication. The WebhookAuth class unconditionally returns None, , which Django REST Framework interprets as successful authentication...

7.5CVSS5.9AI score0.00271EPSS
Exploits0References2
OSV
OSV
added 2026/05/22 10:16 p.m.7 views

UBUNTU-CVE-2026-41074

RT is an open source, enterprise-grade issue and ticket tracking system. Versions 6.0.0 through 6.0.2 contain a Cross-Site Request Forgery CSRF vulnerability. An attacker who can induce a logged-in RT user to visit a malicious web page can trigger arbitrary state-changing actions in RT on that...

7.1CVSS5.9AI score0.00117EPSS
Exploits0References4
OSV
OSV
added 2026/05/21 4:27 p.m.13 views

RLSA-2026:1381 Moderate: osbuild-composer security update

A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients. Security Fixes: golang:...

7.5CVSS7.2AI score0.00419EPSS
Exploits0References2
Rows per page
Query Builder