Lucene search
K

26447 matches found

EUVD
EUVD
added 17 hours ago6 views

EUVD-2026-43551

The SCORM lab launch endpoint in Skillable scorm.skillable.com through 2026-07-13 does not validate the client-supplied userId parameter against the authenticated SCORM session token. An authenticated user can substitute arbitrary userId values to bypass per-user lab launch rate limits and consum...

6.3CVSS6.2AI score
Exploits0References5
RedHat Linux
RedHat Linux
added 3 days ago7 views

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: rust: cargo-1.97.0-1.1.hum1 aarch64, x8664 clippy-1.97.0-1.1.hum1 aarch64, x8664 rust-1.97.0-1.1.hum1 aarch64, x8664 rust-analyzer-1.97.0-1.1.hum1 aarch64, x8664...

7.5CVSS6.6AI score0.00374EPSS
Exploits3References10
EUVD
EUVD
added 5 days ago4 views

EUVD-2026-42649

An improper input handling vulnerability in the RTSP service of Tenda CP3 V3.0 firmware V31.1.9.91 causes the device to abruptly terminate the TCP connection with a RST packet when a request containing an oversized field value is received, without returning any RFC 2326-compliant error response...

7.5CVSS6AI score0.00324EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 5 days ago8 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS7.2AI score0.00728EPSS
Exploits0References8
CVE
CVE
added 6 days ago23 views

CVE-2026-55778

Parse Server is affected by a stored XSS vulnerability where the default fileUpload.fileExtensions blocklist can be bypassed using non-standard or compound extensions paired with a dangerous Content-Type. This enables attacker-supplied content to be served by storage adapters (e.g., S3, GCS) and ...

2.1CVSS5.6AI score0.00406EPSS
Exploits0References7
Cvelist
Cvelist
added 6 days ago33 views

CVE-2026-55778 Parse Server: Stored XSS via non-standard file extension bypassing file upload extension blocklist

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.9.1-alpha.11 and 8.6.81, the default fileUpload.fileExtensions blocklist could be bypassed by uploading a file with a non-standard or compound extension and dangerous content type,...

2.1CVSS0.00406EPSS
Exploits0References7
NVD
NVD
added 6 days ago8 views

CVE-2026-60124

An authorization bypass in MISP’s EventsController::importModule allowed authenticated users or read-only API keys with event view access to persist data to events they were not allowed to modify. When an import module returned results in the mispstandard format, the write path did not verify eve...

5.3CVSS0.0022EPSS
Exploits0References1
EUVD
EUVD
added 6 days ago5 views

EUVD-2026-42239

An authorization bypass in MISP’s EventsController::importModule allowed authenticated users or read-only API keys with event view access to persist data to events they were not allowed to modify. When an import module returned results in the mispstandard format, the write path did not verify eve...

5.3CVSS6AI score0.0022EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago31 views

CVE-2026-60124 MISP importModule missing authorization allows read-only users to modify events via misp_standard imports

An authorization bypass in MISP’s EventsController::importModule allowed authenticated users or read-only API keys with event view access to persist data to events they were not allowed to modify. When an import module returned results in the mispstandard format, the write path did not verify eve...

5.3CVSS0.0022EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/07/07 6:15 p.m.5 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS6AI score0.00728EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/07/07 3:48 p.m.46 views

CVE-2026-14969 389-ds-base: 389-ds-base: static initialization vector in aes-cbc/3des-cbc attribute encryption

A flaw was found in 389-ds-base where the LDBM backend attribute encryption uses a hardcoded static initialization vector for AES-CBC and 3DES-CBC operations, allowing an attacker with privileged filesystem access to detect plaintext equality across encrypted entries by comparing ciphertext block...

4.4CVSS0.00077EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/07 3:48 p.m.7 views

EUVD-2026-42052

A flaw was found in 389-ds-base where the LDBM backend attribute encryption uses a hardcoded static initialization vector for AES-CBC and 3DES-CBC operations, allowing an attacker with privileged filesystem access to detect plaintext equality across encrypted entries by comparing ciphertext block...

4.4CVSS5.9AI score0.00077EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/07/06 1:3 p.m.10 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS7.2AI score0.00728EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.6 views

PT-2026-56040

Name of the Vulnerable Software and Affected Versions Minosoft affected versions supporting Minecraft protocol 1.7 and later Description The CryptManager encryption routine in CryptManager.kt initializes its AES cipher using an initialization vector IV that is set equal to the secret key instead ...

5CVSS6.1AI score0.00111EPSS
Exploits0References7
OSV
OSV
added 2026/07/05 4:22 a.m.6 views

ROOT-OS-DEBIAN-12-CVE-2026-53215 CVE-2026-53215 in rootio-linux - Patched by Root

Root has patched CVE-2026-53215 in the rootio-linux package for Root:Debian:12. Multiple fixed versions available...

9.8CVSS5.8AI score0.00546EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/07/04 1:25 p.m.8 views

CVE-2026-14534

Trail of Bits fickling versions up to and including 0.1.10 do not include the Python standard library modules posixsubprocess, site, and atexit in the UNSAFEIMPORTS denylist fickle.py. Because these modules are absent from the denylist, fickling's checksafety function returns LIKELYSAFE with zero...

8.8CVSS5.8AI score0.00342EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/07/03 11:16 a.m.9 views

CVE-2026-50238

Rejected reason: Red Hat Product Security has concluded that this CVE is not required. The reported issue has been classified as a regular bug and will be addressed through the standard bug-fixing process...

5.8AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/07/01 5:32 p.m.4 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS7.3AI score0.00728EPSS
Exploits0References8
OSV
OSV
added 2026/07/01 12:3 p.m.4 views

RLSA-2026:33226 Moderate: glibc security, bug fix, and enhancement update

The glibc packages provide the standard C libraries libc, POSIX thread libraries libpthread, standard math libraries libm, and the name service cache daemon nscd used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fixes: glibc:...

5CVSS5.9AI score0.00451EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2026/07/01 11:48 a.m.11 views

crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building

A flaw was found in the Go standard library packages crypto/x509 and crypto/tls. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being...

7.5CVSS7.1AI score0.00615EPSS
Exploits0References8
Rows per page
Query Builder