Lucene search
K

15244 matches found

NVD
NVD
added 2026/06/25 9:16 p.m.9 views

CVE-2026-56445

The qrscp application's C-STORE handler uses a specific instance from attacker-supplied DICOM datasets directly in os.path.join without sanitization, allowing file writes to arbitrary paths...

9.1CVSS0.00434EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/25 8:46 p.m.6 views

CVE-2026-56445

The qrscp application's C-STORE handler uses a specific instance from attacker-supplied DICOM datasets directly in os.path.join without sanitization, allowing file writes to arbitrary paths...

9.1CVSS6AI score0.00434EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/06/25 7:30 p.m.6 views

EUVD-2026-39544

Chain intermediate CA:TRUE without keyCertSign accepted as a signing CA. Intermediate CA certificates are required to have the keyCertSign key usage when a Key Usage extension is present, but chain-supplied temporary CAs WOLFSSLTEMPCA added while building a certificate path were previously exempt...

6.3CVSS5.9AI score0.00118EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/25 4:35 p.m.30 views

CVE-2026-6094 Heap buffer overread in wc_PKCS7_DecodeEnvelopedData parsing crafted PKCS7 EnvelopedData

Heap buffer overread in wcPKCS7DecodeEnvelopedData when parsing crafted PKCS7 EnvelopedData. This could theoretically be triggered by attacker-supplied data delivered via S/MIME or CMS...

6.3CVSS0.00294EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.8 views

PT-2026-52583

Name of the Vulnerable Software and Affected Versions qrscp affected versions not specified Description The C-STORE handler in the qrscp application fails to sanitize specific instances within attacker-supplied DICOM Digital Imaging and Communications in Medicine datasets. These unsanitized value...

9.1CVSS5.9AI score0.00434EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.25 views

PT-2026-52511

Name of the Vulnerable Software and Affected Versions wolfSSL affected versions not specified Description A trust-chain bypass exists in the OpenSSL compatibility certificate verifier function wolfSSL X509 verify cert. This issue occurs in builds configured with --enable-opensslextra when an...

8.2CVSS5.8AI score0.00145EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/24 1:20 p.m.5 views

CVE-2026-57305

A cross-site request forgery CSRF vulnerability in Jenkins Assembla Plugin 1.4 and earlier allows attackers to connect to an attacker-specified URL using an attacker-specified username and password...

5.4CVSS5.8AI score0.00128EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/24 1:20 p.m.6 views

CVE-2026-57298

A cross-site request forgery CSRF vulnerability in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allows attackers to have Jenkins connect to an attacker-specified URL using an attacker-specified username, API key, and service key...

5.4CVSS5.8AI score0.00101EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 1:20 p.m.10 views

CVE-2026-57297

CVE-2026-57297 affects Jenkins via the Contrast Continuous Application Security Plugin (3.11 and earlier). The issue is a missing permission check that lets attackers with Overall/Read access cause a connection to an attacker‑specified URL using attacker‑provided credentials (username, API key, s...

5.4CVSS5.8AI score0.00167EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 1:20 p.m.5 views

CVE-2026-57295

A cross-site request forgery CSRF vulnerability in Jenkins EC2 Fleet Plugin 4.2.3.539.v8fedff2a81c3 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing AWS credentials stored in Jenkins...

5.4CVSS5.8AI score0.00128EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/24 1:20 p.m.5 views

CVE-2026-57292

A cross-site request forgery CSRF vulnerability in Jenkins Gitee Plugin 1288.v18bdebc9069b and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method...

5.4CVSS5.8AI score0.00101EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.17 views

PT-2026-51668

Name of the Vulnerable Software and Affected Versions Post Duplicator versions prior to 3.0.15 Description Users with Contributor-level access and above can perform a PHP Object Injection. This occurs because the plugin fails to safely handle custom meta-data during post duplication, storing...

7.2CVSS5.8AI score0.003EPSS
Exploits0References6
Jenkins Security Advisories
Jenkins Security Advisories
added 2026/06/24 12:0 a.m.6 views

CSRF vulnerability and missing permission check in contrast-continuous-application-security

contrast-continuous-application-security 3.11 and earlier does not perform a permission check in an HTTP endpoint that tests the connection to a Contrast TeamServer. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using an attacker-specified username, AP...

5.4CVSS5.8AI score0.00167EPSS
Exploits0Affected Software1
SUSE CVE
SUSE CVE
added 2026/06/23 2:19 a.m.6 views

SUSE CVE-2026-56211

A remote code execution vulnerability was found in libaom, the reference AV1 codec implementation. Insufficient bounds validation in the AV1 encoder's SVC Scalable Video Coding layer ID control allows an attacker to supply crafted video frame pixels that overlap with internal encoder layer contex...

7.5CVSS6.7AI score0.00414EPSS
Exploits0References4
NVD
NVD
added 2026/06/22 12:16 p.m.22 views

CVE-2026-56422

Multiple MISP core controllers and model capture paths accepted client-controlled request fields such as primary keys id and ownership/scope foreign keys eventid, orgid, userid, sharinggroupid, galaxyclusteruuid, organisationuuid, and related nested object identifiers without consistently...

9.4CVSS0.00362EPSS
Exploits0References16
ATTACKERKB
ATTACKERKB
added 2026/06/22 11:43 a.m.5 views

CVE-2026-56422

Multiple MISP core controllers and model capture paths accepted client-controlled request fields such as primary keys id and ownership/scope foreign keys eventid, orgid, userid, sharinggroupid, galaxyclusteruuid, organisationuuid, and related nested object identifiers without consistently...

9.4CVSS6AI score0.00362EPSS
Exploits0References17
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.11 views

Amazon Linux 2023 : perl-IO-Compress, perl-IO-Compress-tests (ALAS2023-2026-1825)

"It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1825 advisory. IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaustion via per-byte read loop in fastForward. fastForward compares length $offset the digit count of the offset, 1 to 19...

7.8CVSS5.9AI score0.00373EPSS
Exploits3References8
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.13 views

PT-2026-51293

Name of the Vulnerable Software and Affected Versions MISP affected versions not specified Description Multiple core controllers and model capture paths accept client-controlled request fields, including primary keys id and ownership or scope foreign keys such as event id, org id, user id, sharin...

9.4CVSS6AI score0.00362EPSS
Exploits0References21
CVE
CVE
added 2026/06/19 4:28 p.m.25 views

CVE-2026-56211

CVE-2026-56211 concerns libaom, the reference AV1 codec. The vulnerability stems from insufficient bounds validation in the AV1 encoder’s SVC layer ID control, enabling an attacker-provided frame to overlap internal encoder layer context structures. In fork-based video processing services, this c...

7.1CVSS6.7AI score0.00414EPSS
Exploits0References6
Snyk
Snyk
added 2026/06/18 1:1 p.m.4 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the processing of user-supplied URLs in outgoing HTTP components, including notification channels, OIDC backchannel logout, and SAML metadata fetches. An attacker can access internal network resources...

4.2CVSS6AI score0.00252EPSS
Exploits0References2
Rows per page
Query Builder