Lucene search
K

15243 matches found

Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.22 views

PT-2026-50704

Name of the Vulnerable Software and Affected Versions GAO Electronic Protest Docketing System EPDS affected versions not specified CBCA Electronic Docketing System EDS affected versions not specified Description The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPD...

8.8CVSS5.9AI score0.004EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2026/06/16 4:5 p.m.10 views

openCryptoki: openCryptoki: Information disclosure and Denial of Service via malformed BER-encoded cryptographic objects

A flaw was found in openCryptoki, a PKCS11 Cryptographic Token Interface Standard library. The BER/DER Basic Encoding Rules/Distinguished Encoding Rules decoding functions in the shared common library do not properly validate attacker-controlled length fields against actual buffer boundaries. Thi...

6.8CVSS5.5AI score0.0016EPSS
Exploits1References6
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.115 views

Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager - Remote Code Execution

Cisco Prime Infrastructure PI and Cisco Evolved Programmable Network EPN Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system. This vulnerability exist because the software improperly validates user-supplied input. An...

10CVSS8.5AI score0.98092EPSS
Exploits12References5
Github Security Blog
Github Security Blog
added 2026/06/12 9:2 p.m.17 views

ConnectBot SSH Client Library: Excessive allocation and integer overflow in DER private-key parsing

Summary The DER parser used for application-supplied private keys did not safely validate encoded length values before converting them to Int values or allocating arrays. A malformed private-key file could encode a length that overflowed or wrapped around, or request an allocation much larger tha...

5.4AI score
Exploits0References3Affected Software1
NVD
NVD
added 2026/06/12 8:16 p.m.13 views

CVE-2026-42851

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, a program able to write bytes to a kitty terminal — a remote SSH peer, a downloaded file viewed with cat, a log line, an email body rendered in less, an issue body in a TUI, etc. — can cause kitty to execute...

7.8CVSS0.00164EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/06/12 8:0 p.m.9 views

CVE-2026-42851 @kitty-edit DCS + --color=geninclude vulnerable to Unauthenticated in-process RCE

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, a program able to write bytes to a kitty terminal — a remote SSH peer, a downloaded file viewed with cat, a log line, an email body rendered in less, an issue body in a TUI, etc. — can cause kitty to execute...

7.8CVSS5.5AI score0.00164EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/12 7:51 p.m.12 views

EUVD-2026-36552

A mass assignment vulnerability exists in MISP’s sharing group creation endpoint. When creating a new sharing group, the controller did not remove a user-supplied id field before saving the submitted data. In CakePHP, supplying a primary key in the save data can cause a create followed by save...

8.4CVSS5.4AI score0.00226EPSS
Exploits0References1
Ubuntu
Ubuntu
added 2026/06/11 3:20 p.m.10 views

USN-8424-1: Ubuntu Kylin Software Center vulnerability

It was discovered that Ubuntu Kylin Software Center incorrectly handled user-supplied input in its D-Bus service. A local attacker could possibly use this issue to gain administrative privileges...

5.5AI score
Exploits0References1
NVD
NVD
added 2026/06/11 1:16 p.m.12 views

CVE-2026-49214

guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Versions prior to 2.10.2 did not reject ASCII control characters, whitespace, or DEL in first-party URI host components. A vulnerable flow is: First, an application accepts a user-controlled URL. Second, the URL is used to...

5.3CVSS0.00189EPSS
Exploits0References1
NVD
NVD
added 2026/06/11 9:16 a.m.15 views

CVE-2026-53901

Cerebrate before version 1.37 contains a mass-assignment vulnerability in the generic CRUD add path. The add handler attempted to remove an attacker-supplied id from $params before normalizing the request through massageInput. Because the normalized $input could still contain an id field, a user...

8.7CVSS0.00312EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 8:59 a.m.12 views

CVE-2026-7542

The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Disclosure in versions up to and including 7.0.10. This is due to three compounding design flaws: 1 the plugin leaks a valid backend AJAX nonce revslideractions to all authenticated users including Subscribers via t...

6.5CVSS5.5AI score0.00252EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 12:31 a.m.14 views

EUVD-2026-35899

Spring Data's internal property-lookup cache accepts and permanently retains attacker-supplied strings as cache keys, allowing heap exhaustion through repeated requests. Affected versions: Spring Data Commons 2.7.0 through 2.7.19; 3.3.0 through 3.3.16; 3.4.0 through 3.4.14; 3.5.0 through 3.5.11;...

7.5CVSS5.5AI score0.00363EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/09 11:48 p.m.40 views

CVE-2026-41716 Spring Data web support unbounded negative-result cache keyed on attacker-supplied property names

Spring Data's internal property-lookup cache accepts and permanently retains attacker-supplied strings as cache keys, allowing heap exhaustion through repeated requests. Affected versions: Spring Data Commons 2.7.0 through 2.7.19; 3.3.0 through 3.3.16; 3.4.0 through 3.4.14; 3.5.0 through 3.5.11;...

7.5CVSS0.00363EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 11:48 p.m.63 views

CVE-2026-41716

CVE-2026-41716 affects Spring Data Commons (versions 2.7.0–2.7.19; 3.3.0–3.3.16; 3.4.0–3.4.14; 3.5.0–3.5.11; 4.0.0–4.0.5). The issue is in Spring Data’s internal property-lookup cache, which accepts and permanently retains attacker-supplied strings as cache keys, enabling heap exhaustion through ...

7.5CVSS5.5AI score0.00363EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/09 11:48 p.m.17 views

CVE-2026-41716 Spring Data web support unbounded negative-result cache keyed on attacker-supplied property names

Spring Data's internal property-lookup cache accepts and permanently retains attacker-supplied strings as cache keys, allowing heap exhaustion through repeated requests. Affected versions: Spring Data Commons 2.7.0 through 2.7.19; 3.3.0 through 3.3.16; 3.4.0 through 3.4.14; 3.5.0 through 3.5.11;...

7.5CVSS5.4AI score0.00363EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 4:3 p.m.41 views

CVE-2026-42770 FFC-DH Peer Validation Uses Attacker-Supplied q

Issue summary: When EVPPKEYderivesetpeer is called with a DHX X9.42 peer key, the peer key is not properly checked for the subgroup membership. Impact summary: A malicious peer which presents an X9.42 key carrying the victim's p and g parameters, a forged q = r a small prime factor of the cofacto...

0.00259EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/09 4:3 p.m.11 views

CVE-2026-42770 FFC-DH Peer Validation Uses Attacker-Supplied q

Issue summary: When EVPPKEYderivesetpeer is called with a DHX X9.42 peer key, the peer key is not properly checked for the subgroup membership. Impact summary: A malicious peer which presents an X9.42 key carrying the victim's p and g parameters, a forged q = r a small prime factor of the cofacto...

5.4AI score0.00259EPSS
Exploits0References6
CVE
CVE
added 2026/06/09 4:3 p.m.62 views

CVE-2026-42770

CVE-2026-42770 affects OpenSSL FIPS modules (4.0, 3.6, 3.5, 3.4, 3.0) and related deployments using EVP_PKEY_derive_set_peer() with DHX/X9.42 keys. The vulnerability arises when the subgroup check Y^q ≡ 1 (mod p) uses the peer’s q instead of the local key’s q, allowing a malicious X9.42 peer to c...

3.7CVSS5.4AI score0.00259EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2026/06/09 5:16 a.m.23 views

CVE-2026-41007

Spring HATEOAS maintains an unbounded static cache of StringLinkRelation instances keyed on attacker-supplied strings. Affected versions: Spring HATEOAS 1.5.0 through 1.5.6; 2.3.0 through 2.3.4; 2.4.0 through 2.4.1; 2.5.0 through 2.5.2; 3.0.0 through 3.0.3...

7.5CVSS0.00299EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 4:0 a.m.42 views

CVE-2026-41007 Spring HATEOAS heap exhaustion through unbounded internal caching

Spring HATEOAS maintains an unbounded static cache of StringLinkRelation instances keyed on attacker-supplied strings. Affected versions: Spring HATEOAS 1.5.0 through 1.5.6; 2.3.0 through 2.3.4; 2.4.0 through 2.4.1; 2.5.0 through 2.5.2; 3.0.0 through 3.0.3...

7.5CVSS0.00299EPSS
Exploits0References1
Rows per page
Query Builder