Lucene search
K

858914 matches found

Packet Storm News
Packet Storm News
added 2026/12/29 12:0 a.m.255 views

GNUnet P2P Framework 0.26.2

GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP IPv4 and IPv6, TCP IPv4 and IPv6, HTTP, o...

6.8AI score
Exploits0
Ivanti
Ivanti
added 2026/12/05 2:0 p.m.23 views

Security Advisory - Ivanti Xtraction (CVE-2026-8043)

Summary Ivanti has released an update for Ivanti Xtraction which addresses one Critical severity vulnerability. Successful exploitation could lead to sensitive information disclosure and client-side attacks. We are not aware of any customers being exploited by this vulnerability at the time of...

9.6CVSS5.9AI score0.00869EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 31 minutes ago1 views

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by an arbitrary file read vulnerability (CVE-2026-11806)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by an arbitrary file read vulnerability with the restConnector-2.0 feature enabled. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

7.5CVSS6AI score0.00472EPSS
Exploits0Affected Software1
NVD
NVD
added 46 minutes ago1 views

CVE-2026-48950

Lack of escaping leads to an XSS vulnerability in the file management view of comtemplates...

8.4CVSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 49 minutes ago1 views

Security Bulletin: IBM watsonx.data integration has several vulnerabilities due to open source software

Summary Open source packages are used as part of the overall processing in IBM watsonx.data integration. Vulnerability Details CVEID:CVE-2026-33814 DESCRIPTION: When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a...

9.8CVSS6.5AI score0.00781EPSS
Exploits0Affected Software1
GithubExploit
GithubExploit
added 51 minutes ago3 views

Exploit for CVE-2026-36214

CVE-2026-36214 - Stored Cross-Site Scripting XSS in osTicket...

6.2AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 52 minutes ago1 views

Security Bulletin: Security Vulnerabilities affect IBM Voice Gateway

Summary Security Vulnerabilities affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-48779 DESCRIPTION: ws is an open source WebSocket client and server for Node.js. All versions from 1.1.0 up to but not including 5.2.5, from 6.0.0 up to 6.2.4,...

10CVSS6AI score0.00782EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 1 hour ago2 views

Security Bulletin: Multiple Vulnerabilities in IBM API Connect

Summary Multiple vulnerabilities were addressed in IBM API Connect version v12.1.1.0 Vulnerability Details CVEID:CVE-2016-1000027 DESCRIPTION: Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution RCE issue if used for Java deserialization of untrusted data...

9.8CVSS7.5AI score0.51547EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 1 hour ago1 views

Security Bulletin: Multiple Vulnerabilities in IBM API Connect

Summary Multiple vulnerabilities were addressed in IBM API Connect version v10.0.8.10 Vulnerability Details CVEID:CVE-2026-33244 DESCRIPTION: React Router is a router for React. In versions 7.5.1 through 7.13.1, when using Framework Mode with pre-rendering enabled, improper neutralization of the...

8.1CVSS7.1AI score0.00838EPSS
Exploits3Affected Software1
Vulnrichment
Vulnrichment
added 2 hours ago3 views

CVE-2026-48950 Joomla! Core - [20260704] - XSS in com_templates

Lack of escaping leads to an XSS vulnerability in the file management view of comtemplates...

8.4CVSS5.9AI score
Exploits0References1
Cvelist
Cvelist
added 2 hours ago4 views

CVE-2026-48950 Joomla! Core - [20260704] - XSS in com_templates

Lack of escaping leads to an XSS vulnerability in the file management view of comtemplates...

8.4CVSS
Exploits0References1
EUVD
EUVD
added 2 hours ago5 views

EUVD-2026-42067

Lack of escaping leads to an XSS vulnerability in the file management view of comtemplates...

8.4CVSS5.9AI score
Exploits0References1
CVE
CVE
added 2 hours ago5 views

CVE-2026-48950

Lack of escaping leads to an XSS vulnerability in the file management view of comtemplates...

8.4CVSS5.9AI score
Exploits0References1
NVD
NVD
added 2 hours ago4 views

CVE-2026-23698

Vtiger CRM through 8.4.0 contains an authenticated remote code execution vulnerability in the admin module import feature that allows administrator-level attackers to upload arbitrary PHP files by submitting a crafted zip archive through the ModuleManager import function, which extracts contents...

8.6CVSS
Exploits1References3
NVD
NVD
added 2 hours ago4 views

CVE-2026-14904

AWS Research and Engineering Studio RES is an open-source solution that enables researchers and engineers to create and manage secure virtual desktops and computing resources on AWS. Improper link resolution before file access issue CWE-59 in the Auth.GetUserPrivateKey API. An authenticated remot...

7.1CVSS
Exploits0References2
NVD
NVD
added 2 hours ago3 views

CVE-2026-23697

Vtiger CRM before 8.4.0 contains an authenticated file upload vulnerability that allows low-privileged users to achieve remote code execution by uploading a .phar file containing arbitrary PHP code through the Documents module, bypassing the extension denylist in config.inc.php which omits the...

8.8CVSS
Exploits1References3
RedHat Linux
RedHat Linux
added 3 hours ago3 views

Important: Red Hat Security Advisory: python3.14-pip security update

An update for python3.14-pip is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

8CVSS7.3AI score0.0032EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 3 hours ago3 views

python-pip: Path traversal via malicious entry point name in pip wheel installation allows arbitrary file overwrite

A flaw was found in pip, the package installer for Python. A remote attacker can exploit this vulnerability by tricking a victim into installing a malicious Python wheel. This wheel contains specially crafted entry-point names that use directory traversal or absolute paths. This allows pip to wri...

8CVSS7.4AI score0.0032EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 3 hours ago4 views

Open WebUI vulnerable to Stored XSS via iFrame in citations model

Summary Manually modifying chat history allows setting the html property within document metadata. This causes the frontend to enter a code path that treats document contents as HTML, and render them in an iFrame when the citation is previewed. This allows stored XSS via a weaponised document...

7.3CVSS6.1AI score0.00194EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 3 hours ago3 views

Open WebUI vulnerable to stored XSS via unescaped markdown token in MarkdownTokens.svelte leading to full account takeover and RCE via functions

Summary A vulnerability in the way certain html tags in chat messages are rendered allows attackers to inject JavaScript code into a chat transcript. The JavaScript code will be executed in the user's browser every time that chat transcript is opened, allowing attackers to retrieve the user's...

6.4CVSS6.4AI score0.00434EPSS
Exploits1References6Affected Software1
Rows per page
Query Builder