Lucene search
+L

168 matches found

CVE
CVE
added 4 days ago8 views

CVE-2026-55144

The CVE-2026-55144 vulnerability concerns Windows Cryptography API: Next Generation (CNG). The issue is a missing cryptographic step in the Windows CryptoAPI that could allow an authorized, local attacker to tamper data, with impact to confidentiality and integrity (CVSSv3.1: Local attack, Low sk...

7.1CVSS6AI score0.00168EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 10:53 p.m.11 views

EUVD-2026-39488

pnpm Has an Integrity Check Bypass via Missing Lockfile Integrity Field...

6.8CVSS5.8AI score0.00126EPSS
Exploits1References2
OSV
OSV
added 2026/06/25 4:48 p.m.3 views

CVE-2026-50021 pnpm: Integrity Check Bypass via Missing Lockfile Integrity Field

pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm's tarball extraction worker skips integrity verification when the integrity field is absent from the lockfile resolution. If an attacker can both modify pnpm-lock.yaml to remove the integrity: field and cause the referenced registry URL...

6.8CVSS6AI score0.00126EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/06/24 11:53 a.m.4 views

CVE-2026-56269

Flowise before 3.1.0 npm package flowise, versions 3.0.13 and earlier uses a weak hardcoded default value 'Secre$t' for the TOKENHASHSECRET environment variable in packages/server/src/enterprise/utils/tempTokenUtils.ts when the variable is not configured. This secret derives the AES-256-CBC key...

4.6CVSS5.8AI score0.00093EPSS
Exploits0References3
OSV
OSV
added 2026/06/24 11:53 a.m.4 views

CVE-2026-56269 Flowise - Weak Default Token Hash Secret in JWT Token Encryption

Flowise before 3.1.0 npm package flowise, versions 3.0.13 and earlier uses a weak hardcoded default value 'Secre$t' for the TOKENHASHSECRET environment variable in packages/server/src/enterprise/utils/tempTokenUtils.ts when the variable is not configured. This secret derives the AES-256-CBC key...

4.2CVSS6.2AI score0.00093EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/24 11:53 a.m.4 views

CVE-2026-56237

Capgo before 12.128.2 contains a broken authentication vulnerability in its API key generation mechanism. API keys are exposed in frontend requests, and the backend fails to validate that keys are securely generated and bound to the authenticated user. An attacker can tamper with the API key...

9.3CVSS6AI score0.00293EPSS
Exploits0References3
OSV
OSV
added 2026/06/16 5:16 p.m.6 views

DEBIAN-CVE-2026-12003

To allow builds of Python to be run from an in-tree layout rather than an installed file layout, the VPATH variable is defined at build time and used to locate certain landmarks - specifically, Modules/setup.local. When this landmark is found relative to VPATH relative to the executable, Python...

5.3CVSS5.3AI score0.00136EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/09 12:20 a.m.17 views

CVE-2026-44748

SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered identity information leading to unauthorized access to...

9.9CVSS5.5AI score0.00231EPSS
Exploits0References3
Amazon
Amazon
added 2026/06/08 12:0 a.m.11 views

Important: nvlink5

Issue Overview: NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel driver, where a user could cause an incorrect permission assignment for a critical resource. A successful exploit of this vulnerability might lead to data tampering and denial of service...

8.8CVSS6AI score0.00206EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:40 p.m.11 views

CVE-2026-25107

ELECOM wireless LAN access point devices use a hard-coded cryptographic key when creating backups of configuration files. An attacker who knows the encryption key can tamper the configuration file of the product, and a victim administrator may be tricked to use a crafted configuration file...

6.9CVSS6.8AI score0.00124EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:12 p.m.11 views

CVE-2026-39942

Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, the PATCH /files/id endpoint accepts a user-controlled filenamedisk parameter. By setting this value to match the storage path of another user's file, an attacker can overwrite that file's content...

8.8CVSS5.6AI score0.00204EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/20 3:30 p.m.17 views

RTK improperly trusts project-local filter configuration, allowing silent tampering of command output shown to LLM

RTK Rust Token Killer improperly trusts project-local configuration files. In versions prior to 0.32.0, RTK automatically loads .rtk/filters.toml from the working directory with highest priority and without user notification. An attacker can place a malicious filter file in a repository to apply...

6.9CVSS5.8AI score0.00078EPSS
Exploits0References4Affected Software1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: virt/coco/sev-guest: Double-buffer messages The encryption algorithms read from and write to shared, unencrypted memory directly. This may lead to the leakage of information, as well as allowing the host to tamper with the...

5.2AI score0.00108EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in krb5

A vulnerability in the MIT Kerberos implementation allows for GSSAPI-protected messages that use RC4-HMAC-MD5 to be spoofed, due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption methods, an attacker could exploit MD5 collisions to forge message integrity code...

5.9CVSS6.6AI score0.00331EPSS
Exploits0References2
OSV
OSV
added 2026/05/14 6:46 p.m.3 views

CVE-2026-44633 Live Helper Chat: REST API chat update accepts arbitrary chat fields across department boundaries

Live Helper Chat is an open-source application that enables live support websites. In 4.84v, the Live Helper Chat REST API chat update endpoint allows a REST user with lhchat/use to update a chat in a department they cannot read. The endpoint accepts arbitrary chat object fields, so the user can...

8.1CVSS6.1AI score0.0027EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/13 12:1 p.m.10 views

CVE-2026-25107

ELECOM wireless LAN access point devices use a hard-coded cryptographic key when creating backups of configuration files. An attacker who knows the encryption key can tamper the configuration file of the product, and a victim administrator may be tricked to use a crafted configuration file...

6.9CVSS6.6AI score0.00124EPSS
Exploits0References2
NVD
NVD
added 2026/05/12 6:16 a.m.19 views

CVE-2026-41872

"Kura Sushi Official App" provided by EPG, Inc. is vulnerable to improper certificate validation. A man-in-the-middle attack may allow eavesdropping on, or altering, the communication on push notifications between the affected application and the relevant server...

9.1CVSS0.0016EPSS
Exploits0References3
Redos
Redos
added 2026/05/05 12:0 a.m.10 views

ROS-20260505-73-0046

A vulnerability in the urllib.request.DataHandler component of the Python programming language interpreter is related to the failure to take measures to neutralize CRLF sequences. Exploitation of the vulnerability may allow a remote attacker to affect the integrity of protected information...

6CVSS7.3AI score0.0048EPSS
Exploits0
Elastic
Elastic
added 2026/04/28 9:11 p.m.10 views

Elastic Package Registry 1.38.0 Security Update (ESA-2026-27)

Improper Verification of Cryptographic Signature in Elastic Package Registry Leading to Package Integrity Bypass Improper Verification of Cryptographic Signature CWE-347 in Elastic Package Registry could allow an attacker positioned to intercept network traffic, or to otherwise influence the...

5.9CVSS5.3AI score0.00124EPSS
Exploits0
Snyk
Snyk
added 2026/04/28 8:18 p.m.4 views

Authorization Bypass Through User-Controlled Key

Overview nvflare is a Federated Learning Application Runtime Environment Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the user management and authentication process. An attacker can gain unauthorized access, escalate privileges, tamper...

9.8CVSS5.7AI score0.00573EPSS
Exploits0References2
Rows per page
Query Builder