Lucene search
K

1294 matches found

Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.14 views

PT-2026-42578

Name of the Vulnerable Software and Affected Versions Drupal 7 Term Reference Tree versions 7.x-1.x through 7.x-1.11 Description Two stored Cross-Site Scripting XSS vectors exist in the widget/formatter rendering pipeline. The first vector occurs when the Token module is enabled and token display...

5.4CVSS5.8AI score0.00172EPSS
Exploits1References6
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in mbedtls

A issue was discovered in Mbed TLS before version 2.25.0 and before versions 2.16.9 LTS and 2.7.18 LTS. A NULL algorithm parameter entry resembles an array of REAL values with a size of zero; therefore, the certificate is considered valid. However, if the parameters do not match at all, then the...

7.5CVSS7.2AI score0.0118EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerability has been resolved: powerpc/rtas: Avoid scheduling in rtasosterm. It is unsafe to use rtasbusydelay to handle a busy status from the IBM,os-term RTAS function in rtasosterm: Kernel Panic – Not Syncing: Attempted to kill init! Exitcode=0x0000000b BUG...

5.5CVSS5.9AI score0.00149EPSS
Exploits0References2
NVD
NVD
added 2026/05/19 2:16 p.m.23 views

CVE-2026-8959

Sandbox escape due to incorrect boundary conditions in the Widget: Win32 component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11...

9.6CVSS0.00417EPSS
Exploits0References5
NVD
NVD
added 2026/05/18 12:16 p.m.18 views

CVE-2026-0983

Denial-of-service condition in M-Files Server versions before 26.5.16015.0, before 26.2 LTS, and before 25.8 LTS SR3 allows an authenticated user to cause the MFserver process to crash...

7.1CVSS0.00226EPSS
Exploits0References1
Fedora
Fedora
added 2026/05/18 1:24 a.m.31 views

[SECURITY] Fedora 42 Update: coturn-4.11.0-1.fc42

The Coturn TURN Server is a VoIP media traffic NAT traversal server and gatew ay. It can be used as a general-purpose network traffic TURN server/gateway, too. This implementation also includes some extra features. Supported RFCs: TURN specs: - RFC 5766 - base TURN specs - RFC 6062 - TCP relaying...

5.8AI score
Exploits0
NVD
NVD
added 2026/05/15 5:16 p.m.13 views

CVE-2026-42207

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to 20.18.0, MageProductAlertAddController::stockAction reads the uenc query parameter and passes...

6.1CVSS0.00149EPSS
Exploits0References1
NVD
NVD
added 2026/05/15 5:16 p.m.16 views

CVE-2026-42458

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to 20.18.0, there is a reflected XSS vulnerability under admin panel - System - Import/Export -...

5.3CVSS0.00258EPSS
Exploits0References1
NVD
NVD
added 2026/05/15 5:16 p.m.14 views

CVE-2026-42155

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to 20.18.0, the XML-RPC / SOAP API session ID is generated using an outdated, time-based...

9.3CVSS0.00267EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/15 5:6 p.m.37 views

CVE-2026-42207 Magento LTS: Open Redirect via Unvalidated `uenc` Parameter in `stockAction()` - magento-lts

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to 20.18.0, MageProductAlertAddController::stockAction reads the uenc query parameter and passes...

6.1CVSS0.00149EPSS
Exploits0References1
CVE
CVE
added 2026/05/15 5:6 p.m.14 views

CVE-2026-42207

OpenMage/magento-lts before version 20.18.0 is affected by an open redirect in Mage_ProductAlert_AddController::stockAction(). If the product_id does not reference a catalog product, the handler redirects to the URL supplied in the uenc parameter without validating it via _isUrlInternal(), allowi...

6.1CVSS5.8AI score0.00149EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/15 5:6 p.m.8 views

CVE-2026-42207

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to 20.18.0, MageProductAlertAddController::stockAction reads the uenc query parameter and passes...

6.1CVSS5.8AI score0.00149EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/15 5:5 p.m.13 views

CVE-2026-42155 Magento LTS: Weak API Session ID — Predictable MD5 of Time-Derived Inputs

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to 20.18.0, the XML-RPC / SOAP API session ID is generated using an outdated, time-based...

9.3CVSS5.9AI score0.00267EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/15 5:2 p.m.9 views

EUVD-2026-30575

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to 20.18.0, there is a reflected XSS vulnerability under admin panel - System - Import/Export -...

5.3CVSS5.8AI score0.00258EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.17 views

magento-lts 安全漏洞

Magento LTS is an open-source alternative to OpenMage, and it’s a reliable substitute for the official Magento CE version. Versions of Magento LTS prior to 20.18.0 had security vulnerabilities; these vulnerabilities stemmed from reflection-type cross-site scripting vulnerabilities in the data...

5.3CVSS5.7AI score0.00258EPSS
Exploits0References1
Microsoft Secure
Microsoft Secure
added 2026/05/12 3:0 p.m.11 views

Undermining the trust boundary: Investigating a stealthy intrusion through third-party compromise

In this article 1. Abuse of trusted relationships as an attack delivery mechanism 2. Methods, tools, and access strategies 3. Campaign conclusion 4. Microsoft Defender detection and hunting guidance In recent years, many sophisticated intrusions have increasingly avoided using noisy exploits,...

6.1AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2026/05/12 3:0 p.m.11 views

Undermining the trust boundary: Investigating a stealthy intrusion through third-party compromise

In this article 1. Abuse of trusted relationships as an attack delivery mechanism 2. Methods, tools, and access strategies 3. Campaign conclusion 4. Microsoft Defender detection and hunting guidance In recent years, many sophisticated intrusions have increasingly avoided using noisy exploits,...

6.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.13 views

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS : OpenEXR vulnerabilities (USN-8259-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8259-1 advisory. Quang Luong discovered that OpenEXR incorrectly handled sample count accumulation when...

8.8CVSS6.2AI score0.00482EPSS
Exploits4References4
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.28 views

Ubuntu 24.04 LTS : Linux kernel (Xilinx) vulnerabilities (USN-8261-1)

"The remote Ubuntu 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8261-1 advisory. Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the...

9.8CVSS6.7AI score0.00812EPSS
Exploits15References609
Tenable Nessus
Tenable Nessus
added 2026/05/09 12:0 a.m.6 views

Debian dla-4575 : firefox-esr - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4575 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4575-1 [email protected]...

9.8CVSS5.9AI score0.00446EPSS
Exploits0References8
Rows per page
Query Builder