Lucene search
K

6416 matches found

Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.22 views

PT-2026-47264

A weakness has been identified in JeecgBoot up to 3.9.2. Impacted is the function HttpServletResponse.sendRedirect of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/ThirdLoginController.java of the component Third-Party Login. This manipulation of...

3.1CVSS4.6AI score0.0025EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.12 views

CVE-2025-70795

STProcessMonitor 11.11.4.0, part of the Safetica Application suite, allows an admin-privileged user to send crafted IOCTL requests to terminate processes that are protected through a third-party implementation. This is caused by insufficient caller validation in the driver's IOCTL handler, enabli...

5.5CVSS5.5AI score0.00203EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:35 p.m.11 views

CVE-2026-5223

Cargo incorrectly handled symlinks inside of crate tarballs downloaded from third-party registries, allowing a malicious crate to override the source code of another crate from the same registry. The severity of the vulnerability is medium for users of third-party registries. Users of crates.io a...

6.5CVSS5.5AI score0.00294EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.10 views

CVE-2026-9509

An unhandled exception in Suprema BioStar 2 Server, versions 2.9.8, 2.9.10, and 2.9.11, that allows an unauthenticated remote attacker to cause a denial of service DoS by sending HTTP POST requests to the ‘/api/migration’ endpoint. This request triggers a failure that halts critical processes,...

8.7CVSS5.6AI score0.00351EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:15 p.m.11 views

CVE-2026-2740

Zohocorp ManageEngine ADSelfService Plus version before 6525, DataSecurity Plus before 6264 and RecoveryManager Plus before 6313 are vulnerable to Authenticated Remote code execution in the agent machines due to the bug in the 3rd party dependency...

8.4CVSS6AI score0.01702EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/06/04 12:0 a.m.68 views

WebMCP Tool Surface Poisoning: Runtime Manipulation Attacks on LLM Agents

WebMCP is a newly emerging protocol that enables websites to expose tools directly to AI agents, bypassing traditional user interfaces and introducing new security risks. The dynamic exposure of agent-accessible tools in WebMCP expands the attack surface of web sessions, especially when third-par...

5.6AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/03 7:18 a.m.24 views

Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which is vulnerable to multiple CVEs.

Summary IBM Maximo Application Suite uses minimatch-3.0.5.tgz, OpenTelemetry Go SDK, jaraco.context, IBM WebSphere Application Server Liberty, picomatch-2.3.1.tgz, path-to-regexp-0.1.12.tgz, lodash-4.17.23.tgz, pillow-12.1.1-cp311-cp311-manylinux227x8664.manylinux228x8664.whl,...

9.8CVSS7.5AI score0.01735EPSS
Exploits7Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/02 7:8 p.m.11 views

CVE-2026-48595 Authorization header leaks to third-party origin on cross-origin redirect in Tesla.Middleware.FollowRedirects

Improper Handling of Case Sensitivity vulnerability in elixir-tesla tesla allows credential leakage to a third-party origin on cross-origin redirects. Tesla.Middleware.FollowRedirects strips security-sensitive headers on cross-origin redirects using a case-sensitive string comparison against a...

8.2CVSS5.8AI score0.00396EPSS
Exploits2References4
NVD
NVD
added 2026/06/02 5:16 p.m.15 views

CVE-2024-42206

HCL iReflection Third party vulnerable and outdated components issue was detected in the web application...

3.1CVSS0.00151EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/02 3:57 p.m.37 views

CVE-2024-42206 HCL iReflection Use of Third party vulnerable and outdated components issue was detected in the web application.

HCL iReflection Third party vulnerable and outdated components issue was detected in the web application...

3.1CVSS0.00151EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/02 3:57 p.m.10 views

CVE-2024-42206 HCL iReflection Use of Third party vulnerable and outdated components issue was detected in the web application.

HCL iReflection Third party vulnerable and outdated components issue was detected in the web application...

3.1CVSS5.8AI score0.00151EPSS
Exploits0References1
CVE
CVE
added 2026/06/02 3:57 p.m.17 views

CVE-2024-42206

Technical details are not publicly available in the provided documents. Monitor for updates on affected components, root cause, and remediation.

3.1CVSS5.8AI score0.00151EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/02 12:17 p.m.12 views

Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which is vulnerable to multiple CVEs.

Summary IBM Maximo Application Suite uses cryptography-46.0.5-cp311-abi3-manylinux234x8664.whl, axios-1.13.5.tgz, protobufjs-7.3.2.tgz and axios-1.15.0.tgz which are vulnerable to CVE-2026-34073, CVE-2026-39892, CVE-2025-62718, CVE-2026-40175, PSIRT-WS-2026-0004, CVE-2026-41242, CVE-2026-42033,...

7.5CVSS6.2AI score0.00808EPSS
Exploits8Affected Software1
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.6 views

HCL iReflection 安全漏洞

HCL iReflection is a IBM i system access and terminal emulation software developed by the Indian company HCL. HCL iReflection has a security vulnerability, which stems from the presence of third-party vulnerable and outdated components within the web application...

3.1CVSS5.3AI score0.00151EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.15 views

PT-2026-45793

HCL iReflection Third party vulnerable and outdated components issue was detected in the web application...

3.1CVSS5.8AI score0.00151EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/01 9:0 p.m.13 views

Malicious Package

Overview timmytuffknuckles3 is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/01 9:0 p.m.10 views

Malicious Package

Overview backupgenuine-updated is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generat...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/01 9:0 p.m.9 views

Malicious Package

Overview abuden218 is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate advertisin...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/01 9:0 p.m.13 views

Malicious Package

Overview ishowfeet14 is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/01 9:0 p.m.18 views

Malicious Package

Overview abuden210 is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate advertisin...

9.8CVSS5.8AI score
Exploits0References2
Rows per page
Query Builder