Lucene search
K

114 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/21 12:0 a.m.5 views

Fedora 44 : kubernetes1.33 (2026-da02662d41)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-da02662d41 advisory. - Update to release 1.33.13 - Resolves: rhbz2467604 - Upstream fix Tenable has extracted the preceding description block directly from the Fedora security...

8.7CVSS5.9AI score0.00656EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in glibc

The mqnotify function in the GNU C Library also known as glibc versions 2.32 and 2.33 has a use-after-free vulnerability. It may access the notification thread attributes object passed through its struct sigevent parameter after it has been freed by the caller, resulting in a denial of service...

9.8CVSS6.7AI score0.02898EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.6 views

Fedora 45 : kubernetes1.33 (2026-05251d4863)

The remote Fedora 45 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-05251d4863 advisory. Automatic update for kubernetes1.33-1.33.13-1.fc45. Changelog Fri Jun 12 2026 Bradley G Smith - 1.33.13-1 - Update to release 1.33.13 - Resolves: rhbz2467604...

8.7CVSS5.4AI score0.00656EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.10 views

EulerOS Virtualization 2.13.1 : python-requests (EulerOS-SA-2026-2388)

According to the versions of the python-requests packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Requests is a HTTP library. Prior to version 2.33.0, the requests.utils.extractzippedpaths utility function uses a...

5.5CVSS5.5AI score0.00182EPSS
Exploits0References2
Fedora
Fedora
added 2026/06/05 4:10 a.m.16 views

[SECURITY] Fedora 43 Update: nextcloud-33.0.4-1.fc43

NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...

9.1CVSS5.8AI score0.00586EPSS
Exploits1
Rosalinux
Rosalinux
added 2026/06/01 11:45 a.m.13 views

Advisory ROSA-SA-2026-3306

Component: PHP 7.4.33 OS: ROSA-CHROME Affected versions: = php-7.4.33-13 Affected versions: php-7.4.33-13 CVE-ID: CVE-2024-5458 BDU-ID: 2024-04846 CVE-Crit: Medium CVE-DESCRIPTION: The vulnerability in the filtervar function of the PHP interpreter involves insufficient validation of data...

5.3CVSS5.8AI score0.12117EPSS
Exploits1
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.8 views

Nextcloud Teams 安全漏洞

NextCloud Teams is an open-source team collaboration and group management tool developed by NextCloud. There were security vulnerabilities in versions of NextCloud Teams from 32.0.0 to 32.0.7, and from 33.0.0 to 33.0.1. These vulnerabilities stemmed from the absence of API-level access checks,...

2.6CVSS5.3AI score0.002EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/29 9:14 p.m.7 views

Infinite loop

Overview Affected versions of this package are vulnerable to Infinite loop through the Avro Decoder process. An attacker can exhaust CPU resources by providing a specially crafted payload with a large block-count value, causing the decoder to perform excessive iterations before propagating an...

8.7CVSS5.8AI score0.00378EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/29 7:58 p.m.10 views

EUVD-2026-33444

iskorotkov/avro is a fast Go Avro codec. Prior to 2.33.0, the Avro array and map decoders looped over an attacker-controlled block-count value without checking the underlying reader's error state inside the loop body. Reader.ReadBlockHeader returns the count as a Go int, which is 64-bit on amd64 ...

8.7CVSS5.8AI score0.00378EPSS
Exploits0References1
CVE
CVE
added 2026/05/29 7:58 p.m.28 views

CVE-2026-46385

Summary (CVE-2026-46385) iskorotkov/avro’s Go Avro decoder can trigger remote, unauthenticated CPU exhaustion by looping up to math.MaxInt64 iterations when decoding large attacker-controlled block counts, because inner loops did not check the reader’s error state after each decode. Affected: git...

8.7CVSS5.8AI score0.00378EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/14 4:48 p.m.6 views

CVE-2026-44516

Valtimo is an open-source business process automation platform. From 12.4.0 to 12.33.0 and 13.26.0, the LoggingRestClientCustomizer in the web module automatically intercepts all outgoing HTTP calls made via Spring's RestClient and logs the full request body, response body, and response headers...

7.6CVSS5.8AI score0.002EPSS
Exploits0References2Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/14 4:24 p.m.11 views

Portainer's Kubernetes middleware continues after token validation failure, bypassing endpoint authorization

Summary Portainer proxies requests to Kubernetes clusters through a middleware layer kubeClientMiddleware that validates the requesting user's token before forwarding traffic to the cluster. When security.RetrieveTokenData returned an error, the middleware wrote an HTTP 403 response but was missi...

8.1CVSS5.9AI score0.00335EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/05/13 7:17 p.m.4 views

UBUNTU-CVE-2026-42580

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's chunk size parser silently overflows int, enabling request smuggling attacks. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final...

6.5CVSS5.8AI score0.00364EPSS
Exploits1References3
NVD
NVD
added 2026/05/11 8:25 p.m.14 views

CVE-2026-42887

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.33.0, a stored cross-site scripting XSS vulnerability exists in the Login Page due to improper sanitization of the authLoginCustomMessage field of the /api/auth-settings endpoint. An attacker with administrative privileges c...

4.5CVSS0.00207EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.11 views

Unity Linux 20.1070e Security Update: mysql (UTSA-2026-017737)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017737 advisory. Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily...

4.9CVSS6.7AI score0.0278EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2026/05/08 1:48 p.m.111 views

CTT-enhanced-Dirty-Frag-exploit

CTT-enhanced-Dirty-Frag-exploit CTT Version: Dirty Frag — Univ...

10CVSS7.5AI score0.99999EPSS
Exploits43
Positive Technologies
Positive Technologies
added 2026/04/16 12:0 a.m.5 views

PT-2026-33255

In Wago Smart Designer in versions up to 2.33.1 a low privileged remote attacker may enumerate projects and usernames through iterative requests to an specific endpoint...

4.3CVSS5.8AI score0.00317EPSS
Exploits0References3
OSV
OSV
added 2026/03/13 1:7 p.m.2 views

MINI-QV48-33V3-CP6H

Bulletin has no description...

5.9CVSS5.7AI score0.0035EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/03/06 7:33 p.m.3 views

CVE-2026-30844

Wekan is an open source kanban tool built with Meteor. Versions 8.32 and 8.33 are vulnerable to Server-Side Request Forgery SSRF via attachment URL loading. During board import in Wekan, attachment URLs from user-supplied JSON data are fetched directly by the server without any URL validation or...

9.3CVSS5.8AI score0.00235EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/03/04 11:16 p.m.4 views

WordPress Media Library Assistant plugin <= 3.33 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Attachment Taxonomy Modification vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Attachment Taxonomy Modification vulnerability discovered by Muhammad Sharief in WordPress Plugin Media LIbrary Assistant versions = 3.33...

4.3CVSS5.9AI score0.00196EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder