Lucene search
+L

1147 matches found

RedHat Linux
RedHat Linux
added 3 days ago5 views

Important: Red Hat Security Advisory: RHTAS 1.3.6 - Red Hat Trusted Artifact Signer Release

The 1.3.6 release of Red Hat Trusted Artifact Signer OpenShift Operator. For more details please visit the product documentation at https://access.redhat.com/documentation/en-us/redhattrustedartifactsigner/1.3 The RHTAS Operator can be used with OpenShift Container Platform 4.16, 4.17, 4.18, 4.19...

7.4CVSS6.1AI score0.00394EPSS
Exploits1References4
OSV
OSV
added 4 days ago5 views

CVE-2026-55445 Qinglong: Incomplete fix for CVE-2026-3965: Improper Authentication

Qinglong is a timed task management platform supporting Python3, JavaScript, Shell, and Typescript. Prior to 2.20.1, the init guard middleware in back/loaders/express.ts checks /api/user/init but not /open/user/init, while rewrite'/open/', '/api/$1' rewrites the whitelisted /open/ path after JWT...

9.3CVSS6.1AI score0.00404EPSS
Exploits0References5
Cvelist
Cvelist
added 4 days ago28 views

CVE-2026-48799 Postiz: Unauthenticated arbitrary lifetime PRO grant via Nowpayments webhook

Postiz is an AI social media scheduling tool. Prior to 2.21.8, Postiz fails to verify Nowpayments IPN callback authenticity against the payment provider shared secret and reads the target subscription identifier from the untrusted request body, allowing a low-privileged account to grant arbitrary...

7.7CVSS0.00164EPSS
Exploits0References4
Microsoft Security Update
Microsoft Security Update
added 5 days ago81 views

2026-07 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5099540)

2026-07 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems KB5099540...

6.1AI score
Exploits0
Microsoft KB
Microsoft KB
added 5 days ago7 views

July 14, 2026-KB5101006 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 Version 21H2 and Windows 10 Version 22H2

None None...

8.1CVSS7AI score0.01579EPSS
Exploits0
OSV
OSV
added 5 days ago3 views

ROOT-OS-UBUNTU-2204-CVE-2021-47658 CVE-2021-47658 in rootio-linux - Patched by Root

Root has patched CVE-2021-47658 in the rootio-linux package for Root:Ubuntu:22.04. Multiple fixed versions available...

5.5CVSS5.8AI score0.00193EPSS
Exploits0
Cvelist
Cvelist
added 6 days ago31 views

CVE-2026-39042

An issue in MikroTIk SIA Mikrotikls, Latvia RouterOS 7.21.x before v.7.21.4 and 7.22.x before v.7.22.2 allows a remote attacker to cause a denial of service via the unflatten function in libumsg.so...

0.00409EPSS
Exploits0References2
CVE
CVE
added 2026/07/06 8:13 a.m.17 views

CVE-2026-55993

CVE-2026-55993 : Apache Camel Atmosphere Websocket Component contains an SSRF/Information Disclosure issue via improper input validation. The camel-atmosphere-websocket consumer maps inbound WebSocket query parameters into the Camel Exchange header map without a HeaderFilterStrategy, allowing ext...

7.5CVSS6AI score0.00536EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/07/06 6:26 a.m.4 views

OESA-2026-2810 radvd security update

The router advertisement daemon radvd is run by Linux or BSD systems acting as IPv6 routers. It sends Router Advertisement messages, specified by RFC 2461, to a local Ethernet LAN periodically and when requested by a node sending a Router Solicitation message. These messages are required for IPv6...

8.8CVSS6.2AI score0.00203EPSS
Exploits0References2
Circl
Circl
added 2026/07/05 7:7 p.m.10 views

CVE-2021-4447

creationtimestamp| type| source ---|---|--- 2026-07-05 19:07:09+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mpwbilun7q2i...

8.8CVSS5.9AI score0.00444EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/02 4:15 p.m.8 views

EUVD-2026-41416

Craft CMS is a content management system CMS. Versions 5.0.0-RC1 and above, prior to 5.9.21 and versions 4.0.0-RC1 and above prior to 4.17.14 contain an authorization issue where a forced folder move can delete a conflicting destination folder without destination delete permission. Function...

7.1CVSS5.7AI score0.00207EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/02 4:2 p.m.8 views

EUVD-2026-41409

Craft CMS is a content management system CMS. Versions 5.7.0 and above, prior to 5.9.21 contain a mass-assignment flaw in the bulk-duplicate element action. An attacker who is only able to duplicate their own entires can submit an arbitrary id through the newAttributes request parameter. The...

7.1CVSS5.9AI score0.00253EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.25 views

PT-2026-55266

Name of the Vulnerable Software and Affected Versions Craft CMS versions 5.0.0-RC1 through 5.9.20 Craft CMS versions 4.0.0-RC1 through 4.17.13 Description An authorization issue exists where a forced folder move can delete a conflicting destination folder even if the user lacks the required...

7.1CVSS6AI score0.00207EPSS
Exploits0References7
OSV
OSV
added 2026/07/01 11:43 p.m.5 views

CVE-2026-50280 Craft CMS: Authorization bypass in `entries/move-to-section` via missing target-section save check

Craft CMS is a content management system CMS. In versions 5.0.0-RC1 and above prior to 5.9.21, the EntriesController::actionMoveToSection endpoint gates the destination section only by viewEntries:$section-uid rather than requiring saveEntries permission the source entry is separately checked via...

6CVSS5.9AI score0.00273EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.10 views

PT-2026-54929

Name of the Vulnerable Software and Affected Versions FatFs versions R0.16 and earlier Description A stack-based buffer overflow occurs in the f getlabel function. This issue arises because the exFAT label length XDIR NumLabel is trusted without enforcing the maximum limits defined by the...

7.6CVSS6.4AI score0.00232EPSS
Exploits2References8
OSV
OSV
added 2026/06/30 11:39 p.m.5 views

BIT-GHOST-2026-53944 Ghost: Private IP filtering bypass to make server-side requests to internal services

Ghost is a Node.js content management system. From 6.0.9 until 6.21.1, when making an external request, it is possible to bypass the IP filter that ensures the request isn't going to an internal service using an IPv6 literal which maps to a private IPv4 address. This vulnerability is fixed in...

5.8CVSS5.8AI score0.00197EPSS
Exploits0References2
CVE
CVE
added 2026/06/29 12:0 a.m.16 views

CVE-2026-31016

CVE-2026-31016 is a Cross Site Request Forgery vulnerability affecting Squidex.io Squidex CMS up to version 7.21.0 (and earlier). The issue enables a remote attacker to escalate privileges via the IdentityServer account profile endpoint. The vulnerability is documented with a CVSS v3.1 base score...

6.5CVSS5.8AI score0.00186EPSS
Exploits0References4
CVE
CVE
added 2026/06/26 3:39 p.m.26 views

CVE-2026-9639

CVE-2026-9639 describes a nil-pointer dereference in LXD’s CreateCustomVolumeFromBackup. On Linux, affected versions are up to 6.8 and 5.21. An authenticated user with the ability to can_create_storage_volumes can trigger a denial of service by supplying a specially crafted custom-volume backup t...

6.5CVSS5.7AI score0.00389EPSS
Exploits1References3Affected Software1
Circl
Circl
added 2026/06/26 2:45 a.m.7 views

CVE-2021-47986

creationtimestamp| type| source ---|---|--- 2026-06-26 02:45:21+00:00| seen| https://bsky.app/profile/postac001.bsky.social/post/3mp5wgrp3qi2r...

7.7CVSS5.8AI score0.0012EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.11 views

PT-2026-52843

Name of the Vulnerable Software and Affected Versions LXD versions prior to 6.9 LXD version 5.21 Description A nil-pointer dereference occurs in the CreateCustomVolumeFromBackup function when processing a specially crafted custom-volume backup tarball that omits the expires at snapshot field. An...

6.5CVSS6AI score0.00389EPSS
Exploits1References5
Rows per page
Query Builder