Lucene search
K

86 matches found

EUVD
EUVD
added 2026/06/25 9:31 a.m.6 views

EUVD-2026-39331

A vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from 2.6.0 through 2.15.0. Users are recommended to upgrade to version 2.16.0, which fixes the issue...

6.4CVSS5.8AI score0.00349EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Python-Django

A issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters are vulnerable to a denial-of-service attack due to very large inputs containing a specific sequence of characters...

7.5CVSS6.6AI score0.01258EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:20 p.m.10 views

CVE-2026-39546

Subscriber Privilege Escalation in MultiLoca = 4.2.15 versions...

7.6CVSS0.00288EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 10:54 a.m.9 views

CVE-2026-46969

Vulnerability in the Oracle Financials for EMEA product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Financials...

7.2CVSS0.00453EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 10:54 a.m.6 views

CVE-2026-46916

Vulnerability in the Oracle Process Manufacturing Product Development product of Oracle E-Business Suite component: Quality Management Specs. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...

8.8CVSS0.00301EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.17 views

PT-2026-50041

Name of the Vulnerable Software and Affected Versions Oracle E-Business Suite Oracle Cost Management versions 12.2.3 through 12.2.15 Description An issue exists in the Cost Planning component of the Oracle Cost Management product. A high privileged attacker with network access via HTTP can exploi...

7.2CVSS5.8AI score0.00453EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.19 views

PT-2026-50062

Name of the Vulnerable Software and Affected Versions Oracle E-Business Suite Oracle Universal Work Queue versions 12.2.3 through 12.2.15 Description An issue exists in the Work Provider Site Level Administration component of the Oracle Universal Work Queue. A low privileged attacker with network...

9.9CVSS5.9AI score0.00402EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/16 12:0 a.m.7 views

Alibaba Cloud Linux 3 : 0157: libyang (ALINUX3-SA-2026:0157)

The remote Alibaba Cloud Linux 3 host has a package installed that is affected by a vulnerability as referenced in the ALINUX3-SA-2026:0157 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-44673: libyang is a YANG data modeling...

7.5CVSS5.8AI score0.00428EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/12 2:6 p.m.8 views

EUVD-2026-36435

Netty is a network application framework for development of protocol servers and clients. NoQuicTokenHandler is the tokenHandler used when the application does not set one. Prior to version 4.2.15.Final, its writeToken returns false server will not send Retry — acceptable, but validateToken...

7.5CVSS5.2AI score0.00143EPSS
Exploits0References2
OSV
OSV
added 2026/06/05 8:17 p.m.9 views

UBUNTU-CVE-2026-45300

The AsyncHttpClient AHC library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. Versions on the 2.x branch prior to 2.15.0 and the 3.x branch prior to 3.0.10 leak Cookie headers to cross-origin redirect targets. When following a redirect to a...

7.4CVSS5.5AI score0.00322EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:15 p.m.9 views

CVE-2026-46837

Vulnerability in the Oracle Flow Manufacturing product of Oracle E-Business Suite component: Security. Supported versions that are affected are 12.2.9-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via SQL to compromise Oracle Flow Manufacturing...

8.8CVSS5.6AI score0.00268EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:15 p.m.12 views

CVE-2026-46822

Vulnerability in the Oracle iAssets product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle iAssets. While the...

9.9CVSS5.4AI score0.00283EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/03 4:25 p.m.12 views

Incomplete Comparison with Missing Factors

Overview Affected versions of this package are vulnerable to Incomplete Comparison with Missing Factors in the hasvaryheader function. An attacker can gain access to cached responses intended for other users by sending requests with whitespace-padded Vary header values. Remediation Upgrade django...

5.9CVSS5.4AI score0.00354EPSS
Exploits0References2
PyPA
PyPA
added 2026/06/03 2:16 p.m.18 views

PYSEC-2026-197

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6.django.middleware.cache.UpdateCacheMiddleware in Django does not add Authorization to the Vary response header for requests bearing that header without Cache-Control: public, which allows remote attackers to read private...

3.1CVSS5.4AI score0.00359EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/03 1:16 p.m.11 views

CVE-2026-7666

An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. django.core.mail.backends.smtp.EmailBackend in Django fails to prevent reuse of a partially-initialized connection after a failed STARTTLS handshake when failsilently=True, which allows on-path network attackers to read ema...

3.1CVSS5.8AI score0.0015EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/06/03 1:16 p.m.36 views

CVE-2026-6873

CVE-2026-6873 affects Django 6.0 before 6.0.6 and 5.2 before 5.2.15. The issue is a non-injective salt derivation in django.http.HttpRequest.get_signed_cookie that concatenates the cookie name and salt argument, enabling a remote attacker to use a signed cookie in a context different from where i...

4.3CVSS5.8AI score0.00245EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.15 views

PT-2026-45944

Name of the Vulnerable Software and Affected Versions Django versions prior to 5.2.15 Django versions prior to 6.0.6 Description The django.utils.cache.has vary header function does not strip leading or trailing whitespace from Vary response header values before comparison. This allows remote...

5.3CVSS5.6AI score0.00354EPSS
Exploits0References40
NVD
NVD
added 2026/05/28 9:16 p.m.19 views

CVE-2026-46837

Vulnerability in the Oracle Flow Manufacturing product of Oracle E-Business Suite component: Security. Supported versions that are affected are 12.2.9-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via SQL to compromise Oracle Flow Manufacturing...

8.8CVSS0.00268EPSS
Exploits0References1
NVD
NVD
added 2026/05/28 9:16 p.m.13 views

CVE-2026-46823

Vulnerability in the Oracle Public Sector Financials International product of Oracle E-Business Suite component: Authorization. Supported versions that are affected are 12.2.6-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Orac...

7.7CVSS0.00211EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/28 8:17 p.m.9 views

CVE-2026-46824

Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite component: Work Provider Site Level Administration. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromi...

9.9CVSS5.8AI score0.00264EPSS
Exploits0Affected Software1
Rows per page
Query Builder