Lucene search
K

5146 matches found

RedhatCVE
RedhatCVE
added 2 days ago4 views

CVE-2026-12064

A flaw was found in curl. When a user invokes curl with a schemeless URL and specifies SFTP SSH File Transfer Protocol or SCP Secure Copy Protocol as the default protocol, the tool layer fails to initialize critical SSH security options. This bypasses host verification, allowing curl to connect t...

7.5CVSS5.9AI score0.0048EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2 days ago6 views

CVE-2026-14570

A flaw was found in Crypt::DSA. Versions before 1.22 for Perl use a biased random number generator when creating the Digital Signature Algorithm DSA signing nonce and private key. This bias allows a remote attacker to recover the private key through a lattice attack if they collect a sufficient...

7.5CVSS5.8AI score0.00508EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2 days ago6 views

CVE-2026-9079

A flaw was found in curl. When libcurl is instructed to clear proxy authentication credentials, it fails to do so, leaving the old credentials available. This could lead to the unintended reuse of sensitive proxy authentication credentials for subsequent network transfers, potentially resulting i...

9.8CVSS5.8AI score0.00754EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2 days ago5 views

CVE-2026-8932

A flaw was found in curl. The libcurl library, used for transferring data with URLs, could improperly reuse existing network connections. This occurred even when changes to mutual Transport Layer Security mTLS settings, particularly those for client certificates, should have prevented such reuse...

7.5CVSS6AI score0.00281EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2 days ago4 views

CVE-2026-9080

A flaw was found in libcurl. When curleasypause is called within the event-based CURLMOPTSOCKETFUNCTION callback, a use-after-free vulnerability is triggered. This occurs because libcurl attempts to store a flag using a pointer to memory that has already been freed. An attacker could potentially...

7.3CVSS6AI score0.00407EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2 days ago5 views

CVE-2026-14759

A flaw was found in radareorg radare2. A local attacker can perform a manipulation in the RBinJava Line Number Table Parser component, specifically within the rbinjavainnerclassesattrcalcsize function. This can lead to a heap-based buffer overflow, resulting in a denial of service. Mitigation...

7.8CVSS5.9AI score0.00126EPSS
Exploits1References10
RedhatCVE
RedhatCVE
added 2 days ago5 views

CVE-2026-41716

A flaw was found in Spring Data Commons. An attacker can exploit this vulnerability by sending repeated requests with specially crafted strings, which are then permanently retained in the internal property-lookup cache. This can lead to heap exhaustion, resulting in a Denial of Service DoS for th...

7.5CVSS5.8AI score0.00363EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2 days ago4 views

CVE-2026-14651

A flaw was found in grass, a Sass compiler. This vulnerability allows a local attacker to cause a Denial of Service DoS by manipulating specific functions within the compiler, such as grasscompiler::selector::extend or grasscompiler::evaluate::visitor. This can lead to the compiler becoming...

4.8CVSS5.8AI score0.00115EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2 days ago4 views

CVE-2026-14650

A flaw was found in Grass. A local attacker could exploit a vulnerability in the UTF-8 Character Handler, specifically within the grasscompiler::rawtoparseerror function, by executing a manipulation. This could lead to a denial of service, making the system or application unavailable to legitimat...

4.8CVSS5.8AI score0.00116EPSS
Exploits0References9
CVE
CVE
added 2 days ago12 views

CVE-2026-6382

The CVE affects multiple elFinder-based WordPress plugins: FileOrganizer (before 1.1.9), Advanced File Manager (before 5.4.12), File Manager Pro (before 2.1.1), and File Manager (before 8.0.4). The root cause is improper escaping of a parameter passed to a shell command during image operations, e...

9.1CVSS6AI score0.00902EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago26 views

CVE-2026-14753 mjperpinosa stumasy Note Handler/Assignment notes authorization

A vulnerability was detected in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be. This impacts an unknown function of the file /PHP/objects/notes of the component Note Handler/Assignment Handler. Performing a manipulation of the argument assignmentitemid results in authorization...

7.5CVSS0.00309EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 4 days ago4 views

Linux Distros Unpatched Vulnerability : CVE-2026-58252

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - nats-server - None Ubuntu Linux - Unknown description CVE-2026-58252 Note that Nessus relies on the presence of the package as reported by the...

6AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 4 days ago4 views

Linux Distros Unpatched Vulnerability : CVE-2026-58207

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - nats-server - None Ubuntu Linux - Unknown description CVE-2026-58207 Note that Nessus relies on the presence of the package as reported by the...

6AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 4 days ago4 views

Linux Distros Unpatched Vulnerability : CVE-2026-58214

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - nats-server - None Ubuntu Linux - Unknown description CVE-2026-58214 Note that Nessus relies on the presence of the package as reported by the...

6AI score
Exploits0References3
RedhatCVE
RedhatCVE
added 5 days ago6 views

CVE-2026-20243

A flaw was found in ClamAV's ALZ file format parser. An unauthenticated, remote attacker can exploit this vulnerability by submitting a specially crafted ALZ Archived Link Zipped file for scanning. This improper handling of ALZ files can lead to memory corruption, causing the ClamAV scanning...

7.5CVSS5.9AI score0.00389EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 5 days ago7 views

CVE-2026-58038

A flaw was found in the Wikimedia Foundation Timeline component. This cross-site scripting XSS vulnerability allows a remote attacker to inject malicious scripts into web pages. Successful exploitation could lead to significant impacts such as information disclosure, session hijacking, or...

3.7CVSS5.7AI score0.0024EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 5 days ago4 views

Linux Distros Unpatched Vulnerability : CVE-2026-13698

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A memory leak in OpenVPN version 2.5.0 through 2.5.11, 2.6.0 through 2.6.20 and 2.7alpha1 through 2.7.4 allows remote attackers with a valid tls-crypt-v2 client...

6CVSS6AI score0.00521EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 6 days ago6 views

CVE-2026-47692

A flaw was found in Envoy. The PROXY Protocol v2 header generator can emit data beyond the maximum allowed length, leading to a mismatch between the actual bytes sent and the length specified in the header. An attacker on an adjacent network could exploit this to smuggle bytes into upstream...

4.8CVSS5.6AI score0.00218EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 6 days ago8 views

CVE-2026-47204

A flaw was found in Envoy, an open source edge and service proxy. A remote attacker can exploit this vulnerability by sending a specially crafted Connect protocol request to a direct response route. This action causes the envoy.filters.http.grpcstats filter to crash, leading to a denial of servic...

7.5CVSS5.7AI score0.00448EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 6 days ago6 views

Linux Distros Unpatched Vulnerability : CVE-2026-53327

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - debugobjects: Do not fillpool if piblockedon On RT enabled kernels, fillpool ends up calling rtlocklock, which asserts if current::piblockedon is set, because a...

6AI score0.00172EPSS
Exploits0References4
Rows per page
Query Builder