Lucene search
K

273 matches found

NVD
NVD
added 2 days ago5 views

CVE-2026-10540

The Control-M/Enterprise Manager uses weak protections for stored hashes of account passwords, potentially allowing offline password recovery attacks if credential data is obtained by an attacker. This vulnerability affects Control-M/Enterprise Manager unsupported versions 9.0.20.x and potentiall...

5.6CVSS0.00078EPSS
Exploits0References1
CVE
CVE
added 2 days ago9 views

CVE-2026-10539

The vulnerability CVE-2026-10539 affects Control-M/Server versions 9.0.20.x through 9.0.21.200 (and potentially earlier unsupported versions). It is caused by insufficient filtering/sanitization of user-supplied input in a Control-M/Server communication command, which could allow an unauthenticat...

9.5CVSS5.9AI score0.00235EPSS
Exploits0References1
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-40933

The Control-M/Enterprise Manager uses weak protections for stored hashes of account passwords, potentially allowing offline password recovery attacks if credential data is obtained by an attacker. This vulnerability affects Control-M/Enterprise Manager unsupported versions 9.0.20.x and potentiall...

5.6CVSS5.8AI score0.00078EPSS
Exploits0References1
CVE
CVE
added 2 days ago8 views

CVE-2026-10540

CVE-2026-10540 affects Control-M/Enterprise Manager (unsupported versions 9.0.20.x and potentially earlier). The vulnerability stems from weak protections for stored password hashes, potentially allowing offline password recovery if credential data is obtained. The CVSS metrics indicate a Local a...

5.6CVSS5.8AI score0.00078EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago36 views

CVE-2026-10540 Weak password hash protection in Control-M/Entreprise Manager

The Control-M/Enterprise Manager uses weak protections for stored hashes of account passwords, potentially allowing offline password recovery attacks if credential data is obtained by an attacker. This vulnerability affects Control-M/Enterprise Manager unsupported versions 9.0.20.x and potentiall...

5.6CVSS0.00078EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/08 11:45 a.m.8 views

CVE-2026-11511 Bolt CMS HTML Attribute TextType.php HTML injection

A weakness has been identified in Bolt CMS up to 3.7.5. This vulnerability affects unknown code of the file src/Storage/Field/Type/TextType.php of the component HTML Attribute Handler. Executing a manipulation of the argument style can lead to HTML injection. It is possible to launch the attack...

5.1CVSS5.3AI score0.00191EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:16 p.m.12 views

CVE-2026-42919

A vulnerability exists in BIG-IP systems that may allow an authenticated attacker with administrative access to escalate their privileges. A successful exploit may allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support EoTS are not...

7.1CVSS5.1AI score0.00288EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/03 1:16 p.m.5 views

CVE-2026-35193

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.middleware.cache.UpdateCacheMiddleware in Django does not add Authorization to the Vary response header for requests bearing that header without Cache-Control: public, which allows remote attackers to read private...

3.1CVSS5.8AI score0.00359EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/05/19 12:16 p.m.14 views

CVE-2026-7860

A possible information disclosure vulnerability exists in the Vaadin Maven plugin and Vaadin Gradle plugin that exposes the full set of environment variables in build logs whenever the frontend build process exits with a non-zero status. Because the build environment may contain credentials...

5.8CVSS0.00117EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/13 6:30 p.m.11 views

EUVD-2026-29980

A vulnerability exists in the undisclosed pages in the Configuration utility that may allow a low-privileged authenticated attacker to access to undisclosed sensitive information. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

7.1CVSS5.8AI score0.00277EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/13 2:12 p.m.29 views

CVE-2026-41227 BIG-IP HTTP/2 Layer 7 Dos Protection vulnerability

On an HTTP/2 virtual server with Layer 7 DoS Protection configured, undisclosed traffic can result in an increase in memory consumption causing the Traffic Management Microkernel TMM process to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

8.7CVSS0.00263EPSS
Exploits0References1
CVE
CVE
added 2026/05/13 2:12 p.m.17 views

CVE-2026-42919

Affected product: BIG-IP ( appliance mode feature ). The issue allows an authenticated administrator to bypass appliance mode security and execute arbitrary commands with higher privileges, a control‑plane only escalation with no data‑plane exposure as described in the advisory. For BIG-IP Next/1...

7.1CVSS5.5AI score0.00288EPSS
Exploits0References1Affected Software21
Cvelist
Cvelist
added 2026/05/13 2:12 p.m.31 views

CVE-2026-40629 BIG-IP SSL/TLS vulnerability

When SSL profiles are configured on a virtual server, undisclosed traffic can cause the virtual server to stop processing new client connections. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

8.7CVSS0.00324EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/13 2:12 p.m.6 views

CVE-2026-42781

When embedded Packet Velocity Acceleration ePVA acceleration is configured, undisclosed local ethernet traffic can cause an increase in ePVA and Traffic Management Microkernel TMM resource utilization. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

7.1CVSS5.8AI score0.00177EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/05/05 6:33 p.m.10 views

EUVD-2026-27347

An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. Response headers do not vary on cookies if a session is not modified, but SESSIONSAVEEVERYREQUEST is True. A remote attacker can steal a user's session after that user visits a cached public page. Earlier, unsupported Django serie...

2.3CVSS5.8AI score0.00544EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/05 2:49 p.m.3 views

CVE-2026-5766

An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. ASGI requests with a missing or understated Content-Length header can bypass the FILEUPLOADMAXMEMORYSIZE limit, potentially loading large files into memory and causing service degradation. As a reminder, Django expects a limit to ...

6.3CVSS5.8AI score0.00423EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/05/05 2:49 p.m.25 views

CVE-2026-5766

CVE-2026-5766 affects Django 6.0 before 6.0.5 and 5.2 before 5.2.14. An ASGI request with a missing or understated Content-Length can bypass FILE_UPLOAD_MAX_MEMORY_SIZE, potentially loading large files into memory and degrading service. The issue is mitigated by applying the patched releases (6.0...

6.3CVSS5.8AI score0.00423EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/04/29 12:33 p.m.6 views

GHSA-5843-P793-GHMM Spring Framework DoS with Multipart Temp Files in WebFlux

A WebFlux server application that processes multipart requests creates temp files for parts larger than 10 K. Under some circumstances, temp files may remain not deleted after the request is fully processed. This allows an attacker to consume available disk space. Older, unsupported versions are...

6.5CVSS5.8AI score0.00344EPSS
Exploits0References3
NVD
NVD
added 2026/04/29 12:16 p.m.7 views

CVE-2026-22740

A WebFlux server application that processes multipart requests creates temp files for parts larger than 10 K. Under some circumstances, temp files may remain not deleted after the request is fully processed. This allows an attacker to consume available disk space. Older, unsupported versions are...

6.5CVSS0.00344EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/29 10:46 a.m.6 views

CVE-2026-22740 Spring Framework DoS with Multipart Temp Files in WebFlux

A WebFlux server application that processes multipart requests creates temp files for parts larger than 10 K. Under some circumstances, temp files may remain not deleted after the request is fully processed. This allows an attacker to consume available disk space. Older, unsupported versions are...

6.5CVSS5.2AI score0.00344EPSS
Exploits0References2
Rows per page
Query Builder