Lucene search
+L

1645 matches found

AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.15 views

Astra Linux – Vulnerability in xrdp

xrdp is an open-source project that provides a graphical login to remote machines using the Microsoft Remote Desktop Protocol RDP. xrdp versions prior to 0.9.21 contain an integer overflow in the xrdpmmprocessrailupdatewindowtext function. There are no known solutions to this issue. Users are...

9.8CVSS6.9AI score0.00724EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in libhttp-daemon-perl

HTTP::Daemon is a simple HTTP server class written in Perl. Versions prior to 6.15 are vulnerable to a vulnerability that could potentially be exploited to gain privileged access to APIs or corrupt intermediate caches. It’s unclear how severe the risks are; most Perl-based applications are served...

7.3CVSS6.6AI score0.02122EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Redis

Redis is an in-memory database that persists data on disk. Upon startup, Redis begins listening on Unix sockets before adjusting its permissions to the configuration provided by the user. If a permissive umask value is used, this can create a race condition that allows another process to establis...

3.6CVSS6.6AI score0.00444EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in xrdp

xrdp is an open-source project that provides a graphical login to remote machines using the Microsoft Remote Desktop Protocol RDP. xrdp versions prior to 0.9.21 contain a bug in the xrdpmmtransprocessdrdynvcchannelopen function. There are no known solutions to this issue. Users are advised to...

9.8CVSS7.5AI score0.00799EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Redis

Redis is an in-memory database that persists data on disk.Authenticated users can issue HRANDFIELD or ZRANDMEMBER commands with specially crafted arguments to trigger a denial-of-service attack, causing Redis to crash due to an assertion failure. This vulnerability affects Redis versions 6.2 or...

5.5CVSS5.8AI score0.71984EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/18 9:45 a.m.13 views

Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to vulnerability in Axios

Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to vulnerability in Axios. CVE-2026-40175 The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-40175 DESCRIPTION: Axios is a promise based HTTP client for the browser and...

9CVSS6.9AI score0.01815EPSS
Exploits5Affected Software2
Debian
Debian
added 2026/05/15 5:53 p.m.86 views

[SECURITY] [DSA 6274-1] linux security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6274-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 15, 2026 https://www.debian.org/security/faq -...

8.8CVSS5.9AI score0.0138EPSS
Exploits7
OSV
OSV
added 2026/05/15 4:45 p.m.21 views

GHSA-64RR-PP78-62WW NukeViet CMS: Stored Cross-Site Scripting (XSS) via insufficient server-side input sanitization in Request class

Impact NukeViet CMS , which are stored server-side and executed in the browser of any user who views the content. Who is impacted: - Administrators and moderators who view user-submitted content e.g., contact messages, comments, or any module using the Request class for HTML input. - The Contact...

8.7CVSS5.8AI score0.00349EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/05/14 12:0 a.m.10 views

Unity Linux 20.1070a Security Update: git (UTSA-2026-021356)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021356 advisory. Git is a source code management tool. When cloning from a server or fetching, or pushing, informational or error messages are transported from the remote Git process...

8.8CVSS7.2AI score0.00503EPSS
Exploits1References4
Debian CVE
Debian CVE
added 2026/05/12 3:33 p.m.15 views

CVE-2026-43515

Improper Authorization vulnerability when multiple method constraints define an HTTP method for the same extension in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from...

9.1CVSS5.8AI score0.01136EPSS
Exploits1
OSV
OSV
added 2026/05/12 3:17 p.m.2 views

CVE-2026-42498 Apache Tomcat: WebSocket authentication header exposure

Exposure of HTTP Authentication Header to unexpected hosts during WebSocket authentication vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.2 through 9.0.117, from 8.5.24 through 8.5.100, from 7.0.83 through...

7.3CVSS7AI score0.00548EPSS
Exploits0References4
OSV
OSV
added 2026/05/12 3:14 p.m.4 views

CVE-2026-41284 Apache Tomcat: Unbounded read in WebDAV LOCK and PROPFIND handling

Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117. Older, unsupported versions may also be affected. Users are recommended to upgrade ...

7.5CVSS5.9AI score0.0078EPSS
Exploits0References4
Debian
Debian
added 2026/05/10 4:0 p.m.19 views

[SECURITY] [DSA 6262-1] lcms2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6262-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 10, 2026 https://www.debian.org/security/faq -...

7.5CVSS5.7AI score0.00365EPSS
Exploits1
Debian
Debian
added 2026/05/10 11:13 a.m.66 views

[SECURITY] [DSA 6260-1] tor security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6260-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 10, 2026 https://www.debian.org/security/faq -...

9.1CVSS5.9AI score0.0045EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/05/08 2:27 p.m.36 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.12.89 bug fix and security update

Red Hat OpenShift Container Platform release 4.12.89 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a...

7.8CVSS6.1AI score0.96267EPSS
Exploits230References2
RedHat Linux
RedHat Linux
added 2026/05/07 7:48 p.m.46 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.13.66 bug fix and security update

Red Hat OpenShift Container Platform release 4.13.66 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a...

7.8CVSS6.1AI score0.96267EPSS
Exploits230References2
Debian
Debian
added 2026/05/07 7:5 p.m.13 views

[SECURITY] [DSA 6252-1] prosody security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6252-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 07, 2026 https://www.debian.org/security/faq -...

7.5CVSS5.8AI score0.00348EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/07 2:0 p.m.7 views

Security Bulletin: IBM Maximo Scheduler Optimizer uses flask-3.1.2-py3-none-any.whl which is vulnerable to CVE-2026-27205

Summary IBM Maximo Scheduler Optimizer uses flask-3.1.2-py3-none-any.whl which is vulnerable to CVE-2026-27205. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2026-27205 DESCRIPTION: Flask is a web server gateway interface WSGI web...

4.3CVSS5.8AI score0.00374EPSS
Exploits0Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/07 2:38 a.m.14 views

Talos Linux has a local privilege escalation from untrusted workloads

Summary A vulnerability in the Linux kernel's algifaead subsystem CVE-2026-31431, "copy.fail" allows an unprivileged container workload to corrupt arbitrary file page-cache pages via the AFALG crypto interface and splice. On Talos Linux, this vulnerability can be chained into a complete node...

7.8CVSS8AI score0.96267EPSS
Exploits230References6Affected Software1
vulnersOsv
vulnersOsv
added 2026/05/06 7:32 p.m.9 views

@cedarjs/api-server (>=1.0.0-canary.12863 <=9.0.0-canary.1784), @cedarjs/cli (>=1.0.0-canary.12863 <=9.0.0-canary.1784) +12 more potentially affected by CVE-2026-23870 via react-server-dom-webpack (>=19.2.1 <=19.2.4)

react-server-dom-webpack NPM version =19.2.1, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =3.0.0-canary.13429, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863,...

7.5CVSS5.8AI score0.01533EPSS
Exploits1
Rows per page
Query Builder