Lucene search
K

14 matches found

Snyk
Snyk
added 5 days ago5 views

Origin Validation Error

Overview Affected versions of this package are vulnerable to Origin Validation Error in the OIDC discovery process when the X-Forwarded-Host header is not validated and no allowed-hosts list is configured. An attacker can manipulate the issuer and JWKS URI in the discovery document by supplying a...

8.2CVSS6AI score0.00246EPSS
Exploits0References2
NVD
NVD
added 2026/06/05 2:17 a.m.8 views

CVE-2026-11326

OpenAI Atlas before 1.2025.288.15 exposed privileged browser APIs to web content on .openai.com origins. A cross-site scripting vulnerability in forum.openai.com could be used to access these functions, allowing access to browser history information and the ability to open or close tabs. OpenAI...

6CVSS0.00214EPSS
Exploits0References1
OSV
OSV
added 2026/04/17 10:12 p.m.11 views

GHSA-939R-RJ45-G2RJ OpenClaw: Workspace provider auth choices could auto-enable untrusted provider plugins

Summary Workspace provider auth choices could auto-enable untrusted provider plugins. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.9 Impact Non-interactive onboarding could select a provider auth choice shadowed by an untrusted workspace plugin,...

8.8CVSS5.7AI score0.00381EPSS
Exploits0References6
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/11 7:13 a.m.14 views

Security Bulletin: Multiple vulnerabilities in IBM webMethods Integration Server

Summary Multiple vulnerabilities were addressed in IBM webMethods Integration Server fixes. Vulnerability Details CVEID:CVE-2025-49128 DESCRIPTION: Jackson-core contains core low-level incremental "streaming" parser and generator abstractions used by Jackson Data Processor. Starting in version...

9.8CVSS7.7AI score0.06257EPSS
Exploits6Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/26 12:0 a.m.6 views

PT-2025-53586

Name of the Vulnerable Software and Affected Versions IBM Aspera Faspex 5 versions 5.0.0 through 5.0.14.1 Description The software may have inconsistent permissions between the user interface and backend API. This could allow users to access features that appear disabled, potentially leading to...

3.8CVSS6.5AI score0.00203EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/08/26 12:0 a.m.2 views

PT-2025-34798

Name of the Vulnerable Software and Affected Versions: ImageMagick versions prior to 6.9.13-28 ImageMagick versions prior to 7.1.2-2 Description: ImageMagick is software used for editing and manipulating digital images. A format string bug exists in the InterpretImageFilename function where user...

9.8CVSS7.7AI score0.04065EPSS
Exploits9References73
RedhatCVE
RedhatCVE
added 2025/02/05 7:39 p.m.6 views

CVE-2022-39395

Vela is a Pipeline Automation CI/CD framework built on Linux container technology written in Golang. In Vela Server and Vela Worker prior to version 0.16.0 and Vela UI prior to version 0.17.0, some default configurations for Vela allow exploitation and container breakouts. Users should upgrade to...

9.9CVSS6.5AI score0.01067EPSS
Exploits0References1
Veeam
Veeam
added 2024/12/03 12:0 a.m.444 views

Release Information for Veeam Backup & Replication 12.3

Requirements You can check the installed build number in the Veeam Backup & Replication Console's Main Menu ≡ under Help About. Release Information 12.3.2.4854 2026-06-08 Security Vulnerabilities CVE-2026-44963 | Severity: Critical 9.4 A vulnerability allowing remote code execution RCE on the...

9.9CVSS8.4AI score0.11609EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2024/02/19 12:0 a.m.4 views

PT-2024-2730

Name of the Vulnerable Software and Affected Versions Apache Commons Compress versions 1.3 through 1.25.0 Bamboo Data Center and Server versions 9.0.0, 9.1.0, 9.2.1, 9.3.0, 9.4.0, and 9.5.0 Confluence Data Center and Server version 7.14 Description The issue is related to a Loop with Unreachable...

8.1CVSS6.7AI score0.00441EPSS
Exploits0References196
CNVD
CNVD
added 2021/02/01 12:0 a.m.3 views

Command Execution Vulnerability in Tplay Backend

Tplay is a backend management framework based on ThinkPHP 5.0.13 + layui2.2.45 + Mysql development, PHP version required to upgrade to 5.5. A command execution vulnerability exists in Tplay backend. An attacker can exploit this vulnerability to gain server privileges...

7.5AI score
Exploits0
Veeam
Veeam
added 2020/06/04 12:0 a.m.22 views

Release Information for Veeam Agent for Oracle Solaris 2.0

Requirements Upgrade from v1 is not supported, clean installation is required. Upgrade from Veeam Agent for Solaris 2.0 RTM build 2.0.0.123 is possible. Please confirm that you are running version 2.0.0.123 or later prior to upgrading. You can check this using veeamconfig --version in Oracle...

6.5AI score
Exploits0Affected Software1
OSV
OSV
added 2019/03/23 11:3 a.m.7 views

OPENSUSE-SU-2019:0208-1 Security update for runc

This update for runc fixes the following issues: Security vulnerablities addressed: - CVE-2019-5736: Effectively copying /proc/self/exe during re-exec to avoid write attacks to the host runc binary, which could lead to a container breakout bsc1121967 - CVE-2018-16873: Fix a remote command executi...

9.3CVSS8.1AI score0.9857EPSS
Exploits33References10
Citrix
Citrix
added 2018/03/06 12:0 a.m.6 views

How to Perform a Partial Site Upgrade in NetScaler SD-WAN 10.0

NetScaler SD-WAN 10.0 has been designed to accommodate large scale deployments, with the capability of supporting up to 2500 sites. The partial site upgrade feature is one enhancement that will accommodate such large scale deployments. This feature allows administrators to stage upgrades at...

6.8AI score
Exploits0
Microsoft Security Update
Microsoft Security Update
added 1970/01/01 12:0 a.m.13 views

SCVMM 2008 R2 Server (64 bit)

This detects if the Microsoft System Center Virtual Machine Manager 2008 R2 Server product is installed. Also detects that the VMMService is installed this is not installed if "/prep" option is given at setup. This update should not be offered if the VMMService is not installed, only after the...

3.4AI score
Exploits0
Rows per page
Query Builder