Lucene search
+L

624 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/05/21 3:23 p.m.12 views

Security Bulletin: Due to the use of Jackson Core, CICS Transaction Gateway Desktop Edition is vulnerable to a Denial of Service (DoS) vulnerability.

Summary Due to the use of Jackson Core, CICS Transaction Gateway Desktop Edition is vulnerable to a Denial of Service vulnerability. Jackson Core has been updated within CICS Transaction Gateway Desktop Edition in order to address the vulnerability. Vulnerability Details ID:WS-2026-0003...

5.8AI score
Exploits0Affected Software1
Snyk
Snyk
added 2026/05/20 3:35 p.m.51 views

User Interface (UI) Misrepresentation of Critical Information

Overview symfony/html-sanitizer is a Provides an object-oriented API to sanitize untrusted HTML input for safe insertion into a document's DOM. Affected versions of this package are vulnerable to User Interface UI Misrepresentation of Critical Information via UrlSanitizer::parse in the...

7.1CVSS5.8AI score0.00293EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/12 5:22 p.m.12 views

Exposure of Private Personal Information to an Unauthorized Actor

Overview org.apache.tomcat:tomcat-websocket is a Tomcat WebSocket JSR356 implementation. Affected versions of this package are vulnerable to Exposure of Private Personal Information to an Unauthorized Actor in WebSocket client during authentication. An attacker can obtain sensitive HTTP...

7.3CVSS5.8AI score0.00548EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.16 views

Linux Distros Unpatched Vulnerability : CVE-2026-5244

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability has been found in Cesanta Mongoose up to 7.20. This affects the function mgtlsrecvcert of the file mongoose.c of the component TLS 1.3 Handler...

9.8CVSS6.9AI score0.00727EPSS
Exploits1References3
EUVD
EUVD
added 2026/05/06 3:32 p.m.17 views

EUVD-2026-27830

A weakness has been identified in FlowiseAI Flowise up to 3.0.12. Affected by this vulnerability is an unknown functionality of the component User Controller Handler. This manipulation of the argument userId/organizationId/workspaceId/email causes authorization bypass. The attack may be initiated...

5.3CVSS5.6AI score0.00293EPSS
Exploits1References5
Snyk
Snyk
added 2026/05/05 9:17 p.m.7 views

Improper Authentication

Overview github.com/pocketbase/pocketbase/daos is a realtime backend in 1 file Affected versions of this package are vulnerable to Improper Authentication in the OAuth2 autolinking process. An attacker can gain unauthorized access to a victim's account by pre-registering an unverified user with t...

7.6CVSS5.8AI score0.00247EPSS
Exploits1References2
CBLMariner
CBLMariner
added 2026/05/03 8:52 p.m.9 views

CVE-2026-31585 affecting package kernel for versions less than 6.6.137.1-1

CVE-2026-31585 affecting package kernel for versions less than 6.6.137.1-1. An upgraded version of the package is available that resolves this issue...

5.5CVSS5.8AI score0.00125EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/01 2:49 p.m.14 views

Security Bulletin: IBM Maximo Application Suite - Predict Component component uses pyasn1-0.6.2-py3-none-any.whl which is vulnerable to this CVE-2026-30922

Summary IBM Maximo Application Suite - Predict Component was using vulnerable library pyasn1-0.6.2-py3-none-any.whl which is vulnerable to CVE-2026-30922. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-30922 DESCRIPTION: pyasn1 is a generic...

7.5CVSS6.9AI score0.00803EPSS
Exploits1Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/27 6:32 p.m.11 views

Wooey has an Incorrect Privilege Assignment issue

A vulnerability was determined in Wooey up to 0.13.2. The impacted element is the function addorupdatescript of the file wooey/api/scripts.py of the component API Endpoint. Executing a manipulation can lead to improper authorization. It is possible to launch the attack remotely. The exploit has...

6.5CVSS6.2AI score0.00214EPSS
Exploits0References10Affected Software1
Snyk
Snyk
added 2026/04/17 9:53 p.m.12 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via the /dreaming path in the operator.write. An attacker can modify persistent memory dreaming settings by sending write-scoped gateway requests, resulting in...

7.1CVSS5.7AI score0.00213EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2026/04/14 10:18 p.m.4 views

CVE-2026-35031

Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain a vulnerability chain in the subtitle upload endpoint POST /Videos/itemId/Subtitles, where the Format field is not validated, allowing path traversal via the file extension and enabling arbitrary file write. Th...

9.9CVSS6.5AI score0.00753EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2026/04/14 1:7 a.m.10 views

ai.evolv:ascend-sdk (=0.5.0), app.peac:core (=0.0.1) +2567 more potentially affected by CVE-2026-40490 via org.asynchttpclient:async-http-client (>=2.0.0-RC1 <=2.12.4)

org.asynchttpclient:async-http-client MAVEN version =2.0.0-RC1, =0.7.0, =0.7.0, =0.1.0, =0.2.0, =0.7.0, =0.7.0, =0.1.0, =0.2.0, =0.1.0, =0.2.0, =2.2, =2.0, =2.0-RC2 and more Source cves: CVE-2026-40490 Source advisory: SNYK:JAVA-ORGASYNCHTTPCLIENT-16032254...

6.8CVSS5.4AI score0.00326EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/04/13 12:0 a.m.3 views

Dotnetnuke < 10.2.2 Security code analysis rules triggered (GHSA-fcpv-w245-r2q7)

According to its self-reported version, the instance of Dotnetnuke running on the remote web server is prior to 10.2.2. It is, therefore, affected by a vulnerability. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...

5.9AI score
Exploits0References1
Snyk
Snyk
added 2026/04/09 9:31 p.m.7 views

Improper Certificate Validation

Overview org.apache.tomcat:tomcat-coyote is a Tomcat Connectors and HTTP parser. Affected versions of this package are vulnerable to Improper Certificate Validation in getSSLHostConfig, which does not sufficiently account for all protocol host name inputs. An attacker can access sensitive...

9.1CVSS5.8AI score0.00307EPSS
Exploits0References2
NVD
NVD
added 2026/04/09 8:16 p.m.7 views

CVE-2026-29146

Padding Oracle vulnerability in Apache Tomcat's EncryptInterceptor with default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.0.0-M1 through 10.1.52, from 9.0.13 through 9..115, from 8.5.38 through 8.5.100, from 7.0.100 through 7.0.109. Users are...

7.5CVSS0.0504EPSS
Exploits1References18
UbuntuCve
UbuntuCve
added 2026/04/09 8:16 p.m.3 views

CVE-2026-29129

Configured cipher preference order not preserved vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.16 through 11.0.18, from 10.1.51 through 10.1.52, from 9.0.114 through 9.0.115. Users are recommended to upgrade to version 11.0.20, 10.1.53 or 9.0.116, which fix the issue...

7.5CVSS5.8AI score0.00259EPSS
Exploits0References3
OSV
OSV
added 2026/04/09 8:36 a.m.10 views

BIT-CASSANDRA-2026-27315 Apache Cassandra: cqlsh history sensitive information leak

Sensitive Information Leak in cqlsh in Apache Cassandra 4.0 allows access to sensitive information, like passwords, from previously executed cqlsh command via /.cassandra/cqlshhistory local file access. Users are recommended to upgrade to version 4.0.20, which fixes this issue. -- Description:...

5.5CVSS5.9AI score0.00162EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/06 9:26 p.m.7 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read due to improper handling of input sizes in the parser process. An attacker can cause the application to crash by supplying input larger than the maximum signed integer value, which leads to reading past the end of the...

8.2CVSS5.8AI score0.00275EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/01 9:26 p.m.3 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the static resource handler on Windows. An attacker can extract NTLMv2 credential hashes by accessing specially crafted remote paths, potentially leading to credential theft. Remediation Upgrade aioht...

8.7CVSS5.9AI score0.00433EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/01 9:12 p.m.7 views

Use of GET Request Method With Sensitive Query Strings

Overview openssl-encrypt is an A package for secure file encryption and decryption based on modern ciphers using heavy-compute-load chaining of hashing and KDF to generate strong encryption password based on users provided password to ensure secure encryption of files Affected versions of this...

8.7CVSS5.9AI score
Exploits0References2
Rows per page
Query Builder