Lucene search
K

1701 matches found

EUVD
EUVD
added 12 hours ago5 views

EUVD-2026-43638

Improper Handling of URL Encoding Hex Encoding vulnerability in Apache Tomcat's rewrite valve allowed security constraint bypass for some configurations. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.23, from 10.1.0-M1 through 10.1.56, from 9.0.0.M1 through 9.0.119, from 8.5.0...

9.1CVSS6.1AI score
Exploits0References1
Nuclei
Nuclei
added 13 hours ago186 views

Sharp Multifunction Printers - Directory Listing

It was observed that Sharp printers are vulnerable to an arbitrary directory listing without authentication. Any attacker can list any directory located in the printer and recover any file. id: CVE-2024-33605 info: name: Sharp Multifunction Printers - Directory Listing author: gy741 severity: hig...

7.5CVSS7.1AI score0.06226EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday193 views

Adobe ColdFusion WDDX Deserialization Gadgets

Adobe ColdFusion versions 2023.5 and earlier and 2021.11 and earlier are affected by an Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction. id: CVE-2023-44353 info: name: Adobe ColdFusion WDDX...

9.8CVSS7.2AI score0.80178EPSS
Exploits0References5
NVD
NVD
added 2026/07/06 11:16 a.m.9 views

CVE-2026-46587

Improper Input Validation vulnerability in Apache Camel. This issue affects Apache Camel: through 4.14.7, from 4.15.0 through 4.18.2, from 4.19.0 through 4.20.0. Users are recommended to upgrade to version 4.14.8, 4.18.3, 4.21.0, which fixes the issue...

7.3CVSS0.00399EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/07/06 9:53 a.m.7 views

postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison

A flaw was found in PostgreSQL. This vulnerability, a covert timing channel, exists in the comparison of MD5-hashed passwords during authentication. A remote attacker could exploit this to recover user credentials, gaining unauthorized access to the database. This issue specifically impacts...

8.2CVSS6.6AI score0.00558EPSS
Exploits0References5
EUVD
EUVD
added 2026/07/06 9:36 a.m.6 views

EUVD-2026-41866

Improper Input Validation vulnerability in Apache Camel. This issue affects Apache Camel: through 4.14.7, from 4.15.0 through 4.18.2, from 4.19.0 through 4.20.0. Users are recommended to upgrade to version 4.14.8, 4.18.3, 4.21.0, which fixes the issue...

7.3CVSS5.9AI score0.00399EPSS
Exploits0References1
OSV
OSV
added 2026/07/06 5:47 a.m.4 views

BIT-ACTIVEMQ-2026-50750 Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All: Pre-authentication OpenWire DoS following fix for CVE-2026-49270

Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. Following the fix for CVE-2026-49270 an unauthenticated attacker can now cause broker OOM by sending an repeated BrokerInfo commands without sending a ConnectionInfo, until the broke...

7.5CVSS5.9AI score0.00707EPSS
Exploits0References2
Fedora
Fedora
added 2026/07/04 12:51 a.m.8 views

[SECURITY] Fedora 44 Update: os-autoinst-5^20260601git6ee8da2-1.fc44

The OS-autoinst project aims at providing a means to run fully automated tests. Especially to run tests of basic and low-level operating system components such as bootloader, kernel, installer and upgrade, which can not easily and safely be tested with other automated testing frameworks. However,...

9.8CVSS6.6AI score0.01735EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/07/02 12:3 a.m.6 views

Next.js: Next.js: Server-Side Request Forgery via crafted WebSocket upgrade requests

A flaw was found in Next.js. Self-hosted applications utilizing the built-in Node.js server are vulnerable to Server-Side Request Forgery SSRF through specially crafted WebSocket upgrade requests. A remote attacker can exploit this by causing the server to proxy requests to arbitrary internal or...

8.6CVSS6AI score0.38811EPSS
Exploits9References5
RedHat Linux
RedHat Linux
added 2026/07/01 6:20 p.m.5 views

postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison

A flaw was found in PostgreSQL. This vulnerability, a covert timing channel, exists in the comparison of MD5-hashed passwords during authentication. A remote attacker could exploit this to recover user credentials, gaining unauthorized access to the database. This issue specifically impacts...

8.2CVSS5.8AI score0.00558EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/07/01 6:20 p.m.5 views

postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison

A flaw was found in PostgreSQL. This vulnerability, a covert timing channel, exists in the comparison of MD5-hashed passwords during authentication. A remote attacker could exploit this to recover user credentials, gaining unauthorized access to the database. This issue specifically impacts...

8.2CVSS5.8AI score0.00558EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/07/01 5:56 p.m.6 views

GeoNetwork has reflected XSS through client-side template injection

Summary It is possible to craft a URL that causes GeoNetwork to reflect attacker-controlled content into an error page in a way that gets evaluated as a client-side template expression. Combined with known AngularJS sandbox-escape techniques, this can be used to execute arbitrary JavaScript in th...

6.2AI score
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.8 views

PT-2026-54863

Name of the Vulnerable Software and Affected Versions Elasticsearch versions prior to 8.19.17 Elasticsearch versions prior to 9.3.6 Elasticsearch versions prior to 9.4.3 Description An authenticated user can trigger a denial of service by submitting a specially crafted query. This occurs due to...

6.5CVSS5.7AI score0.00347EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/30 3:54 p.m.5 views

CVE-2026-58172 Ocelot - IP Allow/Block List Bypass for WebSocket Upgrade Requests

Ocelot through 24.1.0, fixed in commit f156fd4, contains a security control bypass vulnerability that allows denied clients to circumvent IP-based access restrictions by sending WebSocket upgrade requests. The WebSocket upgrade pipeline branch configured via MapWhen in OcelotPipelineExtensions.cs...

9.3CVSS5.8AI score0.00412EPSS
Exploits0References4
CVE
CVE
added 2026/06/30 3:54 p.m.23 views

CVE-2026-58172

CVE-2026-58172 affects Ocelot up to version 24.1.0. A security control bypass allows denied clients to bypass IP-based access restrictions by sending WebSocket upgrade requests. The WebSocket upgrade pipeline branch configured via MapWhen omits SecurityMiddleware, causing requests from blocked IP...

9.3CVSS5.8AI score0.00412EPSS
Exploits0References4
OSV
OSV
added 2026/06/30 11:14 a.m.2 views

SUSE-SU-2026:22455-1 Security update for helm

This update for helm fixes the following issue - CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows for validation bypass and privilege escalation bsc1266598. Changes for helm: - update to 3.21.2: choredeps: bump the k8s-io group with 2 updates...

9.6CVSS6AI score0.00478EPSS
Exploits0References3
OSV
OSV
added 2026/06/29 9:16 p.m.4 views

UBUNTU-CVE-2026-55276

Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat meant that special roles and empty authorisation constraints were not included when the effective web.xml was logged. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...

9.1CVSS5.7AI score0.00368EPSS
Exploits0References9
CVE
CVE
added 2026/06/29 8:46 p.m.113 views

CVE-2026-55956

CVE-2026-55956 is an improper authorization vulnerability in Apache Tomcat. The issue causes the security constraints configured for the default servlet to ignore certain methods or method omissions, potentially bypassing intended access controls. Affected product ranges include Tomcat versions 1...

6.5CVSS5.7AI score0.0041EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/29 8:46 p.m.3 views

CVE-2026-55956 Apache Tomcat: Security constraints for default servlet ignored method

Improper Authorization vulnerability in Apache Tomcat leads to security constraints specified for the default servlet ignoring any method or method omission configured as part of the constraint. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...

6.5CVSS5.9AI score0.0041EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/06/29 8:39 p.m.8 views

CVE-2026-53404

Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat's rewrite valve meant that if the first condition in an OR chain matched, subsequent non-OR conditions were skipped. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...

7.3CVSS5.7AI score0.00413EPSS
Exploits0
Rows per page
Query Builder