Lucene search
K

11971 matches found

EUVD
EUVD
added 2026/06/24 1:20 p.m.7 views

EUVD-2026-38786

A cross-site request forgery CSRF vulnerability in Jenkins Assembla Plugin 1.4 and earlier allows attackers to connect to an attacker-specified URL using an attacker-specified username and password...

5.4CVSS5.8AI score0.00128EPSS
Exploits0References1
CVE
CVE
added 2026/06/24 1:20 p.m.10 views

CVE-2026-57297

CVE-2026-57297 affects Jenkins via the Contrast Continuous Application Security Plugin (3.11 and earlier). The issue is a missing permission check that lets attackers with Overall/Read access cause a connection to an attacker‑specified URL using attacker‑provided credentials (username, API key, s...

5.4CVSS5.8AI score0.00167EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 1:20 p.m.4 views

CVE-2026-57288

Jenkins Active Directory Plugin 2.41.1 and earlier does not escape the user name before building the LDAP search filter in the Windows native ADSI authentication path, allowing unauthenticated attackers to inject LDAP wildcard characters to enumerate directory entries and to authenticate as a...

3.7CVSS5.9AI score0.00224EPSS
Exploits0References2
OSV
OSV
added 2026/06/24 1:9 p.m.4 views

OESA-2026-2692 mongo-c-driver security update

mongo-c-driver is a project that includes two libraries: libmongoc, a client library written in C for MongoDB. libbson, a library providing useful routines related to building, parsing, and iterating BSON documents. Security Fixes: The MongoDB C Driver's Cyrus SASL integration performs unsafe...

8.6CVSS6.1AI score0.00126EPSS
Exploits0References2
OSV
OSV
added 2026/06/24 1:9 p.m.4 views

OESA-2026-2691 mongo-c-driver security update

mongo-c-driver is a project that includes two libraries: libmongoc, a client library written in C for MongoDB. libbson, a library providing useful routines related to building, parsing, and iterating BSON documents. Security Fixes: The MongoDB C Driver's Cyrus SASL integration performs unsafe...

8.6CVSS6.1AI score0.00126EPSS
Exploits0References2
OSV
OSV
added 2026/06/24 1:9 p.m.5 views

OESA-2026-2690 mongo-c-driver security update

mongo-c-driver is a project that includes two libraries: libmongoc, a client library written in C for MongoDB. libbson, a library providing useful routines related to building, parsing, and iterating BSON documents. Security Fixes: The MongoDB C Driver's Cyrus SASL integration performs unsafe...

8.6CVSS6.1AI score0.00126EPSS
Exploits0References2
OSV
OSV
added 2026/06/24 12:5 p.m.4 views

RLSA-2026:27842 Important: memcached security update

memcached is a high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load. Security Fixes: memcached: memcached: Username enumeration via timing side channel CVE-2026-47783 For more detai...

8.1CVSS5.8AI score0.01312EPSS
Exploits0References2
Rockylinux
Rockylinux
added 2026/06/24 12:5 p.m.13 views

memcached security update

An update is available for memcached. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list memcached is a high-performance, distributed memory object caching system,...

8.1CVSS5.9AI score0.01312EPSS
Exploits0
OSV
OSV
added 2026/06/24 12:3 p.m.5 views

RLSA-2026:27862 Important: memcached security update

memcached is a high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load. Security Fixes: memcached: memcached: Username enumeration via timing side channel CVE-2026-47783 For more detai...

8.1CVSS5.8AI score0.01312EPSS
Exploits0References2
Rockylinux
Rockylinux
added 2026/06/24 12:3 p.m.9 views

memcached security update

An update is available for memcached. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list memcached is a high-performance, distributed memory object caching system,...

8.1CVSS5.9AI score0.01312EPSS
Exploits0
OSV
OSV
added 2026/06/24 8:0 a.m.7 views

CURL-CVE-2026-8926 password leak with netrc and user in URL

When asking curl to use a .netrc file to find credentials and at the same time specifying a URL with a username without a password, like https://[email protected]/, curl could wrongly get and use the password for another user set in the .netrc file for that host if such a one exists and there is n...

9.1CVSS5.8AI score0.00479EPSS
Exploits1
EUVD
EUVD
added 2026/06/24 5:33 a.m.9 views

EUVD-2026-38658

The Book a Room Event Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9. This is due to missing or incorrect nonce validation on the settingsform/updatesettings functionality. The plugin's options page handler dispatches on the...

4.3CVSS5.8AI score0.00103EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.11 views

RockyLinux 10 : memcached (RLSA-2026:27842)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:27842 advisory. memcached: memcached: Username enumeration via timing side channel CVE-2026-47783 Tenable has extracted the preceding description block directly from the...

8.1CVSS5.9AI score0.01312EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.11 views

PT-2026-51749

Name of the Vulnerable Software and Affected Versions curl affected versions not specified Description When configured to use a .netrc file for credentials while simultaneously specifying a URL containing a username but no password e.g., https://[email protected]/, the software may incorrectly...

9.1CVSS5.8AI score0.00479EPSS
Exploits1References27
Jenkins Security Advisories
Jenkins Security Advisories
added 2026/06/24 12:0 a.m.6 views

CSRF vulnerability and missing permission check in contrast-continuous-application-security

contrast-continuous-application-security 3.11 and earlier does not perform a permission check in an HTTP endpoint that tests the connection to a Contrast TeamServer. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using an attacker-specified username, AP...

5.4CVSS5.8AI score0.00167EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.8 views

RockyLinux 9 : memcached (RLSA-2026:27862)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:27862 advisory. memcached: memcached: Username enumeration via timing side channel CVE-2026-47783 Tenable has extracted the preceding description block directly from the...

8.1CVSS5.9AI score0.01312EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.8 views

AlmaLinux 9 : memcached (ALSA-2026:27862)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:27862 advisory. memcached: memcached: Username enumeration via timing side channel CVE-2026-47783 Tenable has extracted the preceding description block directly from the AlmaLinu...

8.1CVSS5.9AI score0.01312EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.6 views

AlmaLinux 10 : memcached (ALSA-2026:27842)

The remote AlmaLinux 10 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:27842 advisory. memcached: memcached: Username enumeration via timing side channel CVE-2026-47783 Tenable has extracted the preceding description block directly from the AlmaLin...

8.1CVSS5.9AI score0.01312EPSS
Exploits0References3
NVD
NVD
added 2026/06/23 11:16 p.m.8 views

CVE-2026-47693

Poweradmin is a web-based DNS administration tool for PowerDNS server. Versions prior to 4.2.4 and 4.3.3 are vulnerable to CSV Injection Formula Injection in its log export functionality. User-controlled data — specifically the username field — is written to exported CSV files without sanitizing...

6.9CVSS0.00229EPSS
Exploits0References3
CVE
CVE
added 2026/06/23 10:7 p.m.28 views

CVE-2026-47693

CVE-2026-47693 details (Poweradmin) : Poweradmin, a web-based DNS admin tool for PowerDNS, is vulnerable to CSV Injection in its log export endpoints. User-supplied data (notably the username) is written to exported CSVs without sanitizing formula trigger characters (=, +, -, @). When an admin ex...

6.9CVSS5.9AI score0.00229EPSS
Exploits0References3
Rows per page
Query Builder