Lucene search
K

162453 matches found

CVE
CVE
added 2026/06/04 2:26 a.m.24 views

CVE-2026-41011

The CVE affects BOSH: all versions prior to v282.1.12 (inclusive). PackagePersister.validate_tgz constructs a tar command (tar -tf #{tgz}) using a name derived from release.MF without Shellwords.escape, and passes it to Bosh::Common::Exec.sh (via /bin/sh -c). The Models::Package validation runs a...

8.7CVSS5.8AI score0.00116EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/06/04 2:24 a.m.8 views

SUSE CVE-2026-37460

Missing input validation in the rfapiRibBi2Ri function rfapirib.c of FRRouting FRR stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service DoS via supplying a crafted BGP UPDATE message...

5.8AI score0.00335EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/04 2:23 a.m.7 views

SUSE CVE-2026-43660

A validation issue was addressed with improved logic. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may prevent Content Security Policy from being...

7.1CVSS5.8AI score0.0027EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2026/06/04 2:23 a.m.7 views

SUSE CVE-2026-45283

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.2, and 33.0.0 to before 33.0.1, the fileslock app did not properly validate the ownership of files when processing DAV lock and unlock requests. An authenticated user could lock or...

6.3CVSS5.7AI score0.00211EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/04 1:47 a.m.11 views

crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation

A flaw was found in Go's crypto/x509 package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service DoS for...

7.5CVSS7.1AI score0.00349EPSS
Exploits0References8
Packet Storm News
Packet Storm News
added 2026/06/04 12:0 a.m.5 views

MalTree: Tracing Malware Evolution from Embeddings at Scale

Malware detection remains largely reactive: machine learning models trained on known samples degrade as threats evolve. Understanding evolutionary relationships among malware families can inform proactive defense, but traditional reverse engineering can take months to years to uncover such lineag...

5.5AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.15 views

PT-2026-46295

Name of the Vulnerable Software and Affected Versions nvm versions prior to 0.40.5 Description Command injection occurs when the software executes arbitrary commands from version strings provided by a configured Node.js/io.js mirror. When commands like nvm install read available versions from the...

7.5CVSS5.7AI score0.00464EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.6 views

PT-2026-49153

Publisher note Fixed in v1.7.17. Operators running v1.7.17 should upgrade. The decompression-error path in MultiDataInterceptor.ProcessReceivedMessage now releases the global throttler slot before returning guarded defer after StartProcessing, disabled when the asynchronous goroutine takes...

7.5CVSS5.6AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.18 views

PT-2026-46154

Crucial management API endpoints for cellular eSIM allocation do not validate caller authorization, allowing remote profiles to be rewritten or deleted...

7.2CVSS5.8AI score0.00168EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.16 views

PT-2026-46846

Impact So far, kas checks out and processes repositories regarding configuration includes prior to validating signatures of those repositories. This may allow to replace on original repository with one under the control of an attacker under very specific conditions. First of all, the attacker mus...

2.1CVSS5.8AI score
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.14 views

PT-2026-46183

HCL iControl was affected by Weak Input Validation vulnerability. This weakness is caused during implementation of an architectural security tactic. Received input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expecte...

4.3CVSS5.8AI score0.00169EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.13 views

PT-2026-46268

Name of the Vulnerable Software and Affected Versions Net::CIDR::Set versions prior to 0.21 Description Net::CIDR::Set for Perl fails to properly validate network masks. The mask portion may contain non-digits or Unicode digits, such as the Arabic-Indic One U+0661, which are ignored, potentially...

7.3CVSS5.4AI score0.00312EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.15 views

PT-2026-46879

Impact So far, kas checks out and processes repositories regarding configuration includes prior to validating signatures of those repositories. This may allow to replace on original repository with one under the control of an attacker under very specific conditions. First of all, the attacker mus...

2.1CVSS5.8AI score0.00021EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.16 views

PT-2026-46226

Name of the Vulnerable Software and Affected Versions MISP affected versions not specified Description A URL validation flaw in the dashboard button widget allows a crafted relative-looking URL to be accepted as a local path while browsers interpret it as an external URL. The validation process...

6.1CVSS5.4AI score0.00148EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.11 views

PT-2026-46227

Name of the Vulnerable Software and Affected Versions MISP affected versions not specified Description An open redirect occurs in the routeafterlogin function of the UsersController because the value stored in the pre login requested url session key is used as the post-login redirect destination...

6.1CVSS5.5AI score0.00223EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.17 views

PT-2026-46164

Weak validation logic within device dissociation API routines allows a remote entity to forcefully unbind unrelated user endpoints, causing severe denial of service...

7.1CVSS5.8AI score0.00165EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/04 12:0 a.m.11 views

Devolutions Server < 2026.1.20 Multiple Vulnerabilities (DEVO-2026-0014)

The version of Devolutions Server installed on the remote host is prior to 2026.1.20. It is, therefore, affected by multiple vulnerabilities, including: - Improper access control in the PAM account discovery feature in Devolutions Server 2026.1.19 and earlier allows an authenticated user without...

5.4CVSS5.6AI score0.00184EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/04 12:0 a.m.10 views

RockyLinux 9 : flatpak (RLSA-2026:21755)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:21755 advisory. flatpak: Flatpak: Arbitrary code execution via crafted symlinks in sandbox-expose options CVE-2026-34078 flatpak: Flatpak: Arbitrary file deletion on ho...

10CVSS8.2AI score0.0168EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/04 12:0 a.m.91 views

Kibana 8.x < 8.19.16 / 9.0.x < 9.3.5 / 9.4.x < 9.4.2 Multiple Vulnerabilities (ESA-2026-35 / ESA-2026-38)

The version of Kibana installed on the remote host is prior to 8.19.16, 9.3.5, or 9.4.2. It is, therefore, affected by multiple vulnerabilities as referenced in the ESA-2026-35 and ESA-2026-38 advisories. - Uncontrolled Resource Consumption CWE-400 in Kibana can lead to denial of service via...

6.5CVSS5.6AI score0.00296EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.14 views

PT-2026-46236

Name of the Vulnerable Software and Affected Versions MISP affected versions not specified Description A logic error in the CRUD component delete handler allows validation failures to be bypassed when using the HTTP DELETE method. This occurs because missing parentheses in the delete condition...

7.9CVSS5.4AI score0.00197EPSS
Exploits0References3
Rows per page
Query Builder