Lucene search
K

162637 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/03 12:0 a.m.9 views

RockyLinux 10 : postgresql16 (RLSA-2026:19010)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19010 advisory. postgresql: PostgreSQL oidvector discloses a few bytes of memory CVE-2026-2003 postgresql: PostgreSQL missing validation of multibyte character length...

8.8CVSS6.3AI score0.01208EPSS
Exploits3References9
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.16 views

PT-2026-46127

Name of the Vulnerable Software and Affected Versions Docling versions prior to 2.94.0 Description The HTML backend fails to perform sufficient validation during resource handling. This allows local file system access via file:// URIs when enable local fetch is set to True, and enables path...

7.1CVSS5.8AI score0.00217EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/03 12:0 a.m.7 views

MBS多款产品 安全漏洞

MBS Single-A and other products are a series of industrial communication gateways developed by the German company MBS. Several MBS products have security vulnerabilities. These vulnerabilities stem from insufficient validation of user-controlled inputs using the ugw-logstop method, which could...

8.1CVSS5.5AI score0.0037EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/03 12:0 a.m.8 views

AlmaLinux 10 : flatpak (ALSA-2026:21757)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:21757 advisory. flatpak: Flatpak: Arbitrary code execution via crafted symlinks in sandbox-expose options CVE-2026-34078 flatpak: Flatpak: Arbitrary file deletion on ho...

10CVSS8.2AI score0.0168EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/03 12:0 a.m.9 views

MiracleLinux 8 : flatpak-1.12.9-4.el8_10 (AXSA:2026-753:02)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-753:02 advisory. flatpak: Flatpak: Arbitrary code execution via crafted symlinks in sandbox-expose options CVE-2026-34078 flatpak: Flatpak: Arbitrary file deletion on...

10CVSS8.2AI score0.0168EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.10 views

PT-2026-45961

A vulnerability in jupyter-server versions 1.12.0 through 2.17.0 allows an attacker to bypass CORS origin validation when the allow origin pat configuration is used. The issue arises from the use of re.match for validating the Origin header, which only anchors at the start of the string. This...

6.1CVSS6.6AI score0.00197EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/06/03 12:0 a.m.7 views

Cisco Webex Meetings 跨站脚本漏洞

Cisco Webex Meetings is a video conferencing solution provided by the American company Cisco. Cisco Webex Meetings has a cross-site scripting vulnerability, which stems from insufficient user input validation. This vulnerability could allow unauthenticated remote attackers to carry out cross-site...

6.1CVSS5.1AI score0.00184EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.17 views

PT-2026-45988

Name of the Vulnerable Software and Affected Versions Cisco Webex Meetings affected versions not specified Description Insufficient validation of user input in the web-based user interface allows an unauthenticated remote attacker to conduct a cross-site scripting XSS attack. An attacker could...

6.1CVSS6AI score0.00184EPSS
Exploits0References6
CVE
CVE
added 2026/06/03 12:0 a.m.26 views

CVE-2026-37460

CVE-2026-37460 affects FRRouting (FRR) stable/10.0–10.6. The issue is in the rfapiRibBi2Ri() function (rfapi_rib.c) where missing input validation can be triggered by a crafted BGP UPDATE message, leading to Denial of Service. Connected sources consistently describe the same flaw and affected ran...

7.5CVSS5.8AI score0.00335EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/02 11:27 p.m.43 views

CVE-2026-9732 EmergencyWP <= 1.4.2 - Cross-Site Request Forgery to Plugin Settings Update

The EmergencyWP – Dead Man's switch & legacy deliverance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.2. This is due to missing or incorrect nonce validation on the formsettingsui settings save handler, procedural include scope functio...

4.3CVSS0.00128EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/02 11:27 p.m.7 views

CVE-2026-9732 EmergencyWP <= 1.4.2 - Cross-Site Request Forgery to Plugin Settings Update

The EmergencyWP – Dead Man's switch & legacy deliverance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.2. This is due to missing or incorrect nonce validation on the formsettingsui settings save handler, procedural include scope functio...

4.3CVSS5.7AI score0.00128EPSS
Exploits0References4
NVD
NVD
added 2026/06/02 11:16 p.m.14 views

CVE-2026-32625

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, the Model Context Protocol MCP server integration resolves $VAR placeholders against the server's process.env during Zod schema validation of user-supplied MCP server URLs. Any...

9.6CVSS0.0294EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/02 10:52 p.m.12 views

CVE-2026-2614

A flaw was found in mlflow. An unauthenticated remote attacker can exploit a vulnerability in the createmodelversion handler by including a specific tag, mlflow.prompt.isprompt, in a CreateModelVersion request. This bypasses source path validation, allowing the attacker to specify an arbitrary...

7.5CVSS7.1AI score0.00657EPSS
Exploits1References5
EUVD
EUVD
added 2026/06/02 10:35 p.m.10 views

EUVD-2026-34046

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, the Model Context Protocol MCP server integration resolves $VAR placeholders against the server's process.env during Zod schema validation of user-supplied MCP server URLs. Any...

9.6CVSS5.8AI score0.0294EPSS
Exploits1References1
CVE
CVE
added 2026/06/02 10:35 p.m.37 views

CVE-2026-32625

LibreChat vulnerability CVE-2026-32625 affects versions up to 0.8.3 where MCP server URL validation expands ${VAR} against process.env during Zod schema checks. An authenticated user can configure a malicious MCP URL to exfiltrate secrets (CREDS_KEY, CREDS_IV, JWT_SECRET, MONGO_URI) to an attacke...

9.6CVSS5.8AI score0.0294EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/02 10:3 p.m.14 views

CVE-2026-9096

Casdoor versions 2.362.0 and earlier do not enforce SAML assertion time bounds. The gosaml2 library reports all time-validation results, including NotOnOrAfter and NotBefore, in the assertionInfo.WarningInfo field. However, ParseSamlResponse never reads this field, meaning that time bounds are...

7.5CVSS5.8AI score0.0033EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/02 10:1 p.m.8 views

CVE-2026-27145 Inefficient candidate hostname parsing in crypto/x509

x509.Certificate.VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name SAN entries. This caused strings.Splithost, "." to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number...

5.9AI score0.0065EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/02 8:36 p.m.10 views

EUVD-2026-34032

CloudburstMC Protocol is a protocol library for Minecraft Bedrock Edition. Prior to version 3.0.0.Beta12-20260420.182526-15, CloudburstMC Protocol is partially missing validation for FULL type authentication tokens Cloudburst/Protocol. This vulnerability impacts publicly accessible software...

5.3CVSS5.8AI score0.0014EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/02 8:36 p.m.7 views

CVE-2026-45289 CloudburstMC Protocol: Partially missing validation for FULL type authentication tokens

CloudburstMC Protocol is a protocol library for Minecraft Bedrock Edition. Prior to version 3.0.0.Beta12-20260420.182526-15, CloudburstMC Protocol is partially missing validation for FULL type authentication tokens Cloudburst/Protocol. This vulnerability impacts publicly accessible software...

5.3CVSS5.8AI score0.0014EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/02 8:36 p.m.34 views

CVE-2026-45289 CloudburstMC Protocol: Partially missing validation for FULL type authentication tokens

CloudburstMC Protocol is a protocol library for Minecraft Bedrock Edition. Prior to version 3.0.0.Beta12-20260420.182526-15, CloudburstMC Protocol is partially missing validation for FULL type authentication tokens Cloudburst/Protocol. This vulnerability impacts publicly accessible software...

5.3CVSS0.0014EPSS
Exploits0References1
Rows per page
Query Builder