Lucene search
K

601 matches found

ATTACKERKB
ATTACKERKB
added 6 days ago6 views

CVE-2026-59148

Mockoon provides way to design and run mock APIs. Prior to 9.7.0, Mockoon's admin API in commons-server/src/libs/server/admin-api.ts is mounted on the same Express listener as user-defined mock routes, enabled by default in shipped runtimes, serves Access-Control-Allow-Origin: with write methods...

8.8CVSS6AI score0.00173EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 6 days ago9 views

EUVD-2026-42468

A flaw has been found in davenardella snap7 up to 1.4.3. This affects the function TS7Worker::PerformFunctionRead of the file src/core/s7server.cpp of the component ReadVar Request Handler. This manipulation causes deserialization. The attack requires access to the local network. The exploit has...

6.3CVSS5.5AI score0.00285EPSS
Exploits0References8
OSV
OSV
added 2026/07/07 12:0 a.m.2 views

CVE-2026-50811

An out-of-bounds read vulnerability exists in FreeType 2.14.3 and versions before commit 5a280ecde6f324de0d226261036e736e0cb49a71 in src/truetype/ttgxvar.c, in the TTGetVarDesign implementation used by FTGetVarDesignCoordinates...

6.5CVSS6.1AI score0.00278EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.7 views

PT-2026-56283

Name of the Vulnerable Software and Affected Versions FreeType versions prior to commit 5a280ecde6f324de0d226261036e736e0cb49a71 Description An out-of-bounds read occurs in the TT Get Var Design implementation, which is utilized by FT Get Var Design Coordinates. This issue is located within the...

6.5CVSS6.1AI score0.00278EPSS
Exploits0References12
Debian CVE
Debian CVE
added 2026/07/07 12:0 a.m.5 views

CVE-2026-50811

An out-of-bounds read vulnerability exists in FreeType 2.14.3 and versions before commit 5a280ecde6f324de0d226261036e736e0cb49a71 in src/truetype/ttgxvar.c, in the TTGetVarDesign implementation used by FTGetVarDesignCoordinates...

6.5CVSS6AI score0.00278EPSS
Exploits0
OSV
OSV
added 2026/07/01 7:14 p.m.5 views

CVE-2026-54164 API Platform Core: Missing IRI type check enables resource type confusion

API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. In versions prior to 4.1.30, 4.2.26 and 4.3.12, the serializer's AbstractItemNormalizer does not validate the resource type returned when resolving relation IRIs, allowing type confusion where a resource of an...

6.5CVSS5.9AI score0.00195EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/01 7:14 p.m.33 views

CVE-2026-54164 API Platform Core: Missing IRI type check enables resource type confusion

API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. In versions prior to 4.1.30, 4.2.26 and 4.3.12, the serializer's AbstractItemNormalizer does not validate the resource type returned when resolving relation IRIs, allowing type confusion where a resource of an...

6.5CVSS0.00195EPSS
Exploits0References1
Fedora
Fedora
added 2026/07/01 1:22 a.m.7 views

[SECURITY] Fedora 43 Update: varnish-modules-0.26.0-4.fc43

This is a collection of modules "vmods" extending Varnish VCL used for describing HTTP request/response policies with additional capabilities. This collection contains the following vmods: bodyaccess, header, saintmode, tcp, var, vsthrottle, xkey...

7.5CVSS7.4AI score0.0351EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.9 views

Oracle Linux 9 : golang (ELSA-2026-22121)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-22121 advisory. 1.26.3-1.0.1 - EXPERIMENTAL: Introduce fipsnoenforceems GODEBUG var 1.26.3-1 - Update to Go 1.26.3 fips-1 - Resolves: RHEL-175607 Tenable has extracte...

7.5CVSS6AI score0.00813EPSS
Exploits0References12
Github Security Blog
Github Security Blog
added 2026/06/19 6:31 a.m.7 views

Canonical MicroCeph: path traversal issue in the remote-import AP

Canonical MicroCeph versions from the squid and tentacle track are vulnerable to a path traversal issue in the remote-import API. Holders of a trusted cluster mTLS certificate such as enrolled cluster members or join token can manipulate files in an imported remote cluster within the...

5CVSS5.9AI score0.00208EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/06/19 4:57 a.m.12 views

EUVD-2026-37990

Canonical MicroCeph versions from the squid and tentacle track are vulnerable to a path traversal issue in the remote-import API. Holders of a trusted cluster mTLS certificate such as enrolled cluster members or join token can manipulate files in an imported remote cluster within the...

5CVSS5.9AI score0.00208EPSS
Exploits0References1
CVE
CVE
added 2026/06/18 7:26 p.m.18 views

CVE-2026-48980

The PAM module pam_usb is affected by a local-access vulnerability in earlier releases (pre-0.9.2) where getenv() in a PAM context returns attacker-controlled values for XRDP_SESSION, DISPLAY, and TMUX when the environment is manipulated by a local user. These values influence local-vs-remote ses...

6.3CVSS5.3AI score0.00127EPSS
Exploits0References2
Fedora
Fedora
added 2026/06/13 1:13 a.m.10 views

[SECURITY] Fedora 44 Update: varnish-modules-0.27.0-4.fc44

This is a collection of modules "vmods" extending Varnish VCL used for describing HTTP request/response policies with additional capabilities. This collection contains the following vmods: bodyaccess, header, saintmode, tcp, var, vsthrottle, xkey...

5.4AI score
Exploits0
OSV
OSV
added 2026/06/12 6:46 p.m.5 views

OPENSUSE-SU-2026:20962-1 Security update for cyrus-imapd

This update for cyrus-imapd fixes the following issues: Changes in cyrus-imapd: - cyrus-imapd don't start because of missing "Requires=var-run.mount" from systemd bsc1251788 Remove var-run.mount from Requires and After - update to version 3.8.6 bugfix release VUL-0: CVE-2025-49812: cyrus-imapd:...

9.8CVSS7.2AI score0.00516EPSS
Exploits0References6
NVD
NVD
added 2026/06/11 7:16 p.m.10 views

CVE-2026-46519

mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Prior to version 3.6.0, mcp-server-kubernetes exposes three environment variables ALLOWONLYREADONLYTOOLS, ALLOWONLYNONDESTRUCTIVETOOLS, ALLOWEDTOOLS documented as access controls for restricting which...

8.8CVSS0.00376EPSS
Exploits0References2
CVE
CVE
added 2026/06/02 10:35 p.m.48 views

CVE-2026-32625

LibreChat vulnerability CVE-2026-32625 affects versions up to 0.8.3 where MCP server URL validation expands ${VAR} against process.env during Zod schema checks. An authenticated user can configure a malicious MCP URL to exfiltrate secrets (CREDS_KEY, CREDS_IV, JWT_SECRET, MONGO_URI) to an attacke...

9.6CVSS5.8AI score0.0294EPSS
Exploits1References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/05/26 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-48846

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, the remote image blocking feature can be bypassed via a crafted CSS var value in an e-mail...

6.5CVSS5.8AI score0.00405EPSS
Exploits0References2
OSV
OSV
added 2026/05/25 8:16 p.m.8 views

DEBIAN-CVE-2026-48846

In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, the remote image blocking feature can be bypassed via a crafted CSS var value in an e-mail message, which may lead to information disclosure or access-control bypass...

6.5CVSS5.8AI score0.00405EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/25 7:21 p.m.8 views

CVE-2026-48846

In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, the remote image blocking feature can be bypassed via a crafted CSS var value in an e-mail message, which may lead to information disclosure or access-control bypass...

6.5CVSS5.8AI score0.00405EPSS
Exploits0References6Affected Software1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in exim4

Exim 4 before 4.94.2 allowed execution with unnecessary privileges. Since Exim operates as root in the spool directory owned by a non-root user, an attacker could write to the /var/spool/exim4/input spool header file. A crafted recipient address in that file could indirectly lead to command...

7.8CVSS7.9AI score0.00404EPSS
Exploits3References1
Rows per page
Query Builder