Lucene search
K

4173 matches found

RedHat Linux
RedHat Linux
added yesterday6 views

Important: Red Hat Security Advisory: compat-openssl11 security update

An update for compat-openssl11 is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity ratin...

8.8CVSS6.9AI score0.02719EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added yesterday3 views

openssl: Heap Use-After-Free in OpenSSL PKCS7_verify()

A flaw was found in OpenSSL. When processing a specially crafted PKCS7 or S/MIME Secure/Multipurpose Internet Mail Extensions signed message, a heap use-after-free vulnerability in the PKCS7verify function can be triggered. This occurs if the SignedData digestAlgorithms field is present as an emp...

8.8CVSS6.2AI score0.02719EPSS
Exploits0References4
Nuclei
Nuclei
added 6 days ago210 views

Rejetto HTTP File Server - Template injection

This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. id: CVE-2024-23692 info: name: Rejetto HTTP File Server - Template injection author: johnk3r severity: critical description: | This...

9.8CVSS7.6AI score0.99485EPSS
Exploits20References2
Nuclei
Nuclei
added 2026/07/07 4:50 p.m.18 views

FortiClient EMS - Authentication Bypass

Detects whether Fortinet hotfix FG-IR-26-099 for CVE-2026-35616 is missing by comparing behavioral responses from a certificate-authenticated endpoint. The template sends X-SSL-CLIENT-VERIFY: SUCCESS without certificate material and checks whether this spoofed header changes server behavior. id:...

9.8CVSS7.4AI score0.88505EPSS
Exploits8References2
RedHat Linux
RedHat Linux
added 2026/07/07 2:35 p.m.6 views

Important: Red Hat Security Advisory: compat-openssl10 security update

An update for compat-openssl10 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabili...

8.8CVSS6AI score0.02719EPSS
Exploits0References2
CVE
CVE
added 2026/07/06 8:36 p.m.12 views

CVE-2026-59713

CVE-2026-59713 (Leantime) describes an OIDC login CSRF vulnerability in the verifyState() method, where the function unconditionally returns true without validating state parameters. This allows attackers to craft malicious callback URLs with attacker-controlled authorization codes to perform ses...

8.6CVSS6AI score0.00153EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/07/06 8:36 p.m.8 views

CVE-2026-59713 Leantime - OIDC Login CSRF via Unconditional State Verification Stub

Leantime contains an OIDC login CSRF vulnerability in the verifyState method that unconditionally returns true without validating state parameters. Attackers can craft malicious callback URLs with attacker-controlled authorization codes to perform session fixation, logging victims in as the...

8.6CVSS6AI score0.00153EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/07/06 8:58 a.m.5 views

openssl: Heap Use-After-Free in OpenSSL PKCS7_verify()

A flaw was found in OpenSSL. When processing a specially crafted PKCS7 or S/MIME Secure/Multipurpose Internet Mail Extensions signed message, a heap use-after-free vulnerability in the PKCS7verify function can be triggered. This occurs if the SignedData digestAlgorithms field is present as an emp...

8.8CVSS6.7AI score0.02719EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.7 views

PT-2026-56015

Name of the Vulnerable Software and Affected Versions Leantime affected versions not specified Description An OIDC login CSRF issue exists in the verifyState function, which unconditionally returns true without validating state parameters. This allows attackers to craft malicious callback URLs...

8.6CVSS6.1AI score0.00153EPSS
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/06 12:0 a.m.3 views

Malicious code in tme-xca-react (npm)

The tme-xca-react package was published to the npm registry by user 'click2ai' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name mimics the internal/private package naming convention of a target organization a 'tme' internal...

6.1AI score
Exploits0References3
Cvelist
Cvelist
added 2026/07/05 5:30 a.m.30 views

CVE-2026-14714 zhayujie chatgpt-on-wechat CowAgent wx Endpoint common.py verify_server missing authentication

A weakness has been identified in zhayujie chatgpt-on-wechat CowAgent 2.1.0. This issue affects the function verifyserver of the file channel/wechatmp/common.py of the component wx Endpoint. This manipulation of the argument wechatmptoken causes missing authentication. The attack may be initiated...

6.9CVSS0.00453EPSS
Exploits0References7
OSV
OSV
added 2026/07/02 7:12 p.m.4 views

GHSA-GG9X-QCX2-XMRH joserfc: HS256/HS384/HS512 verify accepts empty/nil HMAC key (cross-language sibling of CVE-2026-45363)

Summary joserfc.jwt.decode accepts attacker-forged HMAC-signed tokens when the caller-supplied verification key is the empty string or None. HMACAlgorithm.sign and HMACAlgorithm.verify in src/joserfc/rfc7518/jwsalgs.py:62-70 feed whatever OctKey.getopkey... produced into hmac.new..., and...

8.7CVSS5.9AI score
Exploits0References4
OSV
OSV
added 2026/07/01 6:43 p.m.14 views

GHSA-6C87-G9PW-78FX Contrast's Imagepuller registryFor uses unanchored suffix matching, leaking auth credentials and trusted CA configuration to sibling-domain registries

Summary Config.registryFor selected a per-registry credential / CA / mirror block by checking strings.HasSuffixname, fqdn after stripping a single trailing dot. The match has no boundary between the configured FQDN and any preceding characters in the request hostname. A registry configured as...

3.7CVSS5.8AI score
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-11999

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - X.509 trust-chain bypass path-depth exhaustion in the OpenSSL compatibility certificate verifier wolfSSLX509verifycert. This affects only builds with...

8.2CVSS6AI score0.00145EPSS
Exploits0References2
NVD
NVD
added 2026/06/28 2:16 a.m.12 views

CVE-2026-58054

MyBB 1.8.40 does not restrict which usergroup a limited Admin Control Panel user may assign when creating or editing users; the user module offers the Administrators group gid 4 and its datahandler's verifyusergroup unconditionally returns true. An admin holding only the delegated user-management...

8.6CVSS0.00272EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/28 1:32 a.m.9 views

EUVD-2026-39974

MyBB 1.8.40 does not restrict which usergroup a limited Admin Control Panel user may assign when creating or editing users; the user module offers the Administrators group gid 4 and its datahandler's verifyusergroup unconditionally returns true. An admin holding only the delegated user-management...

8.6CVSS5.8AI score0.00272EPSS
Exploits0References2
CVE
CVE
added 2026/06/28 1:32 a.m.41 views

CVE-2026-58054

MyBB 1.8.40 is affected: the limited Admin Control Panel user management can assign the Administrators group (gid 4) because verify_usergroup() unconditionally returns true. This enables escalation from delegated user-management to full Administrator permissions. The issue comes from the user mod...

8.6CVSS5.8AI score0.00272EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/28 12:0 a.m.13 views

PT-2026-53086

Name of the Vulnerable Software and Affected Versions MyBB version 1.8.40 Description An issue exists where users with limited Admin Control Panel ACP access can assign any usergroup to an account during creation or editing. This occurs because the verify usergroup function in the user module...

8.6CVSS5.8AI score0.00272EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-53131

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - netfilter: require Ethernet MAC header before using ethhdr ip6teui64, xtmac, the bitmap:ip,mac, hash:ip,mac, and hash:mac ipset types, and nflogsyslog access...

9.4CVSS6AI score0.00431EPSS
Exploits0References4
OSV
OSV
added 2026/06/26 10:50 p.m.3 views

GHSA-8JGF-23Q5-X7XX ex_aws_sns: Trusted-attacker `SigningCertURL` permits complete SNS signature bypass

Summary ExAws.SNS.verifymessage/1 fetches the signing certificate from the SigningCertURL field of the incoming SNS message without validating that the URL uses HTTPS or that its host is an AWS-owned SNS certificate domain. An unauthenticated attacker who can POST to any endpoint that calls...

8.7CVSS6AI score0.00226EPSS
Exploits0References6
Rows per page
Query Builder