Lucene search
K

4639 matches found

Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.20 views

PT-2026-50019

Name of the Vulnerable Software and Affected Versions JD Edwards EnterpriseOne Tools versions 9.2.0.0 through 9.2.26.2 Description An issue exists in the Web Runtime Security component of JD Edwards EnterpriseOne Tools. An unauthenticated attacker with network access via HTTP can compromise the...

9.3CVSS5.9AI score0.00262EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/15 9:30 p.m.9 views

EUVD-2026-36797

In Spring Cloud Sleuth, it is possible for a user to provide specially crafted calls that may cause a denial-of-service DoS condition. The application is vulnerable when it uses a vulnerable version of org.springframework.cloud:spring-cloud-sleuth-instrumentation and Spring TX instrumentation is...

7.5CVSS5.2AI score0.00278EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/06/15 8:20 p.m.5 views

NPM: Electron: Buffer performs incorrect byte length calculations resulting in heap buffer under/overflow

NPM: Electron: Buffer performs incorrect byte length calculations resulting in heap buffer under/overflow vulnerability discovered by ? in WordPress Npm electron versions = 42.3.1, 42.3.3...

9.3CVSS6AI score0.00253EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/06/15 8:16 p.m.10 views

CVE-2026-41708

In Spring Cloud Sleuth, it is possible for a user to provide specially crafted calls that may cause a denial-of-service DoS condition. The application is vulnerable when it uses a vulnerable version of org.springframework.cloud:spring-cloud-sleuth-instrumentation and Spring TX instrumentation is...

7.5CVSS0.00278EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/15 12:42 p.m.9 views

CVE-2026-5233 Missing Rate Limiting in Mia Technologies' Pizzy Library

Improper Control of Interaction Frequency vulnerability in MIA Technology Inc. Pizzy Library allows Flooding. This issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26250...

7.1CVSS5.2AI score0.00205EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/12 9:3 p.m.34 views

CVE-2026-53520 Nezha Monitoring: Authenticated users can claim the dashboard Host through NAT and preempt all dashboard routing

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 2.0.14 to before version 2.1.0, authenticated users can claim the dashboard Host through NAT and preempt all dashboard routing. This issue has been patched in version 2.1.0...

6.5CVSS0.00282EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/12 8:52 p.m.34 views

CVE-2026-4870 Qiskit SDK is vulnerable to specific functions may recurse too deeply and overflow the available stack space, when encountering certain classical expressions.

IBM Qiskit SDK 0.43.0 through 2.5.0 could allow an attacker to trigger a segmentation fault leading to a denial of service due to uncontrolled recursion in the parser...

7.5CVSS0.00268EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 2:10 p.m.15 views

CVE-2026-6211

CVE-2026-6211 affects Global IT Informatics Services Inc. WEOLL (2.0.9 prior to 3.2.45.33). Root cause: unrestricted upload of files with dangerous types, with ACLs not properly constraining the accessed functionality. Impact: high confidentiality and integrity risk (network-based, low privileges...

8.7CVSS5.3AI score0.0021EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 2:10 p.m.12 views

EUVD-2026-36437

Unrestricted upload of file with dangerous type vulnerability in Global IT Informatics Services Inc. WEOLL allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WEOLL: from 2.0.9 before 3.2.45.33...

8.7CVSS5.2AI score0.0021EPSS
Exploits0References1
GitLab Advisory Database
GitLab Advisory Database
added 2026/06/12 12:0 a.m.9 views

SwiftNIO: Out-of-bounds write via ByteBuffer index and length UInt32 overflow

A program using swift-nio is vulnerable to a potential out-of-bounds write when attacker-controlled index or length values exceeding UInt32.max are passed to some ByteBuffer methods. This affects all swift-nio versions from 1.0.0 to 2.99.0. It is fixed in 2.100.0 and later releases...

5.2AI score0.00042EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/06/11 2:47 p.m.31 views

CVE-2026-3341 IBM Langflow Desktop 1.0.0 - 1.9.2 DNS Rebinding Bypasses SSRF Protection Allowing Access to Internal Services

IBM Langflow Desktop 1.0.0 through 1.9.2 IBM Langflow is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

5.4CVSS0.00138EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/11 2:41 p.m.10 views

CVE-2026-7787 Unauthenticated Session History Access via Public Flow Execution

IBM Langflow OSS 1.0.0 through 1.9.1 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references...

7.5CVSS5.5AI score0.00248EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/11 12:28 p.m.10 views

EUVD-2026-36238

Improper neutralization of special elements used in an expression language statement 'expression language injection' vulnerability in Soagen Informatics Technologies Software and Consulting Inc. Apinizer allows Code Injection. This issue affects Apinizer: from 2026.04.0 before 2026.04.6...

5.3CVSS5.5AI score0.00417EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.19 views

PT-2026-48671

Name of the Vulnerable Software and Affected Versions IBM Langflow Desktop versions 1.0.0 through 1.9.2 Description IBM Langflow is susceptible to server-side request forgery SSRF, a flaw where the server can be coerced into making requests to an unintended location. This issue can be triggered v...

5.4CVSS5.9AI score0.00138EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/10 2:59 p.m.11 views

CVE-2026-2638

A vulnerability in the quarantine and restore workflow of the X-VPN macOS website versions 77.0 through 77.5 allow a local attacker to leverage a race condition and symlink manipulation to achieve privileged file corruption...

7.3CVSS5.4AI score0.00085EPSS
Exploits0References1
OSV
OSV
added 2026/06/10 8:39 a.m.11 views

BIT-APACHE-2026-42536 Apache HTTP Server: mod_xml2enc heap overflow

Heap-based Buffer Overflow vulnerability in Apache HTTP Server with modxml2enc, xml2StartParse, and untrusted content This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

7.5CVSS5.4AI score0.0071EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/06/10 2:27 a.m.10 views

SUSE CVE-2026-44186

Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in the modproxyftp module in Apache HTTP Server with an attacker controlled backend FTP server. This issue affects undefined: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

6.5CVSS5.4AI score0.00562EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/10 12:31 a.m.10 views

EUVD-2026-35892

Spring Data MongoDB repository query methods annotated with @Query that use regex parameter binding perform insufficient validation of the bound parameter. An attacker can supply a crafted string to break out of the intended regular expression quoting. Affected versions: Spring Data MongoDB 5.0.0...

5.9CVSS5.5AI score0.00262EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.16 views

PT-2026-48533

🚨 CVE-2026-42542 TDengine is an open source, time-series database optimized for Internet of Things devices. In versions 3.4.0.0 through 3.4.1.5, an unauthenticated remote attacker can crash the taosd server process by sending a single crafted RPC packet. No credentials or prior session state are...

7.5CVSS5.3AI score0.00539EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

SpiceDB 授权问题漏洞

SpiceDB is a fine-grained permission database developed by the Authzed team. In versions 1.15.0 to 1.52.0 of SpiceDB, there was an authorization vulnerability. This vulnerability stemmed from the caveat structure, which contained nested lists, potentially leading to improper caching reuse...

2.3CVSS5.3AI score0.00276EPSS
Exploits0References1
Rows per page
Query Builder