Lucene search
K

4639 matches found

CVE
CVE
added 2026/06/25 3:24 p.m.18 views

CVE-2026-57454

Vim vulnerability CVE-2026-57454 affects 9.2.0320–9.2.0679. A crafted undo or swap file can store a virtual-text property with offset/length outside the line’s property data. On restore/display, Vim converts the offset to a pointer and reads the virtual text without bounds checking, causing an ou...

6.8CVSS5.8AI score0.00119EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/25 1:17 p.m.5 views

CVE-2026-54836

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in YMC Filter allows SQL Injection. This issue affects YMC Filter: from n/a through 3.11.5...

9.3CVSS5.9AI score0.00229EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/25 8:0 a.m.32 views

CVE-2026-46752 Apache Kvrocks: Stack buffer overflow in Lua bit.tohex()

Redis Lua HEAP overflow in cjson library vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from 2.0.4 through 2.15.0. Users are recommended to upgrade to version 2.16.0, which fixes the issue...

10CVSS0.00395EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 7:59 a.m.26 views

CVE-2026-54226 Apache Kvrocks: RESTORE IntSet Integer Overflow Leads to Remote DoS

A vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from 2.6.0 through 2.15.0. Users are recommended to upgrade to version 2.16.0, which fixes the issue...

6.4CVSS0.00349EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 7:59 a.m.8 views

CVE-2026-54226

CVE-2026-54226 — Apache Kvrocks (RESTORE IntSet Integer Overflow) * Affects Kvrocks versions 2.6.0 through 2.15.0. The entry title indicates an integer overflow in RESTORE IntSet that can lead to a remote DoS. The fix is to upgrade to version 2.16.0. No exploitation details or in-the-wild status ...

6.4CVSS5.8AI score0.00349EPSS
Exploits0References2
CVE
CVE
added 2026/06/25 4:34 a.m.108 views

CVE-2026-3176

GitLab EE contained a vulnerability CVE-2026-3176 where an authenticated user with limited permissions could access project information due to insufficient authorization checks. Affected releases: GitLab EE 18.6 up to but not including 18.11.6; 19.0 up to but not including 19.0.3; 19.1 up to but ...

3.1CVSS5.9AI score0.00182EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.9 views

PT-2026-52504

Name of the Vulnerable Software and Affected Versions socat versions 1.8.0.0 through 1.8.1.1 Description A heap-based buffer overflow exists in the SOCKS5 DOMAINNAME reply parser during proxy connection setup. The issue stems from a sign-extension flaw where the domain name length byte is read as...

9.8CVSS6.6AI score0.00308EPSS
Exploits0References21
CVE
CVE
added 2026/06/24 9:26 p.m.13 views

CVE-2026-52794

Sentry CVE-2026-52794 describes a ReDoS in the event ingestion pipeline affecting versions from 24.4.0 through 26.5.2, where a regex on attacker-controlled fields can cause excessive CPU time. The flaw has a CVSSv3.1 base score of 7.5 (High) with network attack vector and no privileges required. ...

7.5CVSS5.8AI score0.00267EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-54517

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.21.0 until 2.21.4 and 3.1.4, in...

5.3CVSS6.1AI score0.00237EPSS
Exploits0References4
CVE
CVE
added 2026/06/23 7:26 p.m.30 views

CVE-2026-54326

Pi HTML exports in Pi (pi-coding-agent) from versions 0.74.0–0.78.0 do not consistently reject unsafe Markdown link and image URL schemes, with C0 control characters in the URL scheme able to bypass checks. This can lead to a Cross-Site Scripting (XSS) risk in the exported static HTML if untruste...

2.5CVSS5.8AI score0.00132EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/23 6:10 p.m.46 views

CVE-2026-54321 Daytona: Public sandbox previews remain accessible for up to one hour after being made private

Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. From 0.101.0 until 0.184.0, sandbox previews that were switched from public to private could remain reachable without authentication for a short period after the change, due to a cached...

7CVSS0.00249EPSS
Exploits0References1
NVD
NVD
added 2026/06/23 4:16 p.m.11 views

CVE-2025-62180

Pega Platform versions 8.3.0 through Infinity 25.1.2 are affected by an authorization weakness that may allow authenticated users to access certain additional data via crafted URLs...

7.1CVSS0.00215EPSS
Exploits0References2
OSV
OSV
added 2026/06/23 2:37 p.m.6 views

BIT-APISIX-2026-49230 Apache APISIX: Authentication bypass in jwe-decrypt

Improper Validation of Integrity Check Value vulnerability in Apache APISIX. The jwe-decrypt plugin under default configuration is vulnerable to authentication bypass. This issue affects Apache APISIX: from 3.8.0 through 3.16.0. Users are recommended to upgrade to version 3.17.0, which fixes the...

9.1CVSS5.8AI score0.00224EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/06/22 2:47 p.m.4 views

CVE-2026-9071

IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory...

7.5CVSS5.9AI score0.00314EPSS
Exploits0References2Affected Software2
CVE
CVE
added 2026/06/22 2:31 p.m.7 views

CVE-2023-33854

IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data are affected (versions 4.8, 5.0, 5.1, 5.2, 5.3). The issue allows an authenticated user to bypass client-side validation and manipulate input data via man-in-the-middle techniques. Underlying impact is HIGH for integrity, with ...

5.3CVSS5.9AI score0.00188EPSS
Exploits0References1Affected Software2
NVD
NVD
added 2026/06/22 2:16 p.m.12 views

CVE-2026-10561

IBM Langflow OSS 1.0.0 through 1.9.3 has an vulnerability due to an improper isolation of Python execution combined with an authentication bypass that allows an unauthenticated attacker to execute arbitrary code on the host system, resulting in complete compromise...

10CVSS0.00502EPSS
Exploits0References1
CVE
CVE
added 2026/06/22 2:10 p.m.14 views

CVE-2026-7664

Summary: IBM Langflow OSS versions 1.0.0–1.8.4 are affected by an unauthenticated access issue due to improper authorization enforcement on the Streamable MCP transport endpoint, potentially allowing access to protected MCP project resources and execution of MCP operations. Affected products/vers...

9.8CVSS5.9AI score0.00277EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.21 views

PT-2026-51172

Name of the Vulnerable Software and Affected Versions vLLM versions 0.10.2 through 0.12.x Description Multimodal embeddings processing lacks sparse tensor validation. Since PyTorch disables sparse tensor invariant checks by default, an attacker can submit crafted embedding requests containing...

8.8CVSS5.9AI score0.00352EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/19 8:23 p.m.10 views

CVE-2026-48794

Authelia is an open-source authentication and authorization server providing two-factor authentication and single sign-on SSO for applications via a web portal. In versions 4.36.0 through 4.39.19, due to lack of canonicalization of domains in very specific edge cases, an access control rule may b...

2.3CVSS5.8AI score0.00283EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/06/19 4:16 p.m.16 views

CVE-2026-12619

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Microchip GridTime 3000 allows Cross-Site Scripting XSS. This issue affects GridTime 3000: from 1.0r0.03 through 1.1r0.0...

5.4CVSS0.00136EPSS
Exploits0References1
Rows per page
Query Builder