Lucene search
K

1754 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/05/08 3:35 a.m.15 views

Security Bulletin: Multiple security vulnerabilities has been identified in IBM WebSphere Application Server shipped with Tivoli Netcool/OMNIbus WebGUI - April 2026 Java CPU

Summary Websphere Application Server WAS is shipped as a component of Tivoli Netcool/OMNIbus WebGUI. Information about security vulnerabilities affecting WAS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

5.7AI score
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/07 2:20 p.m.6 views

CVE-2026-42509

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Wicket. This issue affects Apache Wicket: from 8.0.0 through 8.17.0, 9.0.0, from 10.0.0 through 10.8.0. Users are recommended to upgrade to version 10.9.0, which fixes the issue...

6.1CVSS5.8AI score0.00357EPSS
Exploits0References1
OSV
OSV
added 2026/05/07 11:43 a.m.3 views

BIT-KEYDB-2026-25243 redis-server RESTORE invalid memory access may allow remote code execution

Redis is an in-memory data structure store. In versions of redis-server up to 8.6.3, the RESTORE command does not properly validate serialized values. An authenticated attacker with permission to execute RESTORE can supply a crafted serialized payload that triggers invalid memory access and may...

8.8CVSS6.2AI score0.02995EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/07 4:12 a.m.7 views

CVE-2026-8063 Post-auth null pointer dereference when aggregating against a view with empty search pipeline

An authenticated user can crash mongod when running $rankFusion or $scoreFusion with an empty pipeline on a view. When resolving a view, the server inspects the aggregation pipeline to determine whether it begins with an Atlas Search stage. For $rankFusion and $scoreFusion, this inspection reads...

7.1CVSS5.8AI score0.0023EPSS
Exploits0References1
MongoDB
MongoDB
added 2026/05/07 4:12 a.m.9 views

Post-auth null pointer dereference when aggregating against a view with empty search pipeline

An authenticated user can crash mongod when running $rankFusion or $scoreFusion with an empty pipeline on a view. When resolving a view, the server inspects the aggregation pipeline to determine whether it begins with an Atlas Search stage. For $rankFusion and $scoreFusion, this inspection reads...

7.1CVSS5.8AI score0.0023EPSS
Exploits0References1Affected Software1
Snyk
Snyk
added 2026/05/07 1:15 a.m.7 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the downloadFrom and webhook processes. An attacker can access internal network resources and potentially exfiltrate sensitive information or interact with internal-only services by supplying special...

9.4CVSS5.8AI score0.00352EPSS
Exploits1References2
Fedora
Fedora
added 2026/05/07 1:9 a.m.48 views

[SECURITY] Fedora 43 Update: nano-8.5-3.fc43

GNU nano is a small and friendly text editor...

5.5CVSS5.8AI score0.00108EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2026/05/07 12:57 a.m.24 views

Gotenberg has a Server-Side Request Forgery (SSRF) Issue

Summary The SSRF hardening shipped in v8.31.0 only covers outbound URLs that Gotenberg's Go code handles — Chromium asset fetches, webhook delivery, and download-from. The LibreOffice conversion endpoint /forms/libreoffice/convert passes uploaded documents directly to LibreOffice without inspecti...

8.2CVSS5.9AI score0.00245EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.22 views

PT-2026-38381

Name of the Vulnerable Software and Affected Versions Gotenberg versions prior to 8.30.0 Description The ExifTool metadata write blocklist can be bypassed using group-prefix syntax, allowing an attacker to perform arbitrary file rename, move, hardlink, and symlink creation on the server. The...

8.2CVSS5.9AI score0.0029EPSS
Exploits1References9
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.31 views

Gotenberg 参数注入漏洞

Gotenberg is an open-source, developer-friendly API developed by Gotenberg. It is used to convert various document formats into PDF files. Versions of Gotenberg 8.30.1 and earlier contained a parameter injection vulnerability. This vulnerability stemmed from the fact that the metadata writing...

10CVSS5.9AI score0.00611EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-23479

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Redis is an in-memory data structure store. In redis-server from 7.2.0 until 8.6.3, the unblock client flow does not handle an error return from...

8.8CVSS6.4AI score0.01286EPSS
Exploits4References3
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.31 views

Linux Distros Unpatched Vulnerability : CVE-2026-25243

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Redis is an in-memory data structure store. In versions of redis-server up to 8.6.3, the RESTORE command does not properly validate serialized values. An...

8.8CVSS5.8AI score0.02995EPSS
Exploits0References3
OSV
OSV
added 2026/05/05 5:17 p.m.4 views

ALPINE-CVE-2026-23631

Redis is an in-memory data structure store. In all versions of redis-server with Lua scripting, an authenticated attacker can exploit the master-replica synchronization mechanism to trigger a use-after-free on replicas where replica-read-only is disabled or can be disabled, which may lead to remo...

8.1CVSS6.1AI score0.01782EPSS
Exploits0References1
CVE
CVE
added 2026/05/05 4:39 p.m.46 views

CVE-2026-23631

CVE-2026-23631 affects the Redis server when using Lua scripting. An authenticated attacker can abuse the master–replica synchronization to trigger a use-after-free on replicas with replica-read-only disabled (or that can be disabled), potentially enabling remote code execution. The issue is miti...

8.8CVSS6.1AI score0.01782EPSS
Exploits0References11Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/05 4:39 p.m.2 views

CVE-2026-23631

Redis is an in-memory data structure store. In all versions of redis-server with Lua scripting, an authenticated attacker can exploit the master-replica synchronization mechanism to trigger a use-after-free on replicas where replica-read-only is disabled or can be disabled, which may lead to remo...

6.1CVSS6.1AI score0.01782EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2026/05/05 3:16 p.m.11 views

WordPress Mercado Pago payments for WooCommerce plugin <= 8.7.11 - Missing Authorization to Unauthenticated PIX Payment QR Code Image Disclosure vulnerability

Missing Authorization to Unauthenticated PIX Payment QR Code Image Disclosure vulnerability discovered by Muhammad Sharief in WordPress Plugin Mercado Pago payments for WooCommerce versions = 8.7.11...

5.3CVSS5.8AI score0.00499EPSS
Exploits0References1Affected Software1
RedHat Linux
RedHat Linux
added 2026/05/02 12:23 a.m.6 views

Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: curl: curl-8.20.0-0.1.hum1 aarch64, x8664 libcurl-8.20.0-0.1.hum1 aarch64, x8664 libcurl-devel-8.20.0-0.1.hum1 aarch64, x8664 libcurl-minimal-8.20.0-0.1.hum1 aarch64, x8664 curl-8.20.0-0.1.hum1.s...

7.5CVSS5.8AI score0.00639EPSS
Exploits6References8
Debian CVE
Debian CVE
added 2026/04/30 1:16 p.m.7 views

CVE-2026-7246

Pallets Click, versions 8.3.2 and below, contain a command injection vulnerability in the click.edit function, allowing attackers to pass arbitrary OS commands from an unprivileged account...

7.2CVSS5.9AI score0.0081EPSS
Exploits1
EUVD
EUVD
added 2026/04/30 1:16 p.m.6 views

EUVD-2026-26375

Pallets Click, versions 8.3.2 and below, contain a command injection vulnerability in the click.edit function, allowing attackers to pass arbitrary OS commands from an unprivileged account...

7.2CVSS5.5AI score0.0081EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/04/29 4:47 p.m.4 views

CVE-2026-6914 MD5 checksum creation may cause availability loss

Computing the MD5 checksum of a malformed BSON object under specific conditions may cause loss of availability in MongoDB server. This issue affects all MongoDB Server v8.2 versions, all MongoDB Server v8.1 versions, MongoDB Server v8.0 versions prior to 8.0.21, MongoDB Server v7.0 versions prior...

7.1CVSS5.2AI score0.00255EPSS
Exploits0References1
Rows per page
Query Builder