Lucene search
K

1754 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:10 p.m.8 views

CVE-2026-8633

IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSphere Application Server and WebSphere Application Server Liberty are vulnerable to remote code execution in the Web Server Plug-ins, through a specially crafted request...

9.8CVSS6.3AI score0.00847EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/05 12:0 a.m.7 views

Suricata 8.x < 8.0.5 Multiple Vulnerabilities

The version of OISF Suricata installed on the remote host is 8.x prior to 8.0.5. It is, therefore, affected by multiple vulnerabilities, including: - LDAP transaction state could store an unbounded number of responses. Because LDAP can be processed over UDP, crafted traffic may cause Suricata to...

5.6AI score0.00086EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 2026/06/01 5:59 p.m.7 views

CVE-2026-9319 IBM WebSphere Application Server is affected by a remote code execution vulnerability

IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to potential remote code execution due to deserialization of untrusted data via JAX-WS endpoints with WS-Security...

9CVSS6.5AI score0.00441EPSS
Exploits0References1
CVE
CVE
added 2026/06/01 5:49 p.m.60 views

CVE-2026-9311

IBM WebSphere Application Server 9.0 and 8.5 are affected by a remote code execution vulnerability (CVE-2026-9311) caused by bypassing security controls. The IBM bulletin assigns CVSS v3.1 base score 9.0 (CRITICAL) with network attack vector, high attack complexity, no privileges required, and re...

9CVSS6.4AI score0.00489EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/01 5:46 p.m.29 views

CVE-2026-8644 IBM WebSphere Application Server is affected by an identity spoofing vulnerability

IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to identity spoofing...

9.1CVSS0.00318EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/01 4:51 p.m.9 views

CVE-2026-45278 Nextcloud: Open Redirect in user_oidc login flow via protocol-relative URL bypass

Nextcloud is an open source content collaboration platform. From version 6.1.0 to before version 8.2.2, an attacker can craft links that would redirect users to another website, when the victim uses the attackers link to log in via user OIDC. This issue has been patched in version 8.2.2...

3.3CVSS5.7AI score0.00232EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/01 4:51 p.m.10 views

EUVD-2026-33704

Nextcloud is an open source content collaboration platform. From version 6.1.0 to before version 8.2.2, an attacker can craft links that would redirect users to another website, when the victim uses the attackers link to log in via user OIDC. This issue has been patched in version 8.2.2...

3.3CVSS5.7AI score0.00232EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/01 3:33 a.m.46 views

CVE-2026-48187 Email with special content can lead to DoS

An uncontrolled allocation of resources without limits or throttling in the e-mail handling in OTRS allows excessive allocation which may lead to the abortion of the webserver.This issue affects OTRS: 8.0.X 2023.X 2024.X 2025.X 2026.X before 2026.4.X Please note that OTRS Community Edition 6.x,...

5.7CVSS0.00201EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/01 3:32 a.m.13 views

EUVD-2026-33550

An incorrect handling of permissions in OTRS External Interface and the ConfigItem List module allows an authenticated customer to query the system for CI information. Please note that CMDB has to be anabled and CustomerGroupSupport has to be used to be affected. This issue affects OTRS: 7.0.X...

3.5CVSS5.8AI score0.00143EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.22 views

PT-2026-45528

Name of the Vulnerable Software and Affected Versions Nextcloud versions 1.3.6 through 8.3.x Description An improper check in the authentication process allows users provided by LDAP to continue authenticating via user OIDC even after they have been deleted. Recommendations Update to version 8.4....

8.8CVSS5.8AI score0.00193EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/05/29 1:20 a.m.13 views

SUSE CVE-2026-45104

MapServer is a system for developing web-based GIS applications. From 6.4.0 to before 8.6.3, msSLDParseUserStyle always calls SLDApplyRuleValuespsRule, psLayer, 1; for any carrying - it assumes msSLDParseRule added one class. When the rule has no symbolizer a structurally valid SLD, msSLDParseRul...

7.5CVSS5.8AI score0.0032EPSS
Exploits1References3
CVE
CVE
added 2026/05/28 3:20 p.m.50 views

CVE-2026-47761

Summary: CVE-2026-47761 is a stored XSS vulnerability in TinyMCE’s media plugin, triggered by crafted data-mce-* attributes during content rendering. Affected software: TinyMCE (open source rich text editor); affected version range prior to 5.11.1, 7.9.3, and 8.5.1. Root cause/Vector: Media plugi...

8.7CVSS5.8AI score0.00223EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/27 8:14 p.m.11 views

CVE-2026-44833

Snipe-IT is an IT asset/license management system. Prior to 8.4.1, an open redirect vulnerability in Snipe-IT allows attackers to redirect users to malicious sites via unvalidated HTTP Referer header stored in session variable. This vulnerability is fixed in 8.4.1...

7.1CVSS5.8AI score0.00163EPSS
Exploits0References1
NVD
NVD
added 2026/05/26 8:16 p.m.20 views

CVE-2026-44831

Snipe-IT is an IT asset/license management system. Prior to 8.4.1, users with component view access could be impacted by an unescaped notes column, resulting in cross-site scripting XSS. This vulnerability is fixed in 8.4.1...

5.4CVSS0.00218EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/26 7:29 p.m.31 views

CVE-2026-44832 Snipe-IT: Privilege Escalation via API Permissions Assignment

Snipe-IT is an IT asset/license management system. Prior to 8.4.1, aAn authenticated user with only users.edit permission can escalate their own privileges to admin by sending a PATCH request to /api/v1/users/id with permissionsadmin=1. The API controller only strips the superuser key from the...

7.1CVSS0.00314EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/26 7:27 p.m.34 views

CVE-2026-44831 Snipe-IT: XSS vulnerability in component notes

Snipe-IT is an IT asset/license management system. Prior to 8.4.1, users with component view access could be impacted by an unescaped notes column, resulting in cross-site scripting XSS. This vulnerability is fixed in 8.4.1...

4.8CVSS0.00218EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/26 5:10 p.m.15 views

EUVD-2026-31917

IBM HTTP Server 8.5, and 9.0 contains a buffer overflow vulnerability. A privileged user, authenticated to the Administration Server, could exploit this vulnerability to execute remote code or cause a denial of service...

8CVSS6.4AI score0.0026EPSS
Exploits0References1
CVE
CVE
added 2026/05/26 4:58 p.m.36 views

CVE-2026-8855

IBM HTTP Server versions 8.5 and 9.0 are affected by CVE-2026-8855, with remote code execution and denial of service when TLS mutual authentication is configured. The issue is documented by IBM and reflected in NVD with high-severity vectors (NETWORK, no user interaction). The IBM PSIRT bulletin ...

9.8CVSS6.5AI score0.00456EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/26 4:58 p.m.10 views

CVE-2026-8854 IBM HTTP Server is affected by multiple vulnerabilities

IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module modmemcache...

7.5CVSS5.8AI score0.00359EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.12 views

IBM HTTP Server 资源管理错误漏洞

IBM HTTP Server is an enterprise-level web server software developed by International Business Machines IBM. Versions 8.5 and 9.0 of IBM HTTP Server contain resource management vulnerabilities that can lead to denial-of-service attacks when attackers have permission to write to certain server...

9.1CVSS5.8AI score0.00197EPSS
Exploits0References1
Rows per page
Query Builder