Lucene search
K

275 matches found

EUVD
EUVD
added 4 days ago5 views

EUVD-2026-41458

In exception circumstances, WatchGuard Fireware OS on a FireCluster may use a hard-coded encryption key to encrypt saved credentials for Access Portal resources. This vulnerability affects Fireware OS 12.1 up to and including 12.12 and 2025.1 up to and including 2026.2. This vulnerability does no...

5.9CVSS5.7AI score0.00162EPSS
Exploits0References2
CBLMariner
CBLMariner
added 2026/06/22 9:21 p.m.7 views

CVE-2026-45835 affecting package kernel for versions less than 6.6.141.1-1

CVE-2026-45835 affecting package kernel for versions less than 6.6.141.1-1. An upgraded version of the package is available that resolves this issue...

5.5CVSS6.5AI score0.00123EPSS
Exploits0
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in openjdk-11

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition products of Oracle Java SE component: Hotspot. The supported versions affected by this vulnerability are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK:...

3.7CVSS6.1AI score0.01257EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in bind9

The DNS message parsing code in named includes a section whose computational complexity is excessively high. This does not cause problems for typical DNS traffic, but crafted queries and responses may lead to excessive CPU load on the affected named instance by exploiting this flaw. This issue...

7.5CVSS6.7AI score0.01327EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Apache2

A carefully crafted request body can cause a buffer overflow in the modlua multipart parser r:parsebody called from Lua scripts. The Apache httpd team is not aware of any exploits that could exploit this vulnerability, but it might be possible to create such exploits. This issue affects Apache HT...

9.8CVSS7.7AI score0.97108EPSS
Exploits4References2
Vulnrichment
Vulnrichment
added 2026/06/10 8:3 p.m.9 views

CVE-2026-53634 Sharp: Missing Authorization Check in Quick Creation Command Endpoints

Sharp is a content management framework built for Laravel as a package. From version 9.0.0 to before version 9.22.3, the create and store endpoints of the Quick Creation Command feature did not enforce any authorization check. An authenticated Sharp user without create permission on a given entit...

4.3CVSS5.4AI score0.00213EPSS
Exploits0References4
CVE
CVE
added 2026/06/09 11:47 p.m.40 views

CVE-2026-41694

Summary: CVE-2026-41694 affects Spring Security SAML, where SAML Responses and parts of LogoutRequests/LogoutResponses are decrypted without requiring a valid signature. This enables an attacker to craft SAML payloads and use the Service Provider as a decryption oracle. Affected versions (per sou...

5.3CVSS5.5AI score0.00137EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/08 3:16 p.m.13 views

EUVD-2026-35093

Out-of-bounds Read vulnerability in Apache HTTP Server with modheaders and modmime and multiple response languages. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67...

6.5CVSS5.5AI score0.00525EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.10 views

Checkmk 跨站脚本漏洞

Checkmk is an IT monitoring platform developed by Checkmk Corporation. Versions of Checkmk prior to 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions contain a cross-site scripting vulnerability. This vulnerability stems from a storage-based cross-site scripting vulnerability within the URL...

8.5CVSS5.1AI score0.00136EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:27 p.m.11 views

CVE-2026-40968

When an authenticated user is denied access to a gRPC method, their authenticated identity remains bound to the gRPC worker thread and can be inherited by a subsequent unauthenticated request on the same thread. This may allow the subsequent user to gain escalated permissions. Affected versions:...

8.8CVSS5.5AI score0.00171EPSS
Exploits0References1
OSV
OSV
added 2026/06/02 2:15 p.m.9 views

EEF-CVE-2026-48861 CRLF injection in HTTP/1 request line via unvalidated method in Mint

Summary Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in elixir-mint Mint allows HTTP Request Splitting and HTTP Request Smuggling. In lib/mint/http1/request.ex, the encoderequestline/2 function splices the caller-supplied method and target arguments directly into the...

2.1CVSS6AI score0.00166EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.9 views

Mermaid 代码注入漏洞

Mermaid is an open-source application software developed by mermaid-js. It uses text and code to create charts and visualizations. Versions of Mermaid prior to 10.9.6 and 11.15.0 contain a code injection vulnerability. This vulnerability stems from the default configuration, which allows CSS to b...

5.3CVSS5.9AI score0.00398EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.12 views

PT-2026-43580

Name of the Vulnerable Software and Affected Versions Synology Surveillance Station versions prior to 9.2.2-11575 Synology Surveillance Station versions prior to 9.2.2-9575 Description The Export Key functionality contains a flaw that allows the cleartext transmission of sensitive information. Th...

4.9CVSS5.8AI score0.0023EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/05/26 8:4 a.m.9 views

WordPress Gat theme <= 1.16 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Gat versions = 1.16...

5.8AI score0.00348EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.10 views

Blitz 代码注入漏洞

Blitz is an open-source full-stack Next.js development toolkit developed by Blitz. Versions of Blitz 3.0.2 and earlier contained a code injection vulnerability. This vulnerability stemmed from an unknown function in the packages/generator/templates/app/src/app/auth/components/LoginForm.tsx file,...

5.3CVSS5.7AI score0.00336EPSS
Exploits0References4
CVE
CVE
added 2026/05/25 8:19 p.m.41 views

CVE-2026-43828

CVE-2026-43828 affects Apache Shiro. The issue: Shiro-native session manager and Remember-Me manager set cookies (JSESSIONID and rememberMe) without the Secure attribute by default, leaking sensitive cookies over non-HTTPS channels. Affected versions: 1.0 to 2.1.0, and 3.0.0-alpha-1. Remediation:...

6.5CVSS5.8AI score0.00272EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.14 views

PT-2026-43110

Name of the Vulnerable Software and Affected Versions Roundcube Webmail versions 1.6.x through 1.6.15 Roundcube Webmail versions 1.7.x through 1.7.0 Description An issue allows pre-authentication arbitrary file deletion through a session poisoning bypass when using redis or memcache. Session...

3.7CVSS5.9AI score0.00433EPSS
Exploits0References16
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in python-ipaddress

The Lib/ipaddress.py module in Python up to version 3.8.3 incorrectly calculates hash values for the IPv4Interface and IPv6Interface classes. This may allow a remote attacker to cause a denial of service if an application relies on the performance of a dictionary containing IPv4Interface or...

5.9CVSS7AI score0.12826EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/05/18 9:0 p.m.5 views

1g6table (=0.1.0), 7qb (=0.0.17) +1701 more potentially affected by unknown CVE via @antv/hierarchy (>=0.1.2 <=0.7.1)

@antv/hierarchy NPM version =0.1.2, =1.1.0, =1.0.0, =0.1.1, =0.1.1, =0.1.0, =0.0.2, =0.1.2, =1.1.43, =5.0.48, =0.1.0, =0.5.0-alpha.0, =0.5.1-alpha.0 and more Source cves: unknown CVE Source advisory: SNYK:JS-ANTVHIERARCHY-16755057...

5.7AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/18 9:0 p.m.4 views

@antv/gpt-vis (=0.5.0-beta.0), @antv/gpt-vis-ssr (>=0.1.0 <=0.3.8) +6 more potentially affected by unknown CVE via @antv/g6-ssr (>=0.0.16 <=0.1.1)

@antv/g6-ssr NPM version =0.0.16, =0.1.0, =0.0.1, =0.0.1, =0.2.1, =1.0.0, =1.0.0, =1.0.2 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVG6SSR-16754463...

5.5AI score
Exploits0
Rows per page
Query Builder