Lucene search
K

2855989 matches found

Packet Storm News
Packet Storm News
added 2026/09/10 12:0 a.m.220 views

IServ Schoolserver User Enumeration

IServ Schoolserver suffers from a user enumeration vulnerability. The vendor does not feel this is an issue...

5.8AI score
Exploits0
BDU FSTEC
BDU FSTEC
added yesterday25 views

The vulnerability of the pg_dump utility in the PostgreSQL database management system allows a hacker to execute arbitrary code.

The vulnerability of the pgdump utility in the PostgreSQL database management system is related to the lack of security measures for SQL query structures. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

10CVSS7AI score0.00385EPSS
Exploits0References11Affected Software9
BDU FSTEC
BDU FSTEC
added yesterday16 views

The vulnerability of Microsoft Office packages and 365 Apps for Enterprise lies in the use of memory after it is freed, allowing an attacker to execute arbitrary code.

The vulnerability of Microsoft Office packages and 365 Apps for Enterprise lies in the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

8.4CVSS6AI score0.00456EPSS
Exploits0References2
CVE
CVE
added yesterday8 views

CVE-2026-15605

A security vulnerability has been detected in wandb 0.25.2.dev1. Affected is the function ArtifactManifestEntry.download in the library wandb/sdk/lib/hashutil.py of the component Artifact Integrity Validation. The manipulation leads to use of weak hash. The attack may be initiated remotely. A hig...

3.1CVSS5.5AI score
Exploits0References7
CVE
CVE
added yesterday7 views

CVE-2026-58489

HedgeDoc is an open source, real-time collaborative markdown notes application. Prior to 1.11.0, the GitHub Gist export flow created an OAuth2 state value but only checked that it was present rather than validating it against the value expected for the user's session. Because the state was not...

6.8CVSS6.1AI score
Exploits0References2
CVE
CVE
added yesterday4 views

CVE-2026-58486

CVE-2026-58486: HedgeDoc prior to 1.11.0 is vulnerable to a YAML alias bomb in note frontmatter. HedgeDoc parses frontmatter with js-yaml.load (js-yaml v3) via @hedgedoc/meta-marked, resolving YAML anchors and potentially expanding a malicious payload into a huge object, consuming CPU on each req...

8.3CVSS6.1AI score
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added yesterday5 views

Security Bulletin: Vulnerability in bytes bundled with IBM Fusion, IBM Fusion HCI, and IBM Fusion Content-Aware Storage

Summary IBM Fusion, IBM Fusion HCI, and IBM Fusion Content-Aware Storage include the bytes library, which is affected by an integer overflow vulnerability. CVE-2026-25541 Vulnerability Details CVEID:CVE-2026-25541 DESCRIPTION: Bytes is a utility library for working with bytes. From version 1.2.1 ...

7.5CVSS6AI score0.00559EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added yesterday4 views

Security Bulletin: Vulnerability in undici bundled with IBM Fusion, IBM Fusion HCI, and IBM Fusion Content-Aware Storage

Summary IBM Fusion, IBM Fusion HCI, and IBM Fusion Content-Aware Storage include the undici library, which is affected by a denial of service vulnerability. CVE-2026-22036 Vulnerability Details CVEID:CVE-2026-22036 DESCRIPTION: Undici is an HTTP/1.1 client for Node.js. Prior to 7.18.0 and 6.23.0,...

7.5CVSS6.7AI score0.00433EPSS
Exploits0Affected Software2
NVD
NVD
added yesterday5 views

CVE-2026-60103

Blender 3.0.0 through 5.1.2 contains an out-of-bounds read vulnerability that allows attackers to trigger a crash or read adjacent heap memory by supplying a crafted .blend file with a malicious signed short memberindex value in the SDNA block. The memberindex field is used as an array index into...

6.8CVSS
Exploits0References3
CVE
CVE
added yesterday8 views

CVE-2026-60103

Blender 3.0.0–5.1.2 contains an out-of-bounds read via a crafted .blend SDNA block. The signed short member_index is used as an array index into sdna->members[] in sdna_expand_names() without bounds checking, producing an invalid pointer that is then passed to strlen(), causing a SIGSEGV or un...

6.8CVSS6.1AI score
Exploits0References3
Circl
Circl
added yesterday4 views

CVE-2026-57432

creationtimestamp| type| source ---|---|--- 2026-07-13 17:37:26+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqka7mplwe26 2026-07-13 18:35:15+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mqkdgymh2224...

6.1AI score
Exploits0References2
CVE
CVE
added yesterday8 views

CVE-2026-61501

Rejetto HFS versions 3.0.0–3.2.0 expose a stored XSS in the admin log viewer: log entries rendered as HTML without sanitization allow a remote unauthenticated attacker to craft a username, write JavaScript to the error log, and execute code in an administrator’s browser when logs are viewed, pote...

6.1CVSS6.3AI score
Exploits0References2
Nuclei
Nuclei
added yesterday12 views

Check Point IKEv1 Remote-Access VPN - Certificate Authentication Bypass

IKEv1 key exchange contains a broken authentication caused by logic flow weakness in Remote Access and Mobile Access certificate validation, letting unauthenticated remote attackers bypass user authentication and establish VPN connections without valid passwords, exploit requires use of deprecate...

9.3CVSS7.2AI score0.70099EPSS
Exploits5References3
EUVD
EUVD
added yesterday5 views

EUVD-2024-24347

GeoNode: Stored XSS to full account takeover...

6.1CVSS6.4AI score0.00376EPSS
Exploits0References4
OSV
OSV
added yesterday11 views

ROOT-APP-MAVEN-CVE-2026-22751 CVE-2026-22751 in io.root.org.springframework.security:spring-security-core - Patched by Root

Root has patched CVE-2026-22751 in the io.root.org.springframework.security:spring-security-core package for Root:Maven. Multiple fixed versions available...

4.8CVSS5.4AI score0.00124EPSS
Exploits0
OSV
OSV
added yesterday10 views

ROOT-APP-MAVEN-CVE-2026-54513 CVE-2026-54513 in io.root.com.fasterxml.jackson.core:jackson-databind - Patched by Root

Root has patched CVE-2026-54513 in the io.root.com.fasterxml.jackson.core:jackson-databind package for Root:Maven. Multiple fixed versions available...

8.1CVSS5.8AI score0.00695EPSS
Exploits0
OSV
OSV
added yesterday9 views

ROOT-APP-MAVEN-CVE-2026-54512 CVE-2026-54512 in io.root.com.fasterxml.jackson.core:jackson-databind - Patched by Root

Root has patched CVE-2026-54512 in the io.root.com.fasterxml.jackson.core:jackson-databind package for Root:Maven. Multiple fixed versions available...

8.1CVSS5.8AI score0.00617EPSS
Exploits1
Circl
Circl
added yesterday6 views

CVE-2026-57816

creationtimestamp| type| source ---|---|--- 2026-07-13 12:09:52+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqjnvukf5m2y 2026-07-13 21:31:43+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqkncjxa5h2a...

7.1CVSS6.1AI score0.00251EPSS
Exploits0References2
EUVD
EUVD
added yesterday6 views

EUVD-2026-43494

Integer overflow vulnerability has been found in "builtin.c" program file of gawk dosub routine. This issue could be used to overwrite gawk heap metadata and objects causing the program to crash. It affects 32-bit builds of gawk in versions 5.4.0 and below...

9.1CVSS6AI score
Exploits0References2
CVE
CVE
added yesterday11 views

CVE-2026-40468

Integer overflow vulnerability has been found in "builtin.c" program file of gawk. This issue may lead to memory exhaustion on the hosting operating system and could be used to overwrite gawk heap metadata and objects with attacker-controlled bytes. It affects gawk in versions 5.4.0 and below...

9.1CVSS6AI score
Exploits0References2Affected Software1
Rows per page
Query Builder