Lucene search
K

54 matches found

ATTACKERKB
ATTACKERKB
β€’added 5 days agoβ€’6 views

CVE-2026-49815

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special Elements used in an OS command 'OS...

7.2CVSS6.2AI score0.01096EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
β€’added 2026/06/22 4:10 p.m.β€’4 views

CVE-2026-53571

Vite is a frontend tooling framework for JavaScript. Prior to 8.0.16, 7.3.5, and 6.4.3, the contents of files that are specified by server.fs.deny can be returned to the browser on Windows. Vite’s dev server denies direct access to sensitive files through server.fs.deny, including entries such as...

8.2CVSS5.9AI score0.00393EPSS
Exploits1References2Affected Software1
OSV
OSV
β€’added 2026/06/10 10:17 p.m.β€’5 views

DEBIAN-CVE-2026-46673

Russh is a Rust SSH client & server library. Prior to version 0.60.3, CryptoVec used unchecked capacity growth, unchecked length arithmetic, and unsafe allocation/locking paths. In current russh releases, local SSH agent peers could still feed attacker-controlled frame lengths into buffer growth...

7.5CVSS5.6AI score0.00263EPSS
Exploits0References1
Vulnrichment
Vulnrichment
β€’added 2026/06/10 2:31 p.m.β€’9 views

CVE-2026-8335 Missing authentication in Aix-DB

A missing authentication check on the Aix‑DB "/llm/processllmout" endpoint allows unauthenticated clients to execute arbitrary "SELECT" SQL queries and retrieve database data, as the endpoint lacks the token validation enforced on all other application endpoints. All releases up to 1.2.4 are...

7.1CVSS6AI score0.00195EPSS
Exploits0References2
EUVD
EUVD
β€’added 2026/06/09 5:13 p.m.β€’11 views

EUVD-2026-35764

Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

5.9CVSS5.4AI score0.00175EPSS
Exploits0References1
Snyk
Snyk
β€’added 2026/06/06 9:0 p.m.β€’10 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Shai-Hulud / Miasma software supply chain campaign, a large scale operation that has affected numerous packages across open source ecosystems. The malicio...

9.8CVSS5.7AI score
Exploits0References2
NVD
NVD
β€’added 2026/05/22 2:16 p.m.β€’11 views

CVE-2026-8997

vifm is vulnerable to a heap buffer overflow during the history merge process when saving the state file vifminfo.json. This flaw occurs because the application lacks a runtime check on the length of history entries in release builds, potentially allowing a crafted long path or command in the...

4.8CVSS0.0014EPSS
Exploits0References2
Cvelist
Cvelist
β€’added 2026/05/22 1:26 p.m.β€’27 views

CVE-2026-8997 Heap Buffer Overflow in vifm

vifm is vulnerable to a heap buffer overflow during the history merge process when saving the state file vifminfo.json. This flaw occurs because the application lacks a runtime check on the length of history entries in release builds, potentially allowing a crafted long path or command in the...

4.8CVSS0.0014EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
β€’added 2026/05/22 1:26 p.m.β€’6 views

CVE-2026-8997

vifm is vulnerable to a heap buffer overflow during the history merge process when saving the state file vifminfo.json. This flaw occurs because the application lacks a runtime check on the length of history entries in release builds, potentially allowing a crafted long path or command in the...

4.8CVSS6AI score0.0014EPSS
Exploits0References3Affected Software1
RedHat Linux
RedHat Linux
β€’added 2026/05/14 7:50 p.m.β€’10 views

firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume th...

7.5CVSS5.9AI score0.00499EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
β€’added 2026/05/12 7:50 p.m.β€’9 views

CVE-2026-34656

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain...

4.3CVSS5.8AI score0.00393EPSS
Exploits0References2
OSV
OSV
β€’added 2026/05/12 8:50 a.m.β€’15 views

BIT-LIBPHP-2026-7263 DoS attack via DOMNode::C14N()

In PHP versions 8.4. before 8.4.21 and 8.5. before 8.5.6, DOMNode::C14N method may process the XML data incorrectly, causing a circular linked list in the data structure representing the XML document. This may cause subsequent processing of the XML document to enter infinite loop, causing denial ...

7.5CVSS5.8AI score0.00353EPSS
Exploits0References6
Positive Technologies
Positive Technologies
β€’added 2026/04/30 12:0 a.m.β€’4 views

PT-2026-36049

Name of the Vulnerable Software and Affected Versions Wireshark versions 4.6.0 through 4.6.4 Wireshark versions 4.4.0 through 4.4.14 Description A crash in the FC-SWILS protocol dissector allows for a denial of service. Recommendations Update Wireshark versions 4.6.0 through 4.6.4 to a version...

8.8CVSS6AI score0.0039EPSS
Exploits43References50
Vulnrichment
Vulnrichment
β€’added 2026/04/17 8:12 a.m.β€’7 views

CVE-2025-36568

Dell PowerProtect Data Domain BoostFS for client of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain an insufficiently protected credentials vulnerability. A low privileged attacker with...

7.8CVSS5.7AI score0.0011EPSS
Exploits0References1
OSV
OSV
β€’added 2026/04/09 8:16 p.m.β€’5 views

DEBIAN-CVE-2026-24880

Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in Apache Tomcat via invalid chunk extension. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M1 through 10.1.52, from 9.0.0.M1 through 9.0.115, from 8.5.0 through 8.5.100,...

7.5CVSS5.2AI score0.00453EPSS
Exploits0References1
NVD
NVD
β€’added 2026/04/03 4:16 p.m.β€’3 views

CVE-2025-68153

Juju is an open source application orchestration engine that enables any application operation on any infrastructure at any scale through special operators called β€˜charms’. From versions 2.9 to before 2.9.56 and 3.6 to before 3.6.19, any authenticated user, machine or controller under a Juju...

7.1CVSS0.00232EPSS
Exploits0References2
OSV
OSV
β€’added 2026/03/27 3:16 p.m.β€’4 views

UBUNTU-CVE-2026-27876

A chained attack via SQL Expressions and a Grafana Enterprise plugin can lead to a remote arbitrary code execution impact RCE. This is enabled by a feature in Grafana OSS, so all users are always recommended to update to avoid future attack vectors going this path. Only instances with the...

9.1CVSS6.5AI score0.01929EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
β€’added 2026/02/12 12:0 a.m.β€’7 views

GitLab 18.1 < 18.3.6 / 18.4 < 18.4.4 / 18.5 < 18.5.2 (CVE-2025-11865)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab EE affecting all versions from 18.1 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that, under certain circumstances, could have allowed an attacker t...

5.3CVSS5.6AI score0.002EPSS
Exploits0References4
OSV
OSV
β€’added 2026/02/03 3:30 p.m.β€’3 views

GHSA-33MW-Q7RJ-MJWJ Django has Inefficient Algorithmic Complexity

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. ASGIRequest allows a remote attacker to cause a potential denial-of-service via a crafted request with multiple duplicate headers. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not...

6.9CVSS7.1AI score0.00993EPSS
Exploits0References7
Packet Storm
Packet Storm
β€’added 2026/02/02 12:0 a.m.β€’139 views

πŸ“„ WordPress Hustle 7.8.4 Credential Disclosure Scanner

WordPress Hustle plugin credential disclosure security scanner that detects the installed plugin version, verifies whether it falls within known vulnerable releases 7.8.0–7.8.3, and scans for sensitive files containing hardcoded HubSpot credentials. The tool also fetches the latest official plugi...

8.6CVSS5.3AI score0.00789EPSS
Exploits3
Rows per page
Query Builder