Lucene search
K

4506 matches found

CVE
CVE
added 2026/06/23 2:48 p.m.14 views

CVE-2025-62180

The CVE concerns Pega Platform versions 8.3.0 through Infinity 25.1.2, affected by an authorization weakness that may let authenticated users access additional data via crafted URLs. The vulnerability is described with a high impact on confidentiality (VULNERABLE SYSTEM CONFIDENTIALITY: HIGH) and...

7.1CVSS5.8AI score0.00215EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/23 2:48 p.m.14 views

EUVD-2025-210309

Pega Platform versions 8.3.0 through Infinity 25.1.2 are affected by an authorization weakness that may allow authenticated users to access certain additional data via crafted URLs...

7.1CVSS5.8AI score0.00215EPSS
Exploits0References2
Redos
Redos
added 2026/06/23 12:0 a.m.5 views

ROS-20260623-73-0015

Vulnerability in Python 3.12 related to the lack of measures taken to clean data at the control level. Exploitation of this vulnerability allows a remote attacker to execute arbitrary commands...

7.1CVSS6.2AI score0.0029EPSS
Exploits0
NVD
NVD
added 2026/06/22 2:17 p.m.15 views

CVE-2026-56425

The Azure Active Directory AAD authentication implementation contained multiple weaknesses in its OAuth 2.0 authorization flow that could allow attackers to bypass important security guarantees provided by the protocol. The application used the PHP session identifier sessionid as the OAuth state...

9.3CVSS0.00258EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/22 12:50 p.m.7 views

EUVD-2026-38237

The vulnerability arises when the system fails to properly validate the 'email' field during the authentication process, allowing unverified or fake email addresses to be accepted. This lack of validation enables the creation of user accounts with fake email addresses, facilitating the mass...

6.9CVSS5.8AI score0.00357EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.6 views

PT-2026-51334

Name of the Vulnerable Software and Affected Versions qSnapper versions prior to 1.3.3 Description Lack of authentication when using the snapshot diff functions allows a local attacker to access information that is otherwise read protected. Recommendations Update to version 1.3.3 or later...

6.9CVSS5.8AI score0.0015EPSS
Exploits0References5
CVE
CVE
added 2026/06/21 3:15 a.m.71 views

CVE-2026-12773

Affected software: litellm MCP Proxy (BerriAI) up to version 1.59.8. The vulnerability lies in UserAPIKeyAuth in litellm/proxy/_experimental/mcp_server/auth/user_api_key_auth_mcp.py, where authentication can be bypassed if an invalid token triggers a swallowed 401/403 exception, allowing unauthen...

9.8CVSS6.7AI score0.00612EPSS
Exploits1References8Affected Software1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Linux 5.15

A flaw was discovered in the ksmbd component of the Linux kernel, a high-performance in-kernel SMB server. The specific flaw exists in the processing of SMB2SESSIONSETUP commands. The issue arises due to the lack of proper locking when performing operations on an object. An attacker can exploit...

9CVSS6.8AI score0.02593EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/18 3:41 a.m.9 views

EUVD-2026-37835

The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.0.3 via the changeorderstatus, addordernote, deleteordernote,...

4.3CVSS5.6AI score0.0025EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.15 views

PT-2026-50740

Name of the Vulnerable Software and Affected Versions Zitadel versions 4.0.0 through 4.15.1 Zitadel versions 3.0.0 through 3.4.11 Description A Server-Side Request Forgery SSRF issue exists in components that handle outgoing HTTP requests, specifically HTTP Notification Channels, OIDC BackChannel...

2.3CVSS6AI score
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.13 views

PT-2026-50550

Name of the Vulnerable Software and Affected Versions CakePHP versions prior to 4.5.11 CakePHP versions 4.6.0 through 4.6.3 CakePHP versions 5.0.0 through 5.1.6 CakePHP versions 5.2.0 through 5.2.12 CakePHP versions 5.3.0 through 5.3.5 Description The getElementFileName function in the View class...

6.3CVSS5.9AI score0.00258EPSS
Exploits0References6
CVE
CVE
added 2026/06/16 7:27 p.m.12 views

CVE-2026-46912

Technical details are not publicly available in the provided documents. Monitor Oracle security alert CSPujun2026.html for updates.

9.3CVSS5.1AI score0.00262EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/16 1:47 p.m.12 views

NPM: Nuxt: URL-handling weaknesses in `navigateTo` and `reloadNuxtApp`: SSR open redirect, client-side script execution via the `open` option, and protocol-relative bypass in `reloadNuxtApp`

NPM: Nuxt: URL-handling weaknesses in navigateTo and reloadNuxtApp: SSR open redirect, client-side script execution via the open option, and protocol-relative bypass in reloadNuxtApp vulnerability discovered by ? in WordPress Npm nuxt versions 3.21.7...

6.1CVSS6AI score0.00205EPSS
Exploits0References10Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/15 7:15 p.m.9 views

Security Bulletin: IBM Sterling Connect:Direct Web Services is Affected by Multiple Vulnerabilities.

Summary spring-boot-3.5.13.jar is used by IBM Sterling Connect:Direct Web Services CVE-2026-40973, CVE-2026-40975, CVE-2026-40977. Vulnerability Details CVEID:CVE-2026-40973 DESCRIPTION: A local attacker on the same host as the application may be able to take control of the directory used by...

8.2CVSS5.5AI score0.00312EPSS
Exploits0Affected Software1
SUSE CVE
SUSE CVE
added 2026/06/13 2:21 a.m.15 views

SUSE CVE-2026-34181

Issue Summary: The PKCS12 file processing fails to perform sufficient input validation for files that use Password-Based Message Authentication Code 1 PBMAC1 integrity mechanism allowing a certificate and private key forgery. Impact Summary: An attacker impersonating a user can cause a service...

3.1CVSS5.5AI score0.00196EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/12 6:3 p.m.38 views

CVE-2026-28742 Naxclow IoT Platform Use of hard-coded cryptographic key

Naxclow devices use a uniform request-signing scheme based on a hard-coded, platform-wide salt embedded in every firmware image. Once this salt is recovered from any device, an attacker can generate valid signatures for arbitrary device or account operations due to the absence of per-device keys,...

9.8CVSS0.0033EPSS
Exploits0References2
NVD
NVD
added 2026/06/12 4:16 p.m.16 views

CVE-2026-50087

The Aqara IAM/SSO gateway gw-builder.aqara.com exhibits a cross-origin request sharing vulnerability, which is an instance of "CWE-942: Permissive Cross-domain Policy with Untrusted Domains," and has an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N 8.2 High...

8.2CVSS0.00192EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2026/06/11 5:46 p.m.19 views

New Attacks Trick OpenClaw AI Agent Into Running Code and Leaking Secrets

Two security teams have shown, in separate research published this week, that OpenClaw, the popular self-hosted AI agent, can be driven to run attacker-controlled code or hand over sensitive data through ordinary-looking inputs. Imperva buried instructions inside shared contacts, vCards, and...

5.7AI score
Exploits0
RedHat Linux
RedHat Linux
added 2026/06/11 1:40 p.m.9 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS7.7AI score0.00728EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/06/11 5:3 a.m.9 views

CVE-2026-40994 Wss4jSecurityInterceptor disables WS-I BSP validation by default

Wss4jSecurityInterceptor initialized its BSP WS-I Basic Security Profile compliance flag so that inbound validation disabled WSS4J BSP enforcement on RequestData. Services that validate WS-Security on the network could therefore accept messages that violate BSP rules, weakening protocol-level...

8.2CVSS5.3AI score0.00229EPSS
Exploits0References1
Rows per page
Query Builder