Lucene search
K

19025 matches found

Tenable Nessus
Tenable Nessus
added 2026/05/26 12:0 a.m.15 views

IBM WebSphere Application Server 8.5.x / 9.x RCE (7274072)

The version of IBM WebSphere Application Server running on the remote host is affected by a remote code execution vulnerability as referenced in the 7274072 advisory. - IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSphere Application Server and...

9.8CVSS6.5AI score0.00847EPSS
Exploits0References3
NVD
NVD
added 2026/05/24 9:16 a.m.18 views

CVE-2026-9369

A security flaw has been discovered in NousResearch hermes-agent 2026.4.23. Affected is the function discoverdashboardplugins of the file hermescli/webserver.py of the component CLI web-dashboard Interface. Performing a manipulation of the argument HERMESENABLEPROJECTPLUGINS results in incorrect...

5.3CVSS0.00228EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/24 9:0 a.m.25 views

CVE-2026-9369 NousResearch hermes-agent CLI web-dashboard web_server.py _discover_dashboard_plugins comparison

A security flaw has been discovered in NousResearch hermes-agent 2026.4.23. Affected is the function discoverdashboardplugins of the file hermescli/webserver.py of the component CLI web-dashboard Interface. Performing a manipulation of the argument HERMESENABLEPROJECTPLUGINS results in incorrect...

5.3CVSS0.00228EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/24 9:0 a.m.10 views

CVE-2026-9369

A security flaw has been discovered in NousResearch hermes-agent 2026.4.23. Affected is the function discoverdashboardplugins of the file hermescli/webserver.py of the component CLI web-dashboard Interface. Performing a manipulation of the argument HERMESENABLEPROJECTPLUGINS results in incorrect...

5.3CVSS5.7AI score0.00228EPSS
Exploits0References4Affected Software1
Microsoft CVE
Microsoft CVE
added 2026/05/23 8:2 a.m.13 views

NGINX JavaScript vulnerability

...

9.8CVSS5.8AI score0.00889EPSS
Exploits0
Veracode
Veracode
added 2026/05/23 5:59 a.m.9 views

Path Traversal

Open WebUI is vulnerable to Path Traversal. The vulnerability is due to improper validation and sanitization of uploaded file names derived from HTTP upload requests, which allows an attacker to upload files with crafted dot-segments and traverse outside the intended uploads directory, potentiall...

9.8CVSS5.8AI score0.00336EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/05/22 1:18 p.m.8 views

OESA-2026-2401 httpd security update

Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. Users are recommended to upgrade to...

8.8CVSS5.8AI score0.00654EPSS
Exploits2References10
OSV
OSV
added 2026/05/22 1:18 p.m.14 views

OESA-2026-2399 httpd security update

Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: Improper Null Termination, Out-of-bounds Read vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes th...

5.3CVSS5.8AI score0.00485EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/22 1:12 p.m.7 views

CVE-2026-8670 Insecure session handling on metrics web server

Insufficient session expiration vulnerability in syslink software AG Avantra on Linux, Windows allows Reusing Session IDs aka Session Replay. This issue affects Avantra: before 25.3.1...

9.6CVSS5.8AI score0.00216EPSS
Exploits0References1
CVE
CVE
added 2026/05/22 1:12 p.m.15 views

CVE-2026-8670

The CVE-2026-8670 entry concerns Avantra (Syslink software AG) on Linux and Windows, with an issue described as “Insufficient session expiration,” allowing reuse of session IDs (session replay). Affected release: Avantra before 25.3.1. The CVSSv3.1 vector indicates a Critical impact (HIGH confide...

9.6CVSS5.8AI score0.00216EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.8 views

Unity Linux 20.1070e Security Update: undertow (UTSA-2026-016720)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016720 advisory. A vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credentials through log files because...

9.8CVSS6.4AI score0.03412EPSS
Exploits0References4
OSV
OSV
added 2026/05/21 4:27 p.m.10 views

RLSA-2026:18029 Critical: nginx security update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: nginx: NGINX: Arbitrary Code Execution Vulnerability CVE-2026-42945 For more details about the security issues, including the impact, a CVSS...

8.1CVSS6.1AI score0.61469EPSS
Exploits40References2
Tenable Nessus
Tenable Nessus
added 2026/05/21 12:0 a.m.36 views

F5 Networks BIG-IP : BIG-IP Configuration utility vulnerability (K000160874)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.2 / 17.5.1.6 / 21.0.0.2. It is, therefore, affected by a vulnerability as referenced in the K000160874 advisory. When the BIG-IP Configuration utility is configured to use Lightweight Directory Access Protocol LDAP...

8.7CVSS5.8AI score0.003EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/20 3:35 p.m.10 views

Arbitrary Argument Injection

Overview symfony/runtime is an Enables decoupling PHP applications from global state Affected versions of this package are vulnerable to Arbitrary Argument Injection via SymfonyRuntime::getInput when registerargcargv=On in web SAPIs. An attacker can modify the Symfony application environment and...

5.4CVSS5.8AI score
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux - уязвимость в jruby

In Ruby, WEBrick::HTTPAuth::DigestAuth from versions 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 causes a denial-of-service attack due to a regular expression issue related to looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth to the internet or a trusted...

7.8CVSS6.7AI score0.05086EPSS
Exploits0References1
NVD
NVD
added 2026/05/19 5:16 p.m.15 views

CVE-2026-36829

An authentication bypass vulnerability exists in the embedded HTTP server of Panabit PAP-XM320 up to and including v7.7. The server validates session cookies using a filesystem existence check based on a user-controlled cookie value without proper sanitization, allowing directory traversal and...

9.8CVSS0.01268EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/19 12:0 a.m.15 views

EUVD-2026-30953

An authentication bypass vulnerability exists in the embedded HTTP server of Panabit PAP-XM320 up to and including v7.7. The server validates session cookies using a filesystem existence check based on a user-controlled cookie value without proper sanitization, allowing directory traversal and...

9.8CVSS5.8AI score0.01268EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.12 views

PT-2026-41951

Name of the Vulnerable Software and Affected Versions Panabit PAP-XM320 versions prior to 7.8 Description An authentication bypass exists in the embedded HTTP server. The server validates session cookies by performing a filesystem existence check based on a user-controlled cookie value. Due to a...

9.8CVSS5.8AI score0.01268EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.11 views

Panabit PAP-XM320 路径遍历漏洞

Panabit PAP-XM320 is an enterprise-level network traffic management and bandwidth control gateway device developed by Panabit Corporation. Versions of Panabit PAP-XM320 prior to v7.7 contain a path traversal vulnerability. This vulnerability stems from the use of a file system existence check bas...

9.8CVSS5.8AI score0.01268EPSS
Exploits0References1
OSV
OSV
added 2026/05/19 12:0 a.m.9 views

ALSA-2026:19356 Moderate: libsoup security update

The libsoup packages provide an HTTP client and server library for GNOME. Security Fixes: libsoup: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment CVE-2026-5119 For more details about the security issues, including the impact, a CVSS score,...

8.2CVSS5.8AI score0.00254EPSS
Exploits1References4
Rows per page
Query Builder