Lucene search
K
RedhatcveRecent

206580 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:37 p.m.10 views

CVE-2026-47335

Ubuntu Linux 6.8 contains SAUCE patches with a possible NULL pointer dereference in the handling of AppArmor notifications. The bug can be triggered by an unprivileged local user. This can lead to a kernel panic...

5.5CVSS5.4AI score0.00097EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:37 p.m.10 views

CVE-2026-47317

Uncontrolled Recursion vulnerability in Samsung Open Source Escargot allows Excessive Allocation. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3...

7.5CVSS5.4AI score0.00266EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:37 p.m.11 views

CVE-2026-47119

Agent Zero before version 1.15 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary JavaScript in the application origin by serving SVG files through the imageget API endpoint without Content-Security-Policy, X-Content-Type-Options, or Content-Dispositio...

6.1CVSS5.6AI score0.00236EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:37 p.m.11 views

CVE-2026-47326

Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches with a memory leak in the handling of big responses to AppArmor notifications. The bug can be triggered by an unprivileged local user. The memory leak could lead to resource exhaustion...

5.5CVSS5.4AI score0.00093EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:37 p.m.11 views

CVE-2026-47328

Ubuntu Linux 6.8, 6.17 and 7.0 contain AppArmor SAUCE patches which incorrectly attempt to free a pointer which was not previously kmallocd, while at the same time leaking allocated memory. The bug can be triggered by an unprivileged local user and can result in the corruption of slab metadata an...

6.1CVSS5.5AI score0.00093EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:37 p.m.11 views

CVE-2026-47308

NULL pointer dereference vulnerability in Samsung Open Source Walrus allows Pointer Manipulation. This issue affects Walrus: f339b8ee4ea701772e8ae640b3d1b12ac02b1ae9...

7.5CVSS5.4AI score0.00209EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:37 p.m.10 views

CVE-2026-41691

Copilot said: i18nextify is a JavaScript library that adds i18nextify is a JavaScript library that adds website internationalization via a script tag, without source code changes. Versions prior to 3.0.5 interpolate the lng and ns values directly into the configured loadPath / addPath URL templat...

9.1CVSS5.4AI score0.00251EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:37 p.m.10 views

CVE-2026-41664

Integer overflow in memory copy size calculation in Samsung Open Source ONE could lead to invalid memory operations with large tensor shapes. Affected version is prior to commit 1.30.0...

6.6CVSS5.5AI score0.00102EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:37 p.m.13 views

CVE-2026-29051

melange allows users to build apk packages using declarative pipelines. Starting in version 0.32.0 and prior to version 0.43.4, melange lint --persist-lint-results opt-in flag, also usable via melange build --persist-lint-results constructs output file paths by joining --out-dir with the arch and...

4.4CVSS5.7AI score0.00172EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:37 p.m.11 views

CVE-2026-41484

OpenTelemetry.Exporter.OneCollector is a .NET exporter that sends telemetry to a OneCollector back-end over HTTP. In versions 1.15.0 and earlier, when a request to the configured back-end or collector results in an unsuccessful HTTP 4xx or 5xx response, the HttpJsonPostTransport class reads the...

5.9CVSS5.5AI score0.00338EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:37 p.m.9 views

CVE-2026-41961

Permission control vulnerability in contacts. Impact: Successful exploitation of this vulnerability may affect availability...

5.9CVSS5.4AI score0.00078EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:37 p.m.9 views

CVE-2026-41233

Froxlor is open source server administration software. Prior to version 2.3.6, in Domains.add, the adminid parameter is accepted from user input and used without validation when the calling reseller does not have the customersseeall permission. This allows a reseller to attribute newly created...

5.4CVSS5.5AI score0.00264EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:37 p.m.11 views

CVE-2026-41969

Permission control vulnerability in the projection module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

6.2CVSS5.4AI score0.00096EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:37 p.m.11 views

CVE-2026-41655

Admidio is an open-source user management solution. Prior to version 5.0.9, the ecardpreview.php endpoint does not validate that the ecardtemplate POST parameter is a safe filename before passing it to ECard::getEcardTemplate. An authenticated user can supply a path traversal payload e.g.,...

6.5CVSS5.5AI score0.00307EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:37 p.m.10 views

CVE-2026-41530

The automatic folder creation feature of Lhaz and Lhaz+ provided by Chitora soft contains a path traversal vulnerability. When the affected product is configured with the automatic folder creation feature enabled, and a product user tries to extract an archive file which has a crafted file name,...

4.6CVSS5.2AI score0.0015EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:37 p.m.11 views

CVE-2026-41970

Out-of-bounds write vulnerability in the distributed file system module. Impact: Successful exploitation of this vulnerability may affect availability...

6.8CVSS5.4AI score0.00131EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:37 p.m.19 views

CVE-2026-41206

PySpector is a static analysis security testing SAST Framework engineered for modern Python development workflows. The plugin security validator in PySpector uses AST-based static analysis to prevent dangerous code from being loaded as plugins. Prior to version 0.1.8, the blocklist implemented in...

7.8CVSS6.2AI score0.00185EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.11 views

CVE-2026-41318

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to version 1.12.1, AnythingLLM's in-chat markdown renderer has an unsafe custom rule for images that interpolates the markdown image's alt text into an HTML alt="..."...

5.4CVSS5.4AI score0.00195EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.8 views

CVE-2026-41178

OpenTelemetry-Go is the Go implementation of OpenTelemetry. Versions 1.41.0 and 1.43.0 removed raw-length rejection and it causes Parse to process arbitrarily large/invalid baggage headers and log errors, enabling DoS via oversized inputs. Versions 1.42.0 and 1.44.0 fix the issue...

5.3CVSS5.4AI score0.00237EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.11 views

CVE-2026-41183

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, the assigned-only restriction is applied to direct conversation view and folder queries, but not to non-folder query builders. Global search and the AJAX filter path still reveal conversations that should be...

4.3CVSS5.4AI score0.00224EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.10 views

CVE-2026-41426

pretalx is a conference planning tool. Prior to 2026.1.0, an unauthenticated attacker can send arbitrary HTML-rendered emails from a pretalx instance's configured sender address by embedding malformed HTML or markdown link syntax in a user-controlled template placeholder such as the account displ...

6.1CVSS5.6AI score0.00154EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.10 views

CVE-2026-41929

Vvveb before 1.0.8.2 contains an unauthenticated reflected cross-site scripting vulnerability in the visual editor preview renderer that allows attackers to execute arbitrary JavaScript by manipulating the r query parameter and componentajax POST parameter. Attackers can craft a malicious link or...

6.1CVSS5.6AI score0.00198EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.13 views

CVE-2026-41129

Craft CMS is a content management system CMS. Versions on the 4.x branch through 4.17.8 and the 5.x branch through 5.9.14 are vulnerable to Server-Side Request Forgery. The exploitation requires a few permissions to be enabled in the used GraphQL schema: "Edit assets in the volume" and "Create...

7CVSS5.4AI score0.00275EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.16 views

CVE-2026-41130

Craft CMS is a content management system CMS. In versions on the 4.x branch through 4.17.8 and the 5.x branch through 5.9.14, the resource-js endpoint in Craft CMS allows unauthenticated requests to proxy remote JavaScript resources. When trustedHosts is not explicitly restricted default...

7CVSS5.7AI score0.0026EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.11 views

CVE-2026-41569

authentik is an open-source identity provider. Prior to version 2026.2.3, the WS-Federation provider validates the user-supplied wreply parameter using a raw string prefix check rather than proper URL parsing. An attacker who can craft a login link can supply a wreply value on a different origin...

6.9CVSS5.4AI score0.00182EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.12 views

CVE-2026-41004

A flaw was found in Spring Cloud Config Server. When trace logging is enabled, sensitive information is inadvertently written in plain text to the logs. A highly privileged local user could exploit this vulnerability to gain unauthorized access to confidential data, leading to information...

4.4CVSS5AI score0.00168EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.10 views

CVE-2026-41310

OpenTelemetry.Exporter.Zipkin is the .NET Zipkin exporter for OpenTelemetry. In versions 1.15.2 and earlier, the Zipkin exporter remote endpoint cache accepts unbounded key growth derived from span attributes. In high-cardinality scenarios, a process using Zipkin export for client or producer spa...

5.3CVSS5.5AI score0.00311EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.10 views

CVE-2026-41965

Use-After-Free UAF vulnerability in the web. Impact: Successful exploitation of this vulnerability may affect availability...

5.6CVSS5.4AI score0.00126EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.9 views

CVE-2026-41062

WWBN AVideo is an open source video platform. In versions 29.0 and below, the directory traversal fix introduced in commit 2375eb5e0 for objects/aVideoEncoderReceiveImage.json.php only checks the URL path component via parseurl$url, PHPURLPATH for .. sequences. However, the downstream function...

6.5CVSS5.6AI score0.00718EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.11 views

CVE-2026-41572

Note Mark is an open-source note-taking application. Prior to version 0.19.3, after a note-mark owner soft-deletes a public book, its notes and uploaded assets stay readable at /api/notes/id, /api/notes/id/content, the slug URL, and the asset endpoints. Unauthenticated callers who hold the note I...

5.3CVSS5.3AI score0.00194EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.11 views

CVE-2026-41932

Vvveb before 1.0.8.3 contains a stored cross-site scripting vulnerability in the customer signup flow where the Signup::addUser controller copies raw POST username values into the displayname field before sanitization occurs. Attackers can submit HTML and script markup in the username field durin...

6.1CVSS5.5AI score0.00218EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.9 views

CVE-2026-41185

When Calico is configured with the Azure IPAM plugin, the Calico CNI binary mutates the incoming CNI configuration to attach subnet information before delegating to the IPAM plugin. After mutating, the Azure IPAM helper logs the entire unmarshaled configuration map stdinData at INFO level to...

6.5CVSS5.5AI score0.00323EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.13 views

CVE-2026-41671

Admidio is an open-source user management solution. Prior to version 5.0.9, the OIDC token introspection endpoint /modules/sso/index.php/oidc/introspect always returns "active": true for every request, regardless of whether a valid token is provided, whether the token is expired, revoked, or...

6.8CVSS5.4AI score0.00323EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.10 views

CVE-2026-41662

Admidio is an open-source user management solution. Prior to version 5.0.9, Role::stopMembership does not verify whether removing a user from the administrator role leaves zero administrators. The deprecated Membership::stopMembership contains this safety check, but the current code path bypasses...

5.2CVSS5.4AI score0.00285EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.12 views

CVE-2026-41149

A flaw was found in Mermaid, a JavaScript tool for creating diagrams and charts. A remote attacker could exploit this vulnerability by injecting malicious HTML through the classDef directive in Mermaid state diagrams. This allows for Document Object Model DOM injection, which escapes the Scalable...

5.4CVSS5.4AI score0.00401EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.8 views

CVE-2026-41499

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.0.0 to before version 4.14.4, multiple heap-based out-of-bounds WRITE vulnerabilities exist in parseunamestring remotedop.c. This function processes OS identification data from agents and...

6.5CVSS5.4AI score0.00254EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.9 views

CVE-2026-41051

csync2 uses insecure temporary directories when compiled with C99 or later, allowing for TOCTOU style attacks on the temporary directories...

5.1CVSS5.4AI score0.00075EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.9 views

CVE-2026-41141

EspoCRM is an open source customer relationship management application. Prior to 9.3.5, the POST /api/v1/EmailTemplate/:id/prepare endpoint accepts an emailAddress parameter and resolves the owning entity Contact, Lead, Account, or User without performing an ACL check. An authenticated user with...

6.5CVSS5.5AI score0.00346EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.10 views

CVE-2026-41136

free5GC AMF provides Access & Mobility Management Function AMF for free5GC, an an open-source project for 5th generation 5G mobile core networks. Prior to version 1.4.3, the HTTPUEContextTransfer handler in internal/sbi/apicommunication.go does not include a default case in the Content-Type switc...

6.9CVSS5.5AI score0.00282EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.9 views

CVE-2026-41967

Permission control vulnerability in the manufacturability design module. Impact: Successful exploitation of this vulnerability may affect availability...

5.9CVSS5.4AI score0.00078EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.10 views

CVE-2026-41244

Mojic is a CLI tool to transform readable C code into an unrecognizable chaotic stream of emojis. Prior to 2.1.4, the CipherEngine uses a standard equality operator !== to verify the HMAC-SHA256 integrity seal during the decryption phase. This creates an Observable Timing Discrepancy CWE-208,...

4.7CVSS5.5AI score0.00108EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.8 views

CVE-2026-41127

BigBlueButton is an open-source virtual classroom. Versions prior to 3.0.24 have a missing authorization that allows viewers to inject/overwrite captions Version 3.0.24 tightened the permissions on who is able to submit captions. No known workarounds are available...

6.5CVSS5.5AI score0.00178EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.12 views

CVE-2026-41657

Admidio is an open-source user management solution. Prior to version 5.0.9, the contactsdata.php endpoint uses a weaker permission check isAdministratorUsers, requiring only roledituser=true than the frontend UI contacts.php which correctly requires the stronger isAdministrator requiring...

4.9CVSS5.4AI score0.00322EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.10 views

CVE-2026-41585

ZEBRA is a Zcash node written entirely in Rust. From zebrad versions 2.2.0 to before 4.3.1 and from zebra-rpc versions 1.0.0-beta.45 to before 6.0.2, a vulnerability in Zebra's JSON-RPC HTTP middleware allows an authenticated RPC client to cause a Zebra node to crash by disconnecting before the...

6.9CVSS5.4AI score0.00257EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.12 views

CVE-2026-41954

Sensitive information disclosure vulnerability exists in the undisclosed iControl REST endpoint and TMOS Shell tmsh command which may allow an authenticated attacker with resource administrator role privileges to view sensitive information. Note: Software versions which have reached End of...

6.9CVSS5.6AI score0.00294EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.10 views

CVE-2026-41509

CROSS implementation contains reference and optimized implementations of the CROSS post-quantum signature algorithm. Prior to commit fc6b7e7, there is a buffer overflow in cryptosignopen caused by an underflow of the integer mlen. This issue has been patched via commit fc6b7e7...

9.8CVSS5.7AI score0.0034EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.10 views

CVE-2026-41073

RT is an open source, enterprise-grade issue and ticket tracking system. Versions prior to 5.0.10 and 6.0.0 through 6.0.2 contain a spreadsheet CSV/formula injection vulnerability. User-controlled data in spreadsheet exports is not sanitized before being written to the output file, which can caus...

4.6CVSS5.3AI score0.00166EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.10 views

CVE-2026-41069

A flaw was found in libheif, a HEIF High Efficiency Image File Format and AVIF file format decoder and encoder. A remote attacker could exploit this vulnerability by providing a specially crafted, malformed HEIF sequence file. This malformed file can trigger an out-of-bounds read during the core...

6.5CVSS4.3AI score0.00253EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.12 views

CVE-2026-41181

A flaw was found in Traefik, an HTTP reverse proxy and load balancer. The errors custom error pages middleware can inadvertently expose end-user credentials. When a backend returns a response matching a configured status range, the middleware forwards the original request's complete header set,...

6.9CVSS5.8AI score0.00445EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.13 views

CVE-2026-41891

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. From version 0.26.0 to before version 0.31.8.0, the auth filter has the deactivated/banned user check commented out. This issue has been patched in version...

5.3CVSS5.3AI score0.00269EPSS
Exploits0References1
Total number of security vulnerabilities206580