Lucene search
K
RedhatcveRecent

206676 matches found

RedhatCVE
RedhatCVE
•added 2026/06/02 10:3 p.m.•15 views

CVE-2026-40961

A bug in the login redirect route in Apache Airflow allowed authenticated users to craft URLs that bypassed the issafeurl check, enabling redirection from a trusted Airflow domain to an attacker-controlled origin. Users are advised to upgrade to apache-airflow 3.2.2 or later. As a defense-in-dept...

7.2CVSS5.8AI score0.00649EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/02 10:2 p.m.•18 views

CVE-2026-37235

FlexRIC v2.0.0 trusts the xappid field from E42 message payloads without binding it to the sender's SCTP association. The validation function validxappid only checks that the value is within the assigned range. A remote unauthenticated attacker can impersonate any xApp by specifying their xappid ...

7.5CVSS5.8AI score0.0057EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2026/06/02 10:2 p.m.•17 views

CVE-2026-0055

In createSessionInternal of PackageInstallerService.java, there is a possible to update a Device Policy Controller DPC into an invalid directory due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...

6.2CVSS5.9AI score0.00084EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/02 10:2 p.m.•20 views

CVE-2026-10286

A vulnerability was found in CodeAstro Payroll System 1.0. This affects an unknown part of the file /homeemployee.php. The manipulation of the argument empid results in sql injection. The attack may be performed from remote. The exploit has been made public and could be used...

6.5CVSS6.4AI score0.00204EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/02 10:2 p.m.•19 views

CVE-2026-0088

In getCallingAppLabel of CertInstaller.java, there is a possible way to hide a sensitive security dialogue due to misleading or insufficient UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS5.9AI score0.00079EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/02 10:2 p.m.•16 views

CVE-2026-0086

In onCreate of DisableSupervisionActivity.kt, there is a possible way to delete supervision data due to a missing null check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

6.8CVSS5.9AI score0.00075EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/02 10:2 p.m.•20 views

CVE-2026-0048

In hide of WindowState.java, there is a possible way to trick the user into approving permissions due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

6.8CVSS5.9AI score0.00075EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/02 10:2 p.m.•20 views

CVE-2026-0046

In InputInterceptor of Letterbox.java, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

6.2CVSS5.9AI score0.00076EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/02 10:2 p.m.•16 views

CVE-2026-5515

IBM App Connect Enterprise 13.0.1.0 through 13.0.7.0 stores potentially sensitive information in log files that could be read by a local user...

5.5CVSS5.8AI score0.001EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/02 10:2 p.m.•16 views

CVE-2022-4991

Tychon includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory that may be controllable by an unprivileged user on Windows. Tychon contains a privileged service that uses this OpenSSL component. A user who can place a specially-crafted openssl.cnf file at an...

7.4CVSS6.3AI score0.00254EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/02 10:2 p.m.•18 views

CVE-2025-48595

In multiple locations, there is a possible way to achieve code execution due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

8.4CVSS6.5AI score0.01714EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2026/06/02 10:2 p.m.•16 views

CVE-2025-32348

In multiple locations, there is a possible background activity launch due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS5.9AI score0.00072EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/02 10:2 p.m.•15 views

CVE-2026-5516

IBM WebSphere Application Server - Liberty 22.0.0.11 through 26.0.0.5 IBM WebSphere Application Server Liberty could allow a remote attacker to bypass security under limited conditions by exploiting a specific timing window...

5.9CVSS5.8AI score0.00213EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/02 10:2 p.m.•18 views

CVE-2026-24755

Kiteworks is a private data network PDN. Prior to version 9.3.0, an Insecure Direct Object Reference IDOR vulnerability in Kiteworks Secure Data Forms allows an authenticated user to modify permissions on resources belonging to other users due to insufficient authorization checks on resource...

5.4CVSS5.8AI score0.00138EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/02 10:2 p.m.•13 views

CVE-2026-47674

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.21, the ip-restriction middleware hono/ip-restriction compares incoming IP addresses against configured deny and allow rules using string equality after partial normalization. Non-canonical IPv6...

5.3CVSS5.8AI score0.00244EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/02 10:2 p.m.•15 views

CVE-2026-44720

OpenLearnX is an open-source, decentralized learning and assessment platform. Prior to 2.0.4, a critical authentication vulnerability was identified in OpenLearnX that could allow unauthorized access to user accounts under specific conditions. This vulnerability is fixed in 2.0.4...

6.9CVSS5.8AI score0.00207EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/02 10:2 p.m.•14 views

CVE-2026-10291

A security vulnerability has been detected in Enderfga claw-orchestrator up to 3.7.0. The impacted element is the function validateRegex of the file claw-orchestrator/src/embedded-server.ts of the component Session Grep Endpoint. The manipulation of the argument body.pattern leads to inefficient...

5.3CVSS5.4AI score0.00354EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/02 10:2 p.m.•14 views

CVE-2026-10287

A vulnerability was determined in SourceCodester SEO Meta Tag Extractor 1.0. This vulnerability affects the function getheaders of the file /index.php. This manipulation of the argument url causes server-side request forgery. It is possible to initiate the attack remotely. The exploit has been...

7.5CVSS6.8AI score0.00294EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/02 10:2 p.m.•16 views

CVE-2026-24754

Kiteworks is a private data network PDN. Prior to version 9.3.0, a stored XSS vulnerability in Kiteworks Secure Data Forms could allow an authenticated attacker to execute arbitrary JavaScript code in other users' sessions. Upgrade Kiteworks to version 9.3.0 or later to receive a patch...

5.4CVSS6.1AI score0.00136EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/02 10:2 p.m.•14 views

CVE-2026-8726

The extension fails to properly sanitize user input before using it in a database query. As a result, an unauthenticated attacker can inject arbitrary SQL through a URL parameter on pages using the "Date Menu of news articles" plugin. Exploitation requires the "Date Menu of news articles" plugin ...

8.2CVSS6AI score0.00386EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/02 10:2 p.m.•16 views

CVE-2026-48064

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, when a PAM service is configured with denyremote=false in pamusb commonly done for display managers such as gdm-password or lightdm to bypass process/TTY heuristics for local sessions, the PAMRHOST...

8.1CVSS5.8AI score0.00342EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/02 10:2 p.m.•15 views

CVE-2026-49139

Nanobot prior to version 0.2.1 contains a server-side request forgery vulnerability in the Microsoft Teams channel handler that allows remote attackers to exfiltrate Bot Framework bearer tokens by supplying a forged activity with an attacker-controlled serviceUrl value. Attackers can poison the...

7CVSS5.8AI score0.00382EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/02 10:2 p.m.•11 views

CVE-2026-46820

Vulnerability in the Oracle Financials Common Modules product of Oracle E-Business Suite component: Common Components. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

8.5CVSS5.8AI score0.00227EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/02 10:2 p.m.•19 views

CVE-2026-9381

A vulnerability was detected in Edimax BR-6675nD 1.12. Affected by this vulnerability is the function formPPPoESetup of the file /goform/formPPPoESetup of the component POST Request Handler. Performing a manipulation of the argument pppUserName results in buffer overflow. The attack may be...

9CVSS7.8AI score0.00445EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/02 10:2 p.m.•15 views

CVE-2026-5509

An authenticated command injection vulnerability exists in the Archer BE450 v1 and BE7200 v1 router that allows an administrator to execute arbitrary system commands through the web management interface. After successfully authenticating to the admin interface, an attacker can leverage the...

8.5CVSS6.2AI score0.02458EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/02 10:2 p.m.•12 views

CVE-2026-47179

Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.4, ProjectService.GetProjectFileContent returns the contents of any Docker Compose include directive declared in a project's compose file before any path-traversal validation runs. Because...

7.7CVSS6AI score0.00307EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/02 10:2 p.m.•15 views

CVE-2026-49136

Banana Slides through 0.4.0, patched in commit e8bc490, contains a path traversal vulnerability in the generateimage function within the AI service backend that allows unauthenticated attackers to read arbitrary image-format files outside the intended uploads directory by exploiting an incomplete...

8.7CVSS5.9AI score0.00417EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/02 10:2 p.m.•23 views

CVE-2026-46414

Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO's WebSocket control plane trusts client-supplied identity and role fields in task messages. A client connection can register as a normal device, but later send a TASK...

8.8CVSS5.8AI score0.00502EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/02 10:2 p.m.•14 views

CVE-2026-45632

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.26.7 and earlier, the schedule router does not enforce organization/role checks. As a result, any authenticated user can create, update, run, or delete schedules belonging to other organizations if they know the scheduleId/serverId...

9.9CVSS6AI score0.00256EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/02 10:1 p.m.•19 views

CVE-2026-45136

claude-code-cache-fix is a cache optimization proxy for Claude Code. From 3.5.0 to before 3.5.2, tools/quota-statusline.sh introduced in v3.5.0 interpolates Claude Code's hook stdin payload directly into a Python triple-quoted string literal. A ''' byte sequence in any user-controlled field of th...

8.6CVSS5.9AI score0.00188EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2026/06/02 10:1 p.m.•17 views

CVE-2026-45134

LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to LangSmith SDK Python 0.8.0 and JS/TS 0.6.0, the LangSmith SDK's prompt pull methods pullprompt / pullpromptcommit in Python, pullPrompt / pullPromptCommit in JS/TS fetch and deserialize prompt manifests from...

7.1CVSS5.8AI score0.00199EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/02 10:1 p.m.•14 views

CVE-2026-10292

A vulnerability was detected in UTT HiPER 1200GW up to 2.5.3-170306. This affects the function strcpy of the file /goform/formTaskEdit. The manipulation results in stack-based buffer overflow. The attack may be launched remotely. The exploit is now public and may be used...

9CVSS7.8AI score0.00472EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/02 10:1 p.m.•16 views

CVE-2026-44709

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, pamusb-pinentry reads the PINENTRYFALLBACKAPP environment variable and executes it directly without any validation. Any process that can set environment variables before pamusb-pinentry is invoked ca...

7.8CVSS6AI score0.00151EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/02 9:58 p.m.•14 views

CVE-2026-43868

A flaw was found in Apache Thrift. This vulnerability involves a Memory Allocation with Excessive Size Value, which could allow an attacker to trigger resource exhaustion. By providing an overly large size value during memory allocation, an attacker can cause the affected system to become...

7.5CVSS5.7AI score0.00665EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/02 9:52 p.m.•12 views

CVE-2026-45283

A flaw was found in Nextcloud Server. An authenticated user could exploit this vulnerability to lock or unlock files belonging to other users by manipulating WebDAV Web Distributed Authoring and Versioning paths. This issue also led to the disclosure of lock tokens in error responses, potentially...

6.3CVSS5.6AI score0.00211EPSS
Exploits0References2
RedhatCVE
RedhatCVE
•added 2026/06/02 9:52 p.m.•17 views

CVE-2026-45157

A flaw was found in Nextcloud Server. A malicious user with access to a file share could exploit this vulnerability by using the share token to directly access the chunking upload process. This allows the attacker to view temporary part files during ongoing uploads, leading to information...

6.3CVSS5.6AI score0.00231EPSS
Exploits0References2
RedhatCVE
RedhatCVE
•added 2026/06/02 4:1 p.m.•17 views

CVE-2026-37234

FlexRIC v2.0.0 allows a single SCTP connection to bind multiple xappids by sending multiple E42SETUPREQUESTs. On disconnect, only the first registered xappid's resources are cleaned up; subsequent xappids and their subscriptions remain as stale entries. A remote attacker can exploit this to leak...

8.2CVSS5.8AI score0.00345EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2026/06/02 4:1 p.m.•16 views

CVE-2026-40564

Files or Directories Accessible to External Parties, Server-Side Request Forgery SSRF vulnerability in Apache Flink Kubernetes Operator. The FlinkSessionJob jarURI is currently not validated so that it points to user-owned files or addresses. This lets a user with CR create permissions read files...

6.5CVSS5.8AI score0.0049EPSS
Exploits3References1
RedhatCVE
RedhatCVE
•added 2026/06/02 4:1 p.m.•14 views

CVE-2026-37229

FlexRIC v2.0.0 contains a reachable assertion in e2apcreatepdu triggered when ASN.1 PER decoding fails. A remote unauthenticated attacker can send any non-PER byte sequence e.g., a single 0x00 byte over SCTP to the near-RT RIC port 36421 or iApp port 36422 to crash the process via SIGABRT. The...

7.5CVSS5.8AI score0.00624EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2026/06/02 4:1 p.m.•13 views

CVE-2026-37228

FlexRIC v2.0.0 contains a reachable assertion in e2aprecvsctpmsg src/lib/ep/e2apep.c. The function allocates a fixed 32KB receive buffer and enforces assertrc = 32,768 bytes to crash the near-RT RIC, iApp, E2 Agent, or xApp process via SIGABRT. No valid E2AP PDU is required. All four SCTP endpoin...

7.5CVSS6.1AI score0.00642EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2026/06/02 4:1 p.m.•16 views

CVE-2026-37226

FlexRIC v2.0.0 crashes when the iApp receives an E42RICSUBSCRIPTIONREQUEST referencing a non-existent E2 Node. The lookup function returns NULL, which is enforced by assert in Debug builds SIGABRT and dereferenced in Release builds SIGSEGV. A remote unauthenticated attacker can crash the iApp...

7.5CVSS6AI score0.00642EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2026/06/02 4:1 p.m.•16 views

CVE-2026-10257

A security flaw has been discovered in itsourcecode Content Management System 1.0. This issue affects some unknown processing of the file /admin/updatessimg.php. The manipulation of the argument topicid results in sql injection. The attack can be executed remotely. The exploit has been released t...

6.5CVSS5.7AI score0.002EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/02 4:1 p.m.•13 views

CVE-2026-10246

A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects the function createmedicinepresentation of the file /ShowForm/createmedicinepresentation/main. The manipulation of the argument medicinepresentation leads to cross site scripting. The attack may...

5.1CVSS4.1AI score0.00199EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/02 4:1 p.m.•13 views

CVE-2026-37231

FlexRIC v2.0.0 uses a uint16t counter for xappid assignment but stores the value in uint32t message fields. After 65,530+ E42SETUPREQUESTs, the 16-bit counter wraps around and produces duplicate xappids. The iApp port 36422 crashes when attempting to register a duplicate ID in its internal data...

7.5CVSS5.8AI score0.00488EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2026/06/02 4:1 p.m.•14 views

CVE-2026-10245

A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected by this issue is the function createsupplier of the file /ShowForm/createsupplier/main. Executing a manipulation of the argument companyname can lead to cross site scripting. The attack can be launched...

5.1CVSS4.2AI score0.00203EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/02 4:1 p.m.•15 views

CVE-2026-37232

An issue was discovered in OpenAirInterface5G 2.4.0 nr-softmodem in the E2SM-KPM RAN Function's PRB utilization metric calculation. The functions fillRRUPrbTotDl and fillRRUPrbTotUl in openair2/E2AP/RANFUNCTION/O-RAN/ranfunckpmsubs.c lines 182 and 197 compute PRB usage percentages by dividing by...

8.6CVSS5.8AI score0.00393EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/02 4:1 p.m.•15 views

CVE-2026-37230

FlexRIC v2.0.0 crashes when the near-RT RIC receives a RICINDICATION message with a ranfuncid that does not exist in its registry. The lookup returns NULL, triggering assert in Debug builds SIGABRT or NULL pointer dereference in Release builds SIGSEGV. A remote unauthenticated attacker can crash...

7.5CVSS5.9AI score0.00642EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2026/06/02 4:1 p.m.•14 views

CVE-2026-10240

A vulnerability was identified in JeecgBoot up to 3.9.2. The impacted element is an unknown function of the file /airag/airagModel/test. The manipulation of the argument baseUrl leads to server-side request forgery. The attack is possible to be carried out remotely. The exploit is publicly...

6.5CVSS5.6AI score0.0027EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/02 4:1 p.m.•16 views

CVE-2026-10193

A security flaw has been discovered in OFCMS up to 1.1.3. The impacted element is the function Query of the file ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\ComnController.java of the component ComnController. Performing a manipulation of the argument system.user.query results in sq...

6.5CVSS5.6AI score0.00196EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/02 4:1 p.m.•13 views

CVE-2026-37233

FlexRIC v2.0.0 contains an authorization bypass in the iApp's xApp isolation mechanism. The equality function eqxappricgenid in src/ric/iApp/xappricid.c compares m0-xappid against itself m0-xappid instead of the other argument m1-xappid, effectively ignoring the xApp identity dimension. A malicio...

7.5CVSS5.8AI score0.00454EPSS
Exploits1References1
Total number of security vulnerabilities206676