Lucene search
K
RedhatcveRecent

206704 matches found

RedhatCVE
RedhatCVE
added 2026/05/30 2:12 a.m.14 views

CVE-2026-44794

Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, in the case of inter-object references via GenericForeignKey a pattern allowing an object to reference another object that may belong to one of several different "content types" or database tables,...

5.4CVSS5.8AI score0.00177EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/29 8:13 p.m.15 views

CVE-2026-9518

A vulnerability was identified in hemant6488 CodeIgniter-StudentManagementSystem. The impacted element is the function addStudent of the file viewstudents.php of the component Students Controller. The manipulation of the argument Name leads to cross site scripting. The attack is possible to be...

5.3CVSS4.2AI score0.00336EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/29 8:13 p.m.19 views

CVE-2026-9416

A security vulnerability has been detected in code-projects Employee Management System 1.0. This impacts an unknown function of the file /myprofile.php. Such manipulation of the argument ID leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed publicly...

5.3CVSS4.2AI score0.00263EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/29 8:13 p.m.15 views

CVE-2026-9410

A vulnerability has been found in Sushmi-pal Invoice-System up to a0a3faa16dee2621b231ae227333f5761607283b. This vulnerability affects unknown code of the file /profile of the component Profile Workflow. Such manipulation of the argument ID leads to improper authorization. It is possible to launc...

5.3CVSS5.4AI score0.00198EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/29 8:13 p.m.14 views

CVE-2026-9377

A vulnerability was identified in SourceCodester SUP Online Shopping 1.0. The impacted element is an unknown function of the file /admin/productedit.php. The manipulation of the argument productName leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is...

4.8CVSS4.2AI score0.00202EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/29 8:13 p.m.17 views

CVE-2026-9370

A weakness has been identified in ulisesbocchio jasypt-spring-boot up to 3.0.5/4.0.4. Affected by this vulnerability is the function getSecretKeySaltGenerator of the file jasypt-spring-boot/src/main/java/com/ulisesbocchio/jasyptspringboot/encryptor/SimpleGCMConfig.java of the component Password...

6.3CVSS5.1AI score0.00202EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/29 8:13 p.m.13 views

CVE-2026-9422

A vulnerability was identified in KLiK SocialMediaWebsite 1.0. This issue affects some unknown processing of the component HTTP POST Request Parameter Handler. Such manipulation leads to injection. The attack can be launched remotely. The exploit is publicly available and might be used...

7.5CVSS7AI score0.00304EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/29 8:13 p.m.14 views

CVE-2026-9398

A security vulnerability has been detected in Besen BS20 EV Charging Station up to 20260426. This affects an unknown part of the component BLE/WiFi. Such manipulation leads to authentication bypass by capture-replay. The attack must be carried out from within the local network. Attacks of this...

3.1CVSS5.2AI score0.00294EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/29 8:13 p.m.17 views

CVE-2026-9090

Casdoor versions 2.362.0 and earlier contain a vulnerability that allows an attacker to bypass authentication by supplying an arbitrary signing certificate. The buildSpCertificateStore function extracts the X.509 certificate directly from the incoming SAMLResponse instead of using the trusted...

9.1CVSS5.9AI score0.00201EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/29 8:13 p.m.12 views

CVE-2026-49093

Server-Side Request Forgery CWE-918 in Kibana can allow an authenticated user with connector management privileges to bypass the operator-configured connector allowlist, causing the Kibana server to issue outbound requests to destinations the egress controls were intended to block...

7.7CVSS5.8AI score0.00199EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/29 8:13 p.m.17 views

CVE-2026-9452

A security vulnerability has been detected in FoundDream miniclawd up to 2d65665046e2222eeea76cafc8570ed546a8c125. Affected by this issue is the function ExecTool.execute of the file /src/tools/exec.ts. Such manipulation leads to os command injection. The attack can be launched remotely. The...

7.5CVSS6.7AI score0.01385EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/29 8:13 p.m.14 views

CVE-2026-45297

OpenReplay is a self-hosted session replay suite. Prior to 1.26.0, there is a cross-tenant IDOR on feature-flag and assist-stats routes via projectid case mismatch. ProjectAuthorizer.call OSS api/auth/authproject.py:14-38 and EE ee/api/auth/authproject.py:14-46 only runs...

5.3CVSS5.8AI score0.00207EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/29 8:13 p.m.12 views

CVE-2026-9091

Casdoor versions 2.362.0 and earlier contain a logic flaw in the social‑login binding flow that allows users to bypass configured MFA requirements. The binding‑rule code path in controllers/auth.go calls HandleLoggedIn directly without invoking checkMfaEnable. Any user authenticating via this pat...

5.3CVSS5.9AI score0.00322EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/29 8:13 p.m.19 views

CVE-2026-9039

A configuration weakness in the device’s remote management service allows an authenticated session to be established over a communication channel intended solely for vehicle-charger signaling. The service is accessible on interfaces exposed through the charging connector, and it accepts a default...

8.6CVSS5.8AI score0.00185EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/29 8:13 p.m.14 views

CVE-2026-9038

A stack-based buffer overflow vulnerability in the charging controller’s signal-processing logic allows an attacker with physical access to the charging interface to supply message fields that exceed expected bounds. Because the input is not sufficiently validated, memory corruption may occur,...

8.6CVSS6.3AI score0.0023EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/29 8:13 p.m.15 views

CVE-2026-9346

A flaw has been found in Edimax EW-7438RPn up to 1.31. This impacts the function formWirelessTbl of the file /goform/formWirelessTbl of the component webs. Executing a manipulation of the argument submit-url can lead to buffer overflow. The attack may be performed from remote. The exploit has bee...

9CVSS7.5AI score0.00445EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/29 8:13 p.m.12 views

CVE-2026-44466

Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed via bash arithmetic expansion $..., allowing execution of arbitrary commands nested inside an allowlisted command like echo. This vulnerability is fixed in 0.229.0...

8.6CVSS6.1AI score0.00232EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/05/29 8:13 p.m.13 views

CVE-2026-9404

A vulnerability was identified in Totolink A8000RU 7.1cu.643b20200521. This affects the function setDdnsCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument provider leads to os command injection. The attack may be launched remotely. Th...

10CVSS7.1AI score0.01732EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/29 8:13 p.m.14 views

CVE-2026-9389

A security vulnerability has been detected in Tenda F456 1.0.0.5. This affects the function frmL7ImForm of the file /goform/L7Im. The manipulation of the argument page leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used...

9CVSS7.8AI score0.00438EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/29 8:13 p.m.14 views

CVE-2026-42398

Server-Side Request Forgery CWE-918 in Kibana allows authenticated users with connector management privileges to bypass the operator-configured connection allowlist. By configuring a Webhook connector with a crafted target, an attacker can cause Kibana to issue outbound requests to destinations...

7.7CVSS5.8AI score0.003EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/29 8:13 p.m.15 views

CVE-2026-37579

An issue in SMSGate sms-core=2.1.13.6 allows a remote attacker to execute arbitrary code via the Cmpp7FDeliverRequestMessageCodec.java component...

7.3CVSS6.2AI score0.0029EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/29 8:13 p.m.17 views

CVE-2026-44463

Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed by prepending environment variable assignments to allowlisted commands, hijacking program behavior e.g., PAGER to execute arbitrary code. This vulnerability is fixed in 0.229.0...

8.6CVSS6.1AI score0.00232EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/05/29 8:13 p.m.17 views

CVE-2026-45787

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to 3.9.5, deterministic AES-192-CBC with a fixed zero IV, constant KDF salt, and no MAC leads to confidentiality and integrity failures for synced bookmark/profile data. Attackers can crack common...

9.1CVSS5.8AI score0.00105EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/29 8:13 p.m.15 views

CVE-2026-9383

A vulnerability has been found in itsourcecode Electronic Judging System 1.0. This affects an unknown part of the file /intrams/admin/login.php. The manipulation of the argument Username leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the...

7.5CVSS6.8AI score0.00254EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/29 8:13 p.m.19 views

CVE-2026-6053

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service when a specially crafted query is run with range partitioned tables...

5.5CVSS5.8AI score0.00098EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/29 8:13 p.m.13 views

CVE-2026-49129

Music Player Daemon MPD before version 0.24.11 contains a server-side request forgery vulnerability in CurlInputPlugin where CURLOPTFOLLOWLOCATION is set without CURLOPTREDIRPROTOCOLSSTR, allowing unauthenticated attackers to bypass the http/https scheme restriction by causing a malicious HTTP...

6.9CVSS5.8AI score0.00281EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/29 8:13 p.m.10 views

CVE-2026-49130

Music Player Daemon MPD before version 0.24.11 contains a CRLF injection vulnerability in the xspfchardata function within the XSPF playlist plugin that allows attackers to embed literal CR/LF bytes in URI fields by supplying a malicious XSPF playlist with XML numeric character references...

6.9CVSS5.8AI score0.0026EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/29 8:13 p.m.12 views

CVE-2026-49094

Uncontrolled Resource Consumption CWE-400 in Kibana can lead to denial of service via Excessive Allocation CAPEC-130. An authenticated user with viewer-level access can submit a request containing an oversized input value to an analytics collections management endpoint. Kibana will consume...

6.5CVSS5.8AI score0.0027EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/29 8:13 p.m.30 views

CVE-2026-49095

Improper Input Validation CWE-20 in the Kibana Fleet agent policy management feature can lead to privilege escalation. An authenticated user with Fleet management privileges can manipulate agent policy configuration by injecting values into a configuration override mechanism that is not adequatel...

6.5CVSS5.8AI score0.00262EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/29 8:13 p.m.15 views

CVE-2026-46526

Local Deep Research is an AI-powered research assistant for deep, iterative research. Prior to 1.6.10, the URL checking logic in local-deep-research has a logical flaw that could be bypassed by attackers, leading to SSRF attacks. The current project uses validateurl to validate the input URL. The...

5CVSS5.8AI score0.00247EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/29 8:13 p.m.14 views

CVE-2026-44462

Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed via bash variable expansion chaining $var@P, allowing arbitrary command execution under an allowlisted command prefix. This vulnerability is fixed in 0.229.0...

8.8CVSS6.1AI score0.00438EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/05/29 8:13 p.m.15 views

CVE-2026-42401

Improper Neutralization of Input During Web Page Generation CWE-79 in Kibana can lead to stored HTML injection. A user with write access to an Elasticsearch index could persist crafted markup which, when subsequently rendered through an affected Kibana view by another user, was not sufficiently...

5.4CVSS5.8AI score0.00141EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/29 8:13 p.m.12 views

CVE-2026-42400

Uncontrolled Resource Consumption CWE-400 in Kibana can lead to denial of service via Excessive Allocation CAPEC-130. An authenticated user can send a specially crafted compressed request payload that is processed prior to authorization checks, causing excessive memory and CPU resource consumptio...

6.5CVSS5.8AI score0.00296EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/29 8:13 p.m.13 views

CVE-2026-42399

Uncontrolled Resource Consumption CWE-400 in Kibana can lead to denial of service via Excessive Allocation CAPEC-130. An authenticated low-privileged user can cause Kibana to consume exponentially increasing amounts of memory by submitting a specially crafted Timelion visualization expression...

6.5CVSS5.8AI score0.00296EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/29 8:13 p.m.11 views

CVE-2026-49127

Music Player Daemon MPD before version 0.24.11 contains a stack buffer overflow vulnerability in the pcmunpack24be function in src/pcm/Pack.cxx that allows unauthenticated attackers to corrupt stack memory by triggering an off-by-one write in the PCM decoder plugin. Attackers can issue two MPD...

8.8CVSS6AI score0.0051EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/29 8:13 p.m.12 views

CVE-2026-5065

IBM Controller 11.0.1, 11.1.0, 11.1.1, and 11.1.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data...

8.8CVSS5.8AI score0.0019EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/29 8:13 p.m.18 views

CVE-2026-9037

A firmware update mechanism in the affected charging controller fails to validate the authenticity of firmware packages delivered through the device's management interface. Because cryptographic signatures are not verified, an attacker with the ability to interfere with or impersonate the...

9.3CVSS6AI score0.00246EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/29 8:13 p.m.10 views

CVE-2026-45041

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, crates/appauth/src/token.rs ships a 2048-bit RSA private key as a string constant named TESTPRIVATEKEY and uses it in production via parselicense to "verify" license tokens. Because the key is embedded in every...

8.7CVSS5.9AI score0.00239EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/29 8:13 p.m.16 views

CVE-2026-20182

May 2026: This security advisory provides the details and fix information for a vulnerability that was discovered and fixed after the was disclosed in February 2026. This new advisory is for a new vulnerability in the control connection handshaking. The section of this advisory includes Show...

10CVSS6.1AI score0.88496EPSS
Exploits4References1
RedhatCVE
RedhatCVE
added 2026/05/29 8:13 p.m.17 views

CVE-2026-44797

Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, Nautobot's Webhook data model and associated feature set could be configured by users with sufficient access to perform requests to various hosts and IP addresses that should not be permitted, allowi...

8.5CVSS5.8AI score0.00235EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/29 8:13 p.m.11 views

CVE-2026-30761

An arbitrary file upload vulnerability in the pages/admin.uploadmapimg.php component of SourceBans Material Admin v1.1.6 allows attackers to execute arbitrary code via uploading a crafted image file...

7.3CVSS6.2AI score0.00358EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/29 8:13 p.m.15 views

CVE-2026-45323

MeshCore Card provides MeshCore Lovelace card for Home Assistant. Prior to 0.3.3, Meshcore node names are rendered without HTML escaping in meshcore-card, allowing any node within direct or indirect repeated radio range to execute arbitrary javascript in the Home Assistant frontend of anyone...

9.6CVSS6.1AI score0.00317EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/05/29 8:13 p.m.11 views

CVE-2026-33463

Operation on a Resource after Expiration or Termination CWE-672 in Kibana can lead to unauthorized information disclosure. A logic error in how expiration timestamps were validated allowed a time-bounded access token to remain usable beyond its intended validity window, enabling an unauthenticate...

5.3CVSS5.8AI score0.00238EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/29 8:13 p.m.15 views

CVE-2026-2607

IBM MQ Operator SC2: v3.2.0 through 3.2.23CD: v3.3.0, v3.4.0, v3.4.1, v3.5.0, v3.5.1 - v3.5.3, v3.6.0 - v3.6.4, v3.7.0 - v3.7.2, v3.8.0, v3.8.1, v3.9.0, v3.9.1LTS: v2.0.0 - 2.0.29 and IBM supplied MQ Advanced container images SC2: 9.4.0.6 through r1, 9.4.0.6-r2, 9.4.0.7-r1, 9.4.0.10-r1,...

5.1CVSS5.8AI score0.00131EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/29 8:13 p.m.15 views

CVE-2026-33462

A path traversal vulnerability was identified in Kibana's dashboard management functionality. An authenticated user with limited permissions could create a dashboard with a specially crafted identifier. When an administrator subsequently attempts to delete this dashboard through the Kibana...

7.3CVSS5.8AI score0.00223EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/29 8:13 p.m.16 views

CVE-2026-30760

An issue in SourceBans Material Admin before v.1.1.6 3ecd95e allows attackers to manipulate arbitrary user data in the web app via a crafted XAJAX call...

7.3CVSS5.9AI score0.00308EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/29 8:13 p.m.16 views

CVE-2026-33464

Uncontrolled Resource Consumption CWE-400 in Kibana can lead to a denial of service via Excessive Allocation CAPEC-130. An authenticated user holding a low-privileged role can submit a specially crafted, oversized payload to an internal Kibana API, causing the Kibana process to exhaust available...

6.5CVSS5.8AI score0.00245EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/29 8:13 p.m.15 views

CVE-2025-67903

Northern.tech Mender Client 5 before 5.0.4 allows a Cryptographic signature verification bypass...

5.3CVSS5.8AI score0.00183EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/29 8:13 p.m.12 views

CVE-2026-33590

Insecure default settings of Portainer CE grant regular non-admin users privileges that allow host filesystem access and host-level code execution. An authenticated non-administrative user with endpoint access can exploit these settings to read host files or obtain root equivalent access on the...

9.4CVSS5.9AI score0.00452EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/29 8:13 p.m.12 views

CVE-2026-36044

@pensar/apex = 0.0.58 is vulnerable to OS command injection via the smartenumerate tool. The createSmartEnumerateTool function in src/core/agent/tools.ts constructs a shell command by concatenating unsanitized values from the extensions array and url parameter into a string passed to Node.js...

8.8CVSS6AI score0.01852EPSS
Exploits0References1
Total number of security vulnerabilities206704