Lucene search
K
RedhatcveRecent

206309 matches found

RedhatCVE
RedhatCVE
•added 2026/06/06 6:43 p.m.•11 views

CVE-2026-45743

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. 16 file-manager endpoints in Termix prior to version 2.3.2 do not verify that the requesting user owns the SSH session identified by sessionId. An authenticated attacker who knows or...

8.1CVSS5.6AI score0.00282EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2026/06/06 6:43 p.m.•12 views

CVE-2026-45290

Cloudburst Network provides network components used within Cloudburst projects. A vulnerability in versions prior to 1.0.0.CR3-20260417.085727-30 impacts publicly accessible software depending on the affected versions of Network and allows an attacker to exploit a vulnerability in Network to stal...

7.5CVSS5.5AI score0.00278EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/06 6:43 p.m.•13 views

CVE-2026-48920

A flaw was found in the Jenkins Email Extension Plugin. An attacker with the ability to control email content can exploit this vulnerability by inlining images with file: URLs. This allows the attacker to read arbitrary files from the Jenkins controller filesystem, leading to information disclosu...

8.8CVSS5.9AI score0.00299EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/06 6:43 p.m.•10 views

CVE-2026-44838

RabbitMQ is a messaging and streaming broker. From 4.2.0 to before 4.2.4, RabbitMQ's MQTT plugin allows for topic-level authorization using regular expressions with variable substitution. Administrators can create patterns such as ^clientid-sensors$ to restrict user access to topics that include...

8.1CVSS5.5AI score0.0025EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/06 6:43 p.m.•14 views

CVE-2026-48921

A flaw was found in the Jenkins Pipeline: Groovy Libraries Plugin. This vulnerability allows an attacker, who can control the content of a library used by a Pipeline job, to read arbitrary files from the Jenkins controller filesystem. This could lead to the disclosure of sensitive information...

7.5CVSS5.3AI score0.00301EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/06 6:43 p.m.•11 views

CVE-2026-44839

A flaw was found in RabbitMQ, a messaging and streaming broker. Unsanitized virtual host names allow for XSS in the the management UI pages that list virtual hosts if the attacker manages to find a way to force a virtual host to restart. This vulnerability requires high privileges and user...

5.6CVSS5.8AI score0.0018EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2026/06/06 6:43 p.m.•10 views

CVE-2026-48925

A cross-site request forgery CSRF vulnerability in Jenkins GitHub Integration Plugin 0.7.3 and earlier allows attackers to attackers to trigger a build for a pull request...

4.3CVSS5.4AI score0.00109EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/06 6:43 p.m.•20 views

CVE-2026-44902

opentelemetry-js is the OpenTelemetry JavaScript Client. Prior to 0.217.0, a single malformed HTTP request crashes any Node.js process running the OpenTelemetry JS Prometheus exporter. The metrics endpoint default 0.0.0.0:9464 has no error handling around URL parsing, so a request with an invalid...

7.5CVSS5.5AI score0.00455EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/06 6:43 p.m.•12 views

CVE-2026-48926

Jenkins Job Import Plugin 143.v044a2e819b27 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

4.3CVSS5.5AI score0.00178EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/06 12:43 p.m.•13 views

CVE-2026-21038

Improper input validation in Samsung Android USB Driver for Windows prior to version 1.9.5.0 allows local attacker to access out-of-bounds memory...

5.9CVSS5.4AI score0.00101EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/06 12:43 p.m.•17 views

CVE-2026-42791

A flaw was found in Erlang OTP's publickey application, specifically in the Online Certificate Status Protocol OCSP response verification. A remote attacker who has obtained the private key of an expired Certificate Authority CA-designated OCSP responder certificate can forge OCSP responses. This...

6.3CVSS5.9AI score0.00316EPSS
Exploits0References9
RedhatCVE
RedhatCVE
•added 2026/06/06 12:43 p.m.•13 views

CVE-2026-21035

Improper input validation in Samsung Plus TV prior to version 1.0.28.6 allows remote attackers to access sensitive information...

7.5CVSS5.5AI score0.00298EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/06 12:43 p.m.•13 views

CVE-2026-21037

Improper input validation in Samsung Members prior to version 5.8.01.5 allows local attackers to access arbitrary URL and launch arbitrary activity with Samsung Members privilege...

7.1CVSS5.6AI score0.00105EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/06 12:43 p.m.•17 views

CVE-2026-21034

Improper export of android application components in Samsung Auto prior to version 3.1.2.61 in Android 15 and 3.2.0.38 in Android 16 allows local attacker to change audio configuration...

4.8CVSS5.4AI score0.00084EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/06 12:43 p.m.•16 views

CVE-2026-21032

Improper export of android application components in SmartHomeWidgetReceiver of Samsung Assistant prior to version 9.3.14 allows local attacker to execute arbitrary script...

7.1CVSS5.8AI score0.00093EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/06 12:43 p.m.•13 views

CVE-2026-21029

Improper export of android application components in Galaxy Editing Service prior to SMR Jun-2026 Release 1 allows local attacker to execute privileged operations...

7.8CVSS5.6AI score0.00093EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/06 12:43 p.m.•14 views

CVE-2026-21036

Improper authorization in Samsung Internet prior to version 30.0.0.39 allows local attackers to access sensitive information...

6.3CVSS5.4AI score0.00094EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/06 12:43 p.m.•14 views

CVE-2026-21028

Improper access control in AuditLogService prior to SMR Jun-2026 Release 1 allows local attackers to access sensitive information...

5.5CVSS5.4AI score0.00093EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/06 12:43 p.m.•12 views

CVE-2026-21031

Improper authorization in AppBlock prior to SMR Jun-2026 Release 1 allows local attacker to launch arbitrary activity. User interaction is required for triggering this vulnerability...

7.8CVSS5.5AI score0.00093EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/06 12:43 p.m.•15 views

CVE-2026-21025

Incorrect privilege assignment in Telephony prior to SMR Jun-2026 Release 1 allows local attackers to access sensitive information...

6.9CVSS5.4AI score0.00093EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/06 12:43 p.m.•14 views

CVE-2026-21027

Improper export of android application components in ImsSettings prior to SMR Jun-2026 Release 1 allows local attackers to trigger logging function...

4.8CVSS5.4AI score0.00084EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/06 12:43 p.m.•17 views

CVE-2026-21033

Improper export of android application components in ExpressHomeWidgetReceiver of Samsung Assistant prior to version 9.3.14 allows local attacker to execute arbitrary script...

7.1CVSS5.8AI score0.00093EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/06 12:43 p.m.•13 views

CVE-2026-21026

Improper export of android application components in SpriteWallpaper prior to SMR Jun-2026 Release 1 allows local attackers to access to sensitive information...

6.4CVSS5.4AI score0.00093EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/06 12:43 p.m.•13 views

CVE-2026-21030

Improper access control in MediaTek Audio HAL prior to SMR Jun-2026 Release 1 allows local attackers to trigger privileged functions...

7.8CVSS5.4AI score0.00094EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/06 12:43 p.m.•14 views

CVE-2026-8914

In Teltonika Networks RUTOS devices, running versions 7.22 through 7.23.2 and TSWOS devices running versions 1.09 through 1.09.1, due to unsafe calls to an eval function in rpc-profile, a vulnerability exists where a lower privileged user could perform command injection as the root user...

8.4CVSS5.5AI score0.00541EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/06 12:43 p.m.•15 views

CVE-2026-11369

The Comment API GET /api/Comment and POST /api/Comment in the affected application fails to perform authorization checks to verify that the requesting user has access to the object identified by the relatedObjectId. This Insecure Direct Object Reference IDOR vulnerability allows any authenticated...

7.1CVSS5.6AI score0.00207EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/06 12:43 p.m.•13 views

CVE-2026-25659

Ericsson Packet Core Gateway PCG versions prior to 1.30 contain an Improper Handling of Missing Values CWE-230 vulnerability where an attacker continuously sending a specially crafted message can cause service degradation. The impact continues as long the attack persists but the system recovers...

7.1CVSS5.4AI score0.00165EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/06 12:43 p.m.•12 views

CVE-2026-25658

Ericsson Packet Core Gateway PCG versions prior to 1.30 contain an Improper Handling of Missing Values CWE-230 vulnerability where an attacker continuously sending a specially crafted message can cause service degradation. The impact continues as long the attack persists but the system recovers...

7.1CVSS5.4AI score0.00165EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/06 12:43 p.m.•12 views

CVE-2026-25657

Ericsson Packet Core Gateway PCG versions prior to 1.30 contain an Improper Handling of Syntactically Invalid Structure CWE-228 vulnerability where an attacker continuously sending a specially crafted message can cause service degradation. The impact continues as long the attack persists but the...

7.1CVSS5.4AI score0.00165EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/06 12:43 p.m.•14 views

CVE-2026-6274

Improper Authentication, Missing authentication for critical function, Weak Authentication vulnerability in DTS Electronics Industry and Trade Ltd. Co. Redline WR3200 allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Redline WR3200: from 7.1.3 before 7.1.8...

9.8CVSS5.5AI score0.0046EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/06 12:43 p.m.•18 views

CVE-2026-48907

A vulnerability in the JCE editor extension for Joomla allows the creation of new editor profiles for unauthenticated users, ultimately resulting in PHP code upload and execution...

10CVSS5.5AI score0.80425EPSS
Exploits18References1
RedhatCVE
RedhatCVE
•added 2026/06/06 12:43 p.m.•15 views

CVE-2026-49777

Improper Validation of Specified Quantity in Input vulnerability in ShapedPlugin, LLC Product Slider Pro for WooCommerce allows Malicious Software Implanted. This issue affects Product Slider Pro for WooCommerce: from n/a before 3.5.4...

10CVSS5.4AI score0.01656EPSS
Exploits2References1
RedhatCVE
RedhatCVE
•added 2026/06/06 12:43 p.m.•13 views

CVE-2026-11329

A vulnerability has been found in onnx onnx-mlir up to 0.5.0.0. Affected by this issue is the function generatehashkey of the file src/Runtime/python/torchonnxmlir/src/torchonnxmlir/backend.py of the component Placeholder Node Cache Handler. Such manipulation leads to use of weak hash. An attack...

3.6CVSS4.6AI score0.00078EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/06 12:43 p.m.•13 views

CVE-2026-11347

The linqi application contains hardcoded cryptographic keys. Additionally, the application uses a weak algorithm with a limited ASCII charset to dynamically generate Initialization Vectors IVs for AES/CBC encryption, making known-plaintext attacks feasible. An attacker with local access can...

8.5CVSS5.5AI score0.00073EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/06 12:43 p.m.•14 views

CVE-2026-21017

Improper handling of insufficient privileges in SecTelephonyProvider prior to SMR Jun-2026 Release 1 allows local attackers to access privileged files...

5.5CVSS5.4AI score0.00093EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/06 12:43 p.m.•15 views

CVE-2026-11345

An Improper Authentication vulnerability in the /api/Cdn/GetFile endpoint of linqi allows unauthenticated, remote attackers to bypass file access controls. The ValidateAnonFileAccess function incorrectly grants access if an 'AnonFile' query parameter containing exactly 256 characters is provided...

6.9CVSS5.5AI score0.00414EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/06 12:43 p.m.•15 views

CVE-2026-11346

A Server-Side Request Forgery SSRF vulnerability in the custom process creation feature of linqi allows an authenticated attacker to probe internal network components. By crafting a specific process containing an HTTP Request component, an attacker can force the server to send arbitrary HTTP...

5.3CVSS5.6AI score0.00226EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/06 6:43 a.m.•15 views

CVE-2025-15649

A flaw was found in perl-IO-Compress. This vulnerability allows a remote attacker to cause a Denial of Service DoS by providing a specially crafted zip file. The IO::Uncompress::Unzip module, which is part of perl-IO-Compress, does not properly handle malformed date information within a zip file'...

6.5CVSS5AI score0.00127EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added 2026/06/06 6:43 a.m.•13 views

CVE-2026-7762

A heap-based buffer overflow vulnerability in the dot11ah.ko HaLow Wi-Fi kernel driver in Morse Micro HaLowLink 2 software versions prior to 2.11.13 allows an unauthenticated attacker within radio range to cause a Denial of Service kernel panic or potentially achieve Remote Code Execution via a...

9.8CVSS6AI score0.00567EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/06 6:43 a.m.•15 views

CVE-2026-7763

A heap-based buffer overflow vulnerability in the morse.ko HaLow Wi-Fi kernel driver in Morse Micro HaLowLink 2 software versions prior to 2.11.13 allows an unauthenticated attacker within radio range to cause a Denial of Service kernel panic or potentially achieve Remote Code Execution via a...

9.8CVSS5.9AI score0.00536EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/06 6:43 a.m.•14 views

CVE-2026-48959

A flaw was found in perl-IO-Compress. An attacker can exploit a vulnerability in the IO::Uncompress::Unzip module's fastForward function by providing a specially crafted zip file. When a named entry is extracted, a per-byte read loop occurs, leading to CPU exhaustion. This can result in a Denial ...

7.5CVSS5.6AI score0.00373EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2026/06/06 6:43 a.m.•14 views

CVE-2026-50592

In Znuny LTS before 6.5.21 and Znuny before 7.3.3, there is reflected XSS in AdminCommunicationLog aka the communication log administration view...

6.4CVSS5.4AI score0.00148EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/06 6:43 a.m.•14 views

CVE-2026-50591

In Znuny LTS before 6.5.21 and Znuny before 7.3.3, XSS can occur via stored user preferences...

5.4CVSS5.4AI score0.00133EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/06 6:42 a.m.•14 views

CVE-2026-50593

Graphite before 1.3.15 has an integer underflow and resultant out-of-bounds write via Graphite actions, because slotat does not ensure that an offset is within the allowed slot-map range...

7.3CVSS5.5AI score0.00112EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/06 6:42 a.m.•17 views

CVE-2026-21837

HCL Digital Experience is affected by an OS command injection vulnerability in the Digital Asset Management API. An attacker may execute arbitrary operating system commands, typically inheriting the privileges of the vulnerable application, which could possibly lead to a complete system takeover...

8.8CVSS5.9AI score0.0092EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/06 6:42 a.m.•14 views

CVE-2026-21826

HCL Digital Experience and HCL Digital Experience Compose could be susceptible to Host header injection. An attacker can manipulate the Host header and cause the application to behave in unexpected ways...

6.1CVSS5.5AI score0.00144EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/06 6:42 a.m.•13 views

CVE-2026-21825

HCL Digital Experience Compose is affected by a reflected cross-site scripting XSS vulnerability in the search center. An attacker could execute arbitrary JavaScript in the victim's browser...

6.1CVSS5.5AI score0.00152EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/06 6:42 a.m.•13 views

CVE-2026-49017

A flaw was found in OpenStack Swift. An authenticated attacker can exploit this vulnerability by sending a specially crafted, truncated aws-chunked PUT request body to the s3api middleware. This action causes an infinite loop within the StreamingInput class, leading to the affected proxy-server...

7.1CVSS5.3AI score0.00322EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added 2026/06/06 6:42 a.m.•14 views

CVE-2026-48961

A flaw was found in the zipdetails command-line interface CLI tool, bundled with IO::Compress for Perl. When processing a specially crafted Info-ZIP Unix Extra Field with an 8-byte User ID UID or Group ID GID, the zipdetails tool attempts to call an undefined subroutine. This can lead to the tool...

7.3CVSS5.7AI score0.00262EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2026/06/06 6:42 a.m.•12 views

CVE-2026-8450

A flaw was found in HTTP::Daemon, a Perl module used for creating HTTP servers. A remote attacker can exploit this vulnerability by providing specially crafted input to the sendfile function, leading to OS command injection. This allows the attacker to execute arbitrary commands on the system wit...

9.1CVSS6AI score0.01231EPSS
Exploits0References6
Total number of security vulnerabilities206309