Lucene search
K
RedhatcveRecent

206548 matches found

RedhatCVE
RedhatCVE
•added 2026/06/05 7:46 p.m.•12 views

CVE-2026-42506

A flaw was found in golang.org/x/net/html. When parsing arbitrary HTML that is subsequently rendered, an unexpected HTML tree can be generated. A remote attacker could leverage this vulnerability to execute Cross-Site Scripting XSS attacks in applications that attempt to sanitize input HTML befor...

6.1CVSS6AI score0.00188EPSS
Exploits0References7
RedhatCVE
RedhatCVE
•added 2026/06/05 7:46 p.m.•8 views

CVE-2026-42523

Jenkins GitHub Plugin 1.46.0 and earlier improperly processes the current job URL as part of JavaScript implementing validation of the feature "GitHub hook trigger for GITScm polling", resulting in a stored cross-site scripting XSS vulnerability exploitable by non-anonymous attackers with...

9CVSS5.5AI score0.00281EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:46 p.m.•8 views

CVE-2026-42502

A flaw was found in golang.org/x/net/html. This vulnerability allows an attacker to manipulate how HTML is processed and displayed. By providing specially crafted HTML, an attacker can cause an unexpected structure in the rendered output. This can lead to Cross-Site Scripting XSS attacks, where...

6.1CVSS6AI score0.00178EPSS
Exploits0References7
RedhatCVE
RedhatCVE
•added 2026/06/05 7:46 p.m.•10 views

CVE-2026-42873

WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, when attempting to upload a file with malicious content to funcionario/docdependenteupload.php, the application responds with an overly descriptive error message. This leads to information disclosure, effectively...

5.4AI score0.00194EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:46 p.m.•14 views

CVE-2026-42499

Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322...

7.5CVSS5.4AI score0.00798EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:46 p.m.•13 views

CVE-2026-42520

Jenkins Credentials Binding Plugin 719.v80e905ef14eb and earlier does not sanitize file names for file and zip file credentials, allowing attackers able to provide credentials to a job to write files to arbitrary locations on the node filesystem, which can lead to remote code execution if Jenkins...

7.5CVSS6.7AI score0.00411EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:46 p.m.•18 views

CVE-2026-42040

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the encode function in lib/helpers/AxiosURLSearchParams.js contains a character mapping charMap at line 21 that reverses the safe percent-encoding of null bytes. After encodeURIComponent'\x00' correctly...

3.7CVSS5.5AI score0.00217EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:46 p.m.•10 views

CVE-2026-42526

In the AWS Secrets Manager and SSM Parameter Store secrets backends of apache-airflow-providers-amazon prior to 9.28.0, the team-scoping logic could resolve a connid containing a / e.g. "myteam/conn" to the same path as another team's team-scoped secret when the caller had no team context. A...

5.3CVSS5.4AI score0.00413EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:46 p.m.•13 views

CVE-2026-42525

Jenkins Microsoft Entra ID previously Azure AD Plugin 666.v6060de32f87d and earlier does not restrict the redirect URL after login, allowing attackers to perform phishing attacks...

4.3CVSS5.4AI score0.00212EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:46 p.m.•11 views

CVE-2026-42475

SQL injection vulnerability in MixPHP Framework 2.x thru 2.2.17 via crafted on array to the joinOn function in BuildHelper.php...

6.5CVSS5.6AI score0.00201EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:46 p.m.•10 views

CVE-2026-42448

Magic Wormhole makes it possible to get arbitrary-sized files and directories from one computer to another. Prior to 0.24.0, there is a path traversal when a receiver who specifies "--output " where that output directory currently exists as a directory. This vulnerability is fixed in 0.24.0...

3.5CVSS5.5AI score0.00197EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:46 p.m.•10 views

CVE-2026-42480

A stack-based out-of-bounds read vulnerability in VrmlDataScene::ReadLine in the VRML parser in Open CASCADE Technology OCCT V800rc5 allows attackers to cause a denial of service via a crafted VRML file. The issue occurs because the quoted-string escape handler uses ptr++anOffset without proper...

5.5CVSS5.5AI score0.00098EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:46 p.m.•10 views

CVE-2026-2900

GitLab has remediated an issue in GitLab EE affecting all versions from 16.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that when instance-level approval rule editing prevention was enabled, could have allowed an authenticated user with Maintainer permissions to modify or dele...

2.7CVSS5.5AI score0.00219EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:46 p.m.•10 views

CVE-2026-2401

CWE-532 Insertion of Sensitive Information into Log File vulnerability exists that could cause confidential information to be exposed when a Web Admin user executes a malicious file provided by an attacker...

5CVSS5.4AI score0.00103EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:46 p.m.•12 views

CVE-2026-42670

Missing Authorization vulnerability in Etoile Web Design Incorporated Five Star Restaurant Reservations allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Five Star Restaurant Reservations: from n/a through 2.7.14...

7.5CVSS5.4AI score0.00252EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:46 p.m.•10 views

CVE-2026-20685

An attacker in a privileged network position may be able to leak sensitive information. A path handling issue was addressed with improved validation. This issue is fixed in PCC Release 5E290.3...

6.5CVSS5.4AI score0.00194EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:46 p.m.•11 views

CVE-2026-42522

A missing permission check in Jenkins GitHub Branch Source Plugin 1967.vdead580c1aba and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL with attacker-specified GitHub App credentials...

4.3CVSS5.4AI score0.00184EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:46 p.m.•9 views

CVE-2026-42501

A malicious module proxy can exploit a flaw in the go command's validation of module checksums to bypass checksum database validation. This vulnerability affects any user using an untrusted module proxy GOMODPROXY or checksum database GOSUMDB. A malicious module proxy can serve altered versions o...

7.5CVSS5.6AI score0.00231EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:46 p.m.•11 views

CVE-2026-20449

In Modem, there is a possible system crash due to a heap buffer overflow. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch I...

6.5CVSS6.1AI score0.00224EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:46 p.m.•10 views

CVE-2026-20456

In wlan STA driver, there is a possible system crash due to a missing bounds check. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00480851; Issue ID: MSV-6338...

5.5CVSS5.6AI score0.00102EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:46 p.m.•12 views

CVE-2026-24761

Kiteworks is a private data network PDN. Prior to version 9.3.0, an Insecure Direct Object Reference IDOR vulnerability in Kiteworks Secure Data Forms allows an authenticated user to access metadata of resources belonging to other users due to insufficient authorization checks on resource...

4.3CVSS5.5AI score0.00142EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:46 p.m.•9 views

CVE-2026-42626

HP ENVY 5000 series printers VERBASPP1N003.2237A.00 do not properly manage concurrent TCP connections to port 9100 JetDirect/RAW printing. An unauthenticated remote attacker on the same network can establish a persistent connection to port 9100 and send keep-alive packets, causing the printer's...

5.9CVSS5.5AI score0.0016EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:46 p.m.•10 views

CVE-2026-20450

In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch...

6.5CVSS5.7AI score0.00291EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:46 p.m.•12 views

CVE-2026-24069

Kiuwan SAST improperly authorizes SSO logins for locally disabled mapped user accounts, allowing disabled users to continue accessing the application. Kiuwan Cloud was affected, and Kiuwan SAST on-premise KOP was affected before 2.8.2509.4...

5.4CVSS5.5AI score0.00189EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:46 p.m.•10 views

CVE-2026-42471

Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The sync-invoke client Connection.php:76 calls unserialize on data received from the server response, enabling client-side RCE if connecting to a malicious server...

8.1CVSS5.5AI score0.01757EPSS
Exploits2References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:46 p.m.•15 views

CVE-2026-46595

A flaw was found in golang.org/x/crypto/ssh. Source-address validation can be skipped when an SSH server configuration uses an authentication callback type other than public key, allowing authorization bypass in misconfigured servers. This is a follow-on to incomplete coverage from the...

10CVSS6.5AI score0.0044EPSS
Exploits0References7
RedhatCVE
RedhatCVE
•added 2026/06/05 7:46 p.m.•9 views

CVE-2026-42497

A flaw was found in perl-Archive-Tar. This vulnerability allows an attacker to craft a malicious tar archive that, when extracted, can create hardlinks to arbitrary files outside the intended extraction directory. This could lead to the modification of sensitive files on the system, potentially...

7.5CVSS5.5AI score0.00417EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added 2026/06/05 7:46 p.m.•40 views

CVE-2026-42479

An out-of-bounds read vulnerability in VrmlDataIndexedLineSet::TShape in the VRML parser in Open CASCADE Technology OCCT V800rc5 allows attackers to cause a denial of service via a crafted VRML file. The issue occurs because coordIndex values from parsed input are used as direct array indices...

5.5CVSS5.5AI score0.00099EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:46 p.m.•12 views

CVE-2026-42503

gopls by default communicates via pipe. However, -port and -listen flags are supported as means of debugging. If -listen is given a value without an explicit host e.g. :8080, or -port is used, gopls will listen on 0.0.0.0. As a result, users might inadvertently cause gopls to bind 0.0.0.0. This c...

8.8CVSS5.7AI score0.00223EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:46 p.m.•9 views

CVE-2026-42521

Jenkins Matrix Authorization Strategy Plugin 2.0-beta-1 through 3.2.9 both inclusive invokes parameterless constructors of classes specified in configuration when deserializing inheritance strategies, without restricting the classes that can be instantiated, allowing attackers with Item/Configure...

6.5CVSS5.6AI score0.00246EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:46 p.m.•10 views

CVE-2026-28577

In addWindow of WindowManagerService.java, there is a possible tapjacking issue due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS5.6AI score0.00067EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:46 p.m.•13 views

CVE-2026-24710

Northern.tech CFEngine Enterprise before 3.21.8, 3.24.3, and 3.27.0 allows XSS...

6.1CVSS5.4AI score0.00166EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:46 p.m.•10 views

CVE-2026-24661

Mattermost Plugins versions =2.1.3.0 fail to limit the request body size on the /changes webhook endpoint which allows an authenticated attacker to cause memory exhaustion and denial of service via sending an oversized JSON payload. Mattermost Advisory ID: MMSA-2026-00611...

6.5CVSS5.5AI score0.00311EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:46 p.m.•10 views

CVE-2026-28964

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 26.5 and iPadOS 26.5, visionOS 26.5. An app may be able to access sensitive user data...

7.5CVSS5.4AI score0.00325EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:46 p.m.•12 views

CVE-2026-28919

A consistency issue was addressed with improved state handling. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to gain root privileges...

7.8CVSS5.4AI score0.00149EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:46 p.m.•9 views

CVE-2026-46597

A flaw was found in golang.org/x/crypto/ssh. A remote attacker could send specially crafted inputs to the AES-GCM packet decoder. This could lead to an incorrectly placed cast from bytes to an integer, causing a server-side panic and resulting in a Denial of Service DoS for the affected system...

7.5CVSS5.9AI score0.00359EPSS
Exploits0References7
RedhatCVE
RedhatCVE
•added 2026/06/05 7:46 p.m.•7 views

CVE-2026-28586

In multiple functions of AppOpsService.java, there is a possible missing permission check due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

3.3CVSS5.6AI score0.00064EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:46 p.m.•8 views

CVE-2026-46598

A flaw was found in golang.org/x/crypto/ssh/agent. An attacker could provide specially crafted inputs that, when processed, lead to the creation of an ed25519.PrivateKey by casting malformed wire bytes. This improper input handling can cause the program to panic and crash, resulting in a Denial o...

5.3CVSS5.3AI score0.00313EPSS
Exploits0References7
RedhatCVE
RedhatCVE
•added 2026/06/05 7:46 p.m.•13 views

CVE-2026-46473

Authen::TOTP versions before 0.1.1 for Perl generate secrets using rand. Secrets were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage...

7.5CVSS5.4AI score0.00416EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:46 p.m.•9 views

CVE-2026-28986

A race condition was addressed with additional validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, watchOS 26.5. An app may be able to cause unexpected system termination...

7.5CVSS5.4AI score0.00413EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:46 p.m.•10 views

CVE-2026-46741

Etsy::StatsD versions through 1.002002 for Perl allow metric injections. The metric names and values are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. Note that the git repository contains an unreleased version with the...

7.5CVSS5.5AI score0.00262EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:46 p.m.•12 views

CVE-2026-28954

A file quarantine bypass was addressed with additional checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. A maliciously crafted disk image may bypass Gatekeeper checks...

7.5CVSS5.4AI score0.00387EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:46 p.m.•9 views

CVE-2026-28990

The issue was addressed with improved memory handling. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing a maliciously crafted image may corrupt process memory...

7.5CVSS5.4AI score0.0034EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:46 p.m.•11 views

CVE-2026-28924

A race condition was addressed with improved handling of symbolic links. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to access Contacts without user consent...

7.5CVSS5.4AI score0.00306EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:46 p.m.•9 views

CVE-2026-28860

The issue was addressed with improved input validation. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. A local attacker may be able to modify the state of the...

7.5CVSS5.4AI score0.0038EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:46 p.m.•10 views

CVE-2026-28581

In fixInitiatingUserIfNecessary of CallIntentProcessor.java, there is a possible way to make an emergency call due to a logic error in the code. This could lead to local with null execution privileges needed. User interaction is null for exploitation...

4CVSS5.7AI score0.00074EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:46 p.m.•11 views

CVE-2026-28969

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An app may be able to cause unexpected system...

7.5CVSS5.4AI score0.0045EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:46 p.m.•11 views

CVE-2026-28909

Users who connect to malicious registries with hostnames matching the bypass patterns will have their registry credentials exposed in plaintext. This issue is fixed in container version 0.12.3...

6.5CVSS5.5AI score0.00199EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:46 p.m.•9 views

CVE-2026-28897

A buffer overflow was addressed with improved input validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. A local user may be able to cause unexpected system...

6.2CVSS5.7AI score0.00166EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:46 p.m.•12 views

CVE-2026-28908

A denial of service issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to modify protected parts of the file system...

7.5CVSS5.4AI score0.00483EPSS
Exploits0References1
Total number of security vulnerabilities206548