Lucene search
K

368521 matches found

CVE
CVE
added 2 days ago14 views

CVE-2026-14631

Vulnerability overview: CVE-2026-14631 affects webpack-dev-server up to version 5.2.5. An unauthenticated peer sending a normal HTTP request with a malformed Host header or a WebSocket upgrade to /ws with a malformed Origin header triggers an uncaught exception in the host-validation path, crashi...

5.3CVSS6AI score0.00308EPSS
Exploits0References2
CVE
CVE
added 2 days ago14 views

CVE-2026-14620

webpack-dev-server prior to 5.2.6 exposes two internal endpoints (/webpack-dev-server/open-editor and /webpack-dev-server/invalidate) that perform state-changing actions on any GET request without origin verification. This enables cross-origin interactions when a user visits any website while the...

4.7CVSS6.1AI score0.00116EPSS
Exploits0References2
CVE
CVE
added 2 days ago14 views

CVE-2026-14615

Keycloak FGAP v2 implementation flaw exposes child group details via the parent-group children endpoint when FGAP v2 is enabled. The issue occurs because the system does not properly filter child groups by the caller’s per-child permissions, allowing a delegated administrator to view child group ...

4.3CVSS5.9AI score0.00172EPSS
Exploits0References2
CVE
CVE
added 2 days ago12 views

CVE-2026-14614

The CVE-2026-14614 entry concerns Keycloak’s admin services, specifically the ClientResource component under FGAP v2. It describes a bypass where a delegated administrator can attach or remove hidden client scopes beyond their visibility/permission, potentially injecting unauthorized data or perm...

5.4CVSS5.9AI score0.00159EPSS
Exploits0References2
CVE
CVE
added 2 days ago13 views

CVE-2026-14613

Technical details are not publicly available in the provided documents. Monitor for updates from Red Hat/NVD for affected Keycloak FGAP v2 integration and any patched versions.

4.3CVSS6AI score0.00187EPSS
Exploits0References2
CVE
CVE
added 2 days ago14 views

CVE-2026-14612

The CVE concerns FreeIPA’s ipa-otpd daemon, specifically the OAuth2 device authorization handler. Two off-by-one errors can trigger out-of-bounds memory access when handling an oversized response from a configured external OAuth2/OIDC Identity Provider. Exploitation requires FreeIPA to be configu...

4.2CVSS6AI score0.00142EPSS
Exploits0References2
CVE
CVE
added 2 days ago10 views

CVE-2026-49813

Dell PowerProtect Data Domain is affected (versions 7.7.1.0–8.7, LTS2026 8.6.1.0–8.6.1.10, LTS2025 8.3.1.0–8.3.1.30, LTS2024 7.13.1.0–7.13.1.70) by an OS command injection vulnerability due to improper neutralization of special elements in commands. The issue can enable arbitrary command executio...

6.7CVSS6AI score0.00492EPSS
Exploits0References1
CVE
CVE
added 2 days ago8 views

CVE-2026-14460

CVE-2026-14460 concerns pardus-software from TUBITAK BILGEM Software Technologies Research Institute. The vulnerability is described as a Missing Authorization flaw that allows Argument Injection in pardus-software versions up to and including 1.0.4, with 1.0.5 or later as the fixed release. Affe...

8.8CVSS5.9AI score0.00163EPSS
Exploits1References1
CVE
CVE
added 2 days ago10 views

CVE-2026-49814

CVE-2026-49814 affects Dell PowerProtect Data Domain, including versions 7.7.1.0–8.7 and several LTS releases (8.6.1.0–8.6.1.10, 8.3.1.0–8.3.1.30, 7.13.1.0–7.13.1.70). The vulnerability is an OS Command Injection due to improper neutralization of special elements, allowing a high-privilege, remot...

7.2CVSS6.1AI score0.01216EPSS
Exploits0References1
CVE
CVE
added 2 days ago10 views

CVE-2026-14459

Vulnerability: TUBITAK BILGEM pardus-software suffers an argument injection due to improper neutralization of command delimiters. Affects pardus-software

8.8CVSS5.9AI score0.00198EPSS
Exploits1References1
CVE
CVE
added 2 days ago10 views

CVE-2026-49815

Summary: Dell PowerProtect Data Domain (versions 7.7.1.0–8.7; LTS2026 8.6.1.0–8.6.1.10; LTS2025 8.3.1.0–8.3.1.30; LTS2024 7.13.1.0–7.13.1.70) contains an OS command injection vulnerability due to improper neutralization of special elements in OS commands. A high-privileged attacker with remote ac...

7.2CVSS6.2AI score0.01096EPSS
Exploits0References1
CVE
CVE
added 2 days ago9 views

CVE-2026-53478

Summary: CVE-2026-53478 affects Dell PowerProtect Data Domain (versions 7.7.1.0–8.7; LTS2026: 8.6.1.0–8.6.1.10; LTS2025: 8.3.1.0–8.3.1.30; LTS2024: 7.13.1.0–7.13.1.70) and is caused by improper neutralization of special elements used in an OS command (OS command injection). A high-privilege attac...

7.2CVSS6AI score0.01216EPSS
Exploits0References1
CVE
CVE
added 2 days ago9 views

CVE-2026-46463

Dell PowerProtect Data Domain vulnerabilities (versions 7.7.1.0–8.7, LTS2026 8.6.1.0–8.6.1.10, LTS2025 8.3.1.0–8.3.1.30, LTS2024 7.13.1.0–7.13.1.70) contain an integer overflow/wraparound issue. An unauthenticated, remote attacker could potentially exploit this vulnerability to cause a denial of ...

6.5CVSS6AI score0.00243EPSS
Exploits0References1
CVE
CVE
added 2 days ago7 views

CVE-2026-46464

Dell PowerProtect Data Domain contains an improper link resolution before file access vulnerability (CVE-2026-46464) affecting 7.7.1.0–8.7, LTS2026 8.6.1.0–8.6.1.10, LTS2025 8.3.1.0–8.3.1.30, and LTS2024 7.13.1.0–7.13.1.70. A high‑privileged, remote attacker could cause information disclosure. Th...

4.9CVSS6AI score0.00422EPSS
Exploits0References1
CVE
CVE
added 2 days ago7 views

CVE-2026-46465

Dell PowerProtect Data Domain (versions 7.7.1.0 through 8.7; LTS2026 8.6.1.0–8.6.1.10; LTS2025 8.3.1.0–8.3.1.30; LTS2024 7.13.1.0–7.13.1.70) contains an externally-controlled format string vulnerability. A high-privilege attacker with remote access could exploit this over the network, potentially...

5.5CVSS6AI score0.00238EPSS
Exploits0References1
CVE
CVE
added 2 days ago7 views

CVE-2026-46466

CVE-2026-46466 affects Dell PowerProtect Data Domain: 7.7.1.0–8.7; LTS2026: 8.6.1.0–8.6.1.10; LTS2025: 8.3.1.0–8.3.1.30; LTS2024: 7.13.1.0–7.13.1.70. The issue is a use of less trusted source vulnerability that could be exploited by a high-privileged attacker with remote access to cause informati...

2.7CVSS6AI score0.00109EPSS
Exploits0References1
CVE
CVE
added 2 days ago9 views

CVE-2026-46467

Dell PowerProtect Data Domain (versions 7.7.1.0–8.7; LTS2026 8.6.1.0–8.6.1.10; LTS2025 8.3.1.0–8.3.1.30; LTS2024 7.13.1.0–7.13.1.70) contains an insertion of sensitive information into log files. A low-privileged, local attacker could exploit this to cause information exposure. The CVE is documen...

5.8CVSS5.9AI score0.00085EPSS
Exploits0References1
CVE
CVE
added 2 days ago12 views

CVE-2026-46468

CVE-2026-46468 affects Dell PowerProtect Data Domain: affected versions include 7.7.1.0–8.7, and specific LTS2024/2025/2026 ranges. The issue is an improper link resolution before file access (link following) that can be exploited by a high-privilege, local attacker to cause information exposure....

4.4CVSS5.9AI score0.00133EPSS
Exploits0References1
CVE
CVE
added 2 days ago10 views

CVE-2026-56015

CVE-2026-56015 affects Net::IP::LPM versions up to 1.10 for Perl and causes a heap out-of-bounds read when a prefix length is unbounded. The vulnerable path occurs in add() -> addPrefixToTrie() where the prefix is not validated against the IPv4/IPv6 address width before walking the buffer by p...

6AI score0.00227EPSS
Exploits0References3
CVE
CVE
added 2 days ago7 views

CVE-2026-46730

CVE-2026-46730 affects Dell PowerProtect Data Domain: versions 7.7.1.0 through 8.7, LTS2026 8.6.1.0–8.6.1.10, LTS2025 8.3.1.0–8.3.1.30, and LTS2024 7.13.1.0–7.13.1.70 contain an incorrect authorization vulnerability . A high-privileged attacker with local access could potentially exploit this to ...

4.2CVSS6AI score0.00116EPSS
Exploits0References1
Rows per page
Query Builder