#vulnerability β Public Fediverse posts
Live and recent posts from across the Fediverse tagged #vulnerability, aggregated by home.social.
-
π¨ EUVD-2026-33030
π Score: 6.5/10 (CVSS v3.1)
π¦ Product: Kibana, Kibana, Kibana
π’ Vendor: Elastic
π Updated: 2026-05-28π Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to denial of service via Excessive Allocation (CAPEC-130). An authenticated user can send a specially crafted compressed request payload that is processed prior to authorization ch...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-33030
-
π¨ EUVD-2026-33031
π Score: 6.5/10 (CVSS v3.1)
π¦ Product: Kibana, Kibana
π’ Vendor: Elastic
π Updated: 2026-05-28π Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to denial of service via Excessive Allocation (CAPEC-130). An authenticated low-privileged user can cause Kibana to consume exponentially increasing amounts of memory by submitting a speci...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-33031
-
π¨ EUVD-2026-33032
π Score: 7.7/10 (CVSS v3.1)
π¦ Product: Kibana, Kibana
π’ Vendor: Elastic
π Updated: 2026-05-28π Server-Side Request Forgery (CWE-918) in Kibana allows authenticated users with connector management privileges to bypass the operator-configured connection allowlist. By configuring a Webhook connector with a crafted target, an attacker can cause Kib...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-33032
-
π¨ EUVD-2026-33033
π Score: 7.2/10 (CVSS v3.1)
π¦ Product: Kibana, Kibana, Kibana
π’ Vendor: Elastic
π Updated: 2026-05-28π Improper Input Validation (CWE-20) in the Kibana Fleet agent policy management feature can lead to privilege escalation. An authenticated user with Fleet management privileges can manipulate agent policy configuration by injecting values into ...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-33033
-
π¨ EUVD-2026-33034
π Score: 6.5/10 (CVSS v3.1)
π¦ Product: Kibana
π’ Vendor: Elastic
π Updated: 2026-05-28π Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to denial of service via Excessive Allocation (CAPEC-130). An authenticated user with viewer-level access can submit a request containing an oversized input value to an analytics collections manag...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-33034
-
π¨ EUVD-2026-33035
π Score: 6.3/10 (CVSS v3.1)
π¦ Product: Kibana
π’ Vendor: Elastic
π Updated: 2026-05-28π Server-Side Request Forgery (CWE-918) in Kibana can allow an authenticated user with connector management privileges to bypass the operator-configured connector allowlist, causing the Kibana server to issue outbound requests to destinations the egress control...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-33035
-
π¨ EUVD-2026-33036
π Score: 9.8/10 (CVSS v3.1)
π¦ Product: Oracle Hospitality OPERA 5 Property Services, Oracle Hospitality OPERA 5 Property Services, Oracle Hospitality OPERA 5 Property Services (+2 more)
π’ Vendor: Oracle Corporation
π Updated: 2026-05-28π Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-33036
-
π¨ EUVD-2026-33037
π Score: 7.9/10 (CVSS v3.1)
π¦ Product: Oracle REST Data Services
π’ Vendor: Oracle Corporation
π Updated: 2026-05-28π Vulnerability in Oracle REST Data Services (component: Core). Supported versions that are affected are 24.2.0-26.1.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTPS to compromise ...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-33037
-
π¨ EUVD-2026-33038
π Score: 8.1/10 (CVSS v3.1)
π¦ Product: Oracle REST Data Services
π’ Vendor: Oracle Corporation
π Updated: 2026-05-28π Vulnerability in Oracle REST Data Services (component: Core). Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Or...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-33038
-
π¨ EUVD-2026-33039
π Score: 9.9/10 (CVSS v3.1)
π¦ Product: Oracle REST Data Services
π’ Vendor: Oracle Corporation
π Updated: 2026-05-28π Vulnerability in Oracle REST Data Services (component: Core). Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Or...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-33039
-
π¨ EUVD-2026-33040
π Score: 9.8/10 (CVSS v3.1)
π¦ Product: Oracle Payments
π’ Vendor: Oracle Corporation
π Updated: 2026-05-28π Vulnerability in the Oracle Payments product of Oracle E-Business Suite (component: File Transmission). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-33040
-
π¨ EUVD-2026-33041
π Score: 7.4/10 (CVSS v3.1)
π¦ Product: Oracle Payments
π’ Vendor: Oracle Corporation
π Updated: 2026-05-28π Vulnerability in the Oracle Payments product of Oracle E-Business Suite (component: File Transmission). Supported versions that are affected are 12.2.3-12.2.15. Difficult to exploit vulnerability allows unauthenticated attacker with netwo...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-33041
-
π¨ EUVD-2026-33042
π Score: 9.1/10 (CVSS v3.1)
π¦ Product: Oracle Internet Procurement Connector
π’ Vendor: Oracle Corporation
π Updated: 2026-05-28π Vulnerability in the Oracle Internet Procurement Connector product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerabilit...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-33042
-
π¨ EUVD-2026-33043
π Score: 8.5/10 (CVSS v3.1)
π¦ Product: Oracle Financials Common Modules
π’ Vendor: Oracle Corporation
π Updated: 2026-05-28π Vulnerability in the Oracle Financials Common Modules product of Oracle E-Business Suite (component: Common Components). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-33043
-
π¨ EUVD-2026-33044
π Score: 7.7/10 (CVSS v3.1)
π¦ Product: Oracle Financials Common Modules
π’ Vendor: Oracle Corporation
π Updated: 2026-05-28π Vulnerability in the Oracle Financials Common Modules product of Oracle E-Business Suite (component: Common Components). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-33044
-
π¨ EUVD-2026-33045
π Score: 9.9/10 (CVSS v3.1)
π¦ Product: Oracle iAssets
π’ Vendor: Oracle Corporation
π Updated: 2026-05-28π Vulnerability in the Oracle iAssets product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network ...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-33045
-
π¨ EUVD-2026-33046
π Score: 7.7/10 (CVSS v3.1)
π¦ Product: Oracle Public Sector Financials (International)
π’ Vendor: Oracle Corporation
π Updated: 2026-05-28π Vulnerability in the Oracle Public Sector Financials (International) product of Oracle E-Business Suite (component: Authorization). Supported versions that are affected are 12.2.6-12.2.15. Easily exploitabl...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-33046
-
π¨ EUVD-2026-33047
π Score: 9.9/10 (CVSS v3.1)
π¦ Product: Oracle Universal Work Queue
π’ Vendor: Oracle Corporation
π Updated: 2026-05-28π Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Work Provider Site Level Administration). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerabilit...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-33047
-
π¨ EUVD-2026-33048
π Score: 8.8/10 (CVSS v3.1)
π¦ Product: Oracle Payroll
π’ Vendor: Oracle Corporation
π Updated: 2026-05-28π Vulnerability in the Oracle Payroll product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network ...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-33048
-
π¨ EUVD-2026-33049
π Score: 8.8/10 (CVSS v3.1)
π¦ Product: Oracle Payroll
π’ Vendor: Oracle Corporation
π Updated: 2026-05-28π Vulnerability in the Oracle Payroll product of Oracle E-Business Suite (component: Self Service Manager). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-33049
-
π¨ EUVD-2026-33050
π Score: 8.1/10 (CVSS v3.1)
π¦ Product: Oracle Payroll
π’ Vendor: Oracle Corporation
π Updated: 2026-05-28π Vulnerability in the Oracle Payroll product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network ...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-33050
-
π¨ EUVD-2026-33051
π Score: 7.5/10 (CVSS v3.1)
π¦ Product: Oracle REST Data Services
π’ Vendor: Oracle Corporation
π Updated: 2026-05-28π Vulnerability in Oracle REST Data Services (component: Mongoapi). Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromi...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-33051
-
π¨ EUVD-2026-33052
π Score: 5.3/10 (CVSS v3.1)
π¦ Product: Oracle REST Data Services
π’ Vendor: Oracle Corporation
π Updated: 2026-05-28π Vulnerability in Oracle REST Data Services (component: Mongoapi). Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromi...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-33052
-
π¨ EUVD-2026-33013
π Score: 9.0/10 (CVSS v3.1)
π¦ Product: Oracle Database Server
π’ Vendor: Oracle Corporation
π Updated: 2026-05-28π Vulnerability in the Net Service component of Oracle Database Server. Supported versions that are affected are 23.4.0-23.26.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compro...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-33013
-
π¨ EUVD-2026-33015
π Score: 7.5/10 (CVSS v3.1)
π¦ Product: Oracle Database Server
π’ Vendor: Oracle Corporation
π Updated: 2026-05-28π Vulnerability in the Net Service component of Oracle Database Server. Supported versions that are affected are 23.4.0-23.26.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromi...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-33015
-
π¨ EUVD-2026-33014
π Score: 7.5/10 (CVSS v3.1)
π¦ Product: Oracle Database Server
π’ Vendor: Oracle Corporation
π Updated: 2026-05-28π Vulnerability in the Net Service component of Oracle Database Server. Supported versions that are affected are 23.4.0-23.26.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromi...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-33014
-
π CVE-2026-45047 - High (7.5)
bird-lg-go is a BIRD looking glass in Go. Prior to 1.4.5, the apiHandler (and similarly webHandlerTelegramBot) processes user-provided JSON payloads by directly using json.NewDecoder(r.Body).Decode(&request) without restricting the maximum read si...
π https://www.thehackerwire.com/vulnerability/CVE-2026-45047/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
-
π EUVD Daily CVSS Summary
π‘ Average Score: 6.96/10 (Medium)
π Vulnerabilities: 397
β¬οΈ Min: 2.7 | β¬οΈ Max: 10.0π Date: 2026-05-27
-
Vaultjacking: One Captured PIN, the Entire Google Password Manager Vault
Read on HackerWorkspace: https://hackerworkspace.com/article/vaultjacking-one-captured-pin-the-entire-google-password-manager-vault
-
Vaultjacking: One Captured PIN, the Entire Google Password Manager Vault
Read on HackerWorkspace: https://hackerworkspace.com/article/vaultjacking-one-captured-pin-the-entire-google-password-manager-vault
-
Vaultjacking: One Captured PIN, the Entire Google Password Manager Vault
Read on HackerWorkspace: https://hackerworkspace.com/article/vaultjacking-one-captured-pin-the-entire-google-password-manager-vault
-
Vaultjacking: One Captured PIN, the Entire Google Password Manager Vault
Read on HackerWorkspace: https://hackerworkspace.com/article/vaultjacking-one-captured-pin-the-entire-google-password-manager-vault
-
Apparently, you can be IDed by what your SSD does
Websites have a new way to spy on visitors: analyzing their SSD activity
#Websites #Spyware #SSD #Hardware #Storage #Privacy #Vulnerability #Security #Surveillance #Tech
-
Apparently, you can be IDed by what your SSD does
Websites have a new way to spy on visitors: analyzing their SSD activity
#Websites #Spyware #SSD #Hardware #Storage #Privacy #Vulnerability #Security #Surveillance #Tech
-
Apparently, you can be IDed by what your SSD does
Websites have a new way to spy on visitors: analyzing their SSD activity
#Websites #Spyware #SSD #Hardware #Storage #Privacy #Vulnerability #Security #Surveillance #Tech
-
Apparently, you can be IDed by what your SSD does
Websites have a new way to spy on visitors: analyzing their SSD activity
#Websites #Spyware #SSD #Hardware #Storage #Privacy #Vulnerability #Security #Surveillance #Tech
-
Apparently, you can be IDed by what your SSD does
Websites have a new way to spy on visitors: analyzing their SSD activity
#Websites #Spyware #SSD #Hardware #Storage #Privacy #Vulnerability #Security #Surveillance #Tech
-
AI-Assisted Exploit Development Outpaces Detection
https://www.darkreading.com/threat-intelligence/ai-assisted-exploit-development-scanner-detection
Read on HackerWorkspace: https://hackerworkspace.com/article/ai-assisted-exploit-development-outpaces-detection
-
AI-Assisted Exploit Development Outpaces Detection
https://www.darkreading.com/threat-intelligence/ai-assisted-exploit-development-scanner-detection
Read on HackerWorkspace: https://hackerworkspace.com/article/ai-assisted-exploit-development-outpaces-detection
-
AI-Assisted Exploit Development Outpaces Detection
https://www.darkreading.com/threat-intelligence/ai-assisted-exploit-development-scanner-detection
Read on HackerWorkspace: https://hackerworkspace.com/article/ai-assisted-exploit-development-outpaces-detection
-
AI-Assisted Exploit Development Outpaces Detection
https://www.darkreading.com/threat-intelligence/ai-assisted-exploit-development-scanner-detection
Read on HackerWorkspace: https://hackerworkspace.com/article/ai-assisted-exploit-development-outpaces-detection
-
π EUVD Daily CVSS Summary
π‘ Average Score: 6.74/10 (Medium)
π Vulnerabilities: 286
β¬οΈ Min: 1.8 | β¬οΈ Max: 10.0π Date: 2026-05-26
-
π CVE-2026-42735 - High (8.2)
Authentication Bypass Using an Alternate Path or Channel vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows Password Recovery Exploitation.This issue affects KiviCare: from n/a through <= 4.3.0.
π https://www.thehackerwire.com/vulnerability/CVE-2026-42735/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
-
π CVE-2026-42735 - High (8.2)
Authentication Bypass Using an Alternate Path or Channel vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows Password Recovery Exploitation.This issue affects KiviCare: from n/a through <= 4.3.0.
π https://www.thehackerwire.com/vulnerability/CVE-2026-42735/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
-
π CVE-2026-42735 - High (8.2)
Authentication Bypass Using an Alternate Path or Channel vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows Password Recovery Exploitation.This issue affects KiviCare: from n/a through <= 4.3.0.
π https://www.thehackerwire.com/vulnerability/CVE-2026-42735/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
-
π΄ CVE-2026-42755 - Critical (9.3)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 TableOn posts-table-filterable allows Blind SQL Injection.This issue affects TableOn: from n/a through <= 1.0.5.1.
π https://www.thehackerwire.com/vulnerability/CVE-2026-42755/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
-
π΄ CVE-2026-42755 - Critical (9.3)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 TableOn posts-table-filterable allows Blind SQL Injection.This issue affects TableOn: from n/a through <= 1.0.5.1.
π https://www.thehackerwire.com/vulnerability/CVE-2026-42755/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
-
π΄ CVE-2026-42755 - Critical (9.3)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 TableOn posts-table-filterable allows Blind SQL Injection.This issue affects TableOn: from n/a through <= 1.0.5.1.
π https://www.thehackerwire.com/vulnerability/CVE-2026-42755/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
-
π΄ CVE-2026-42748 - Critical (9.9)
Unrestricted Upload of File with Dangerous Type vulnerability in WPify WPify Woo Czech wpify-woo allows Upload a Web Shell to a Web Server.This issue affects WPify Woo Czech: from n/a through <= 5.4.1.
π https://www.thehackerwire.com/vulnerability/CVE-2026-42748/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
-
π΄ CVE-2026-42748 - Critical (9.9)
Unrestricted Upload of File with Dangerous Type vulnerability in WPify WPify Woo Czech wpify-woo allows Upload a Web Shell to a Web Server.This issue affects WPify Woo Czech: from n/a through <= 5.4.1.
π https://www.thehackerwire.com/vulnerability/CVE-2026-42748/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack