Lucene search
K

32429 matches found

RedHat Linux
RedHat Linux
added yesterday5 views

Important: Red Hat Security Advisory: ruby security update

An update for ruby is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

7.6CVSS6AI score0.00813EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added yesterday4 views

ruby: net-imap: Net::IMAP: Denial of Service via crafted IMAP responses

A flaw was found in Net::IMAP, a Ruby library implementing the Internet Message Access Protocol IMAP client functionality. A hostile server can exploit a quadratic time complexity issue in the Net::IMAP::ResponseReader when processing large responses containing numerous string literals. This can...

7.5CVSS5.8AI score0.0041EPSS
Exploits0References11
RedHat Linux
RedHat Linux
added yesterday5 views

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

7.5CVSS6.8AI score0.01945EPSS
Exploits0References8
Cvelist
Cvelist
added yesterday12 views

CVE-2026-42527 Apache Camel: Permissive default ObjectInputFilter pattern admits java.net.** and enables DNS-based information disclosure

Deserialization of Untrusted Data vulnerability in Apache Camel. The default ObjectInputFilter pattern shipped with several Apache Camel components for defense-in-depth deserialization filtering 'java.;javax.;org.apache.camel.;!', or the no-'javax.' variant in the aggregation-repository component...

0.00311EPSS
Exploits0References1
CVE
CVE
added yesterday7 views

CVE-2026-42527

CVE-2026-42527 describes a deserialization of untrusted data in Apache Camel. A permissive default ObjectInputFilter pattern (covering java., javax. , org.apache.camel.**) can serialize HashMap-like structures containing java.net.URL keys, causing DNS lookups as a side-channel via hashCode/equals...

8.1CVSS6AI score0.00311EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added yesterday9 views

Important: Red Hat Security Advisory: ruby:2.5 security update

An update for the ruby:2.5 module is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Common...

7.6CVSS6AI score0.00813EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added yesterday7 views

net-imap: ruby: Net::IMAP: Information disclosure via man-in-the-middle attack bypassing TLS

A flaw was found in the Ruby net-imap library. When upgrading a cleartext IMAP connection to TLS using the Net::IMAPstarttls method, the library improperly handles certain responses received during STARTTLS negotiation. A man-in-the-middle MITM attacker can inject a predicted tagged OK response...

7.6CVSS5.8AI score0.00324EPSS
Exploits0References12
RedHat Linux
RedHat Linux
added yesterday6 views

Important: Red Hat Security Advisory: ruby:2.5 security update

An update for the ruby:2.5 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Common...

7.6CVSS6AI score0.00813EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added yesterday4 views

golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing

A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname for example, xn--example-.com returns example.com instead of an error. Applications that validate the ASCII form then convert to Unicode may grant acce...

9.6CVSS5.9AI score0.00478EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added yesterday4 views

golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing

A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname for example, xn--example-.com returns example.com instead of an error. Applications that validate the ASCII form then convert to Unicode may grant acce...

9.6CVSS5.9AI score0.00478EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added yesterday4 views

net-imap: ruby: Net::IMAP: Information disclosure via man-in-the-middle attack bypassing TLS

A flaw was found in the Ruby net-imap library. When upgrading a cleartext IMAP connection to TLS using the Net::IMAPstarttls method, the library improperly handles certain responses received during STARTTLS negotiation. A man-in-the-middle MITM attacker can inject a predicted tagged OK response...

7.6CVSS5.8AI score0.00324EPSS
Exploits0References12
RedHat Linux
RedHat Linux
added yesterday9 views

net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME

A flaw was found in the net package of Go golang, specifically when using the LookupCNAME function with the cgo DNS resolver. A remote attacker could exploit this by providing a very long Canonical Name CNAME response. This can trigger a double-free of C memory, leading to a crash and a Denial of...

7.5CVSS7.1AI score0.00813EPSS
Exploits0References8
Nuclei
Nuclei
added yesterday24 views

CandidATS 3.0.0 - Cross-Site Scripting

CandidATS 3.0.0 contains a cross-site scripting vulnerability via the page parameter of the ajax.php resource. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication...

6.1CVSS6.4AI score0.01071EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday22 views

Cedar Gate EZ-NET <= 6.8.0 - Cross-Site Scripting

The Cedar Gate EZ-NET portal 6.5.5 6.8.0 Internet portal has a call to display messages to users which does not properly sanitize data sent in through a URL parameter. This leads to a Reflected Cross-Site Scripting vulnerability. id: CVE-2022-23397 info: name: Cedar Gate EZ-NET = 6.8.0 - Cross-Si...

6.1CVSS6.4AI score0.00913EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added yesterday6 views

Important: Red Hat Security Advisory: grafana security update

An update for grafana is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

9.6CVSS6.7AI score0.00478EPSS
Exploits0References2
NVD
NVD
added 4 days ago7 views

CVE-2026-56015

Net::IP::LPM versions through 1.10 for Perl allow a heap out-of-bounds read via an unbounded prefix length. add passes the prefix string to the trie builder addPrefixToTrie without checking it against the address width. addPrefixToTrie then walks the prefix buffer by prefixlength bits, reading...

9.1CVSS0.00227EPSS
Exploits0References3
NVD
NVD
added 4 days ago8 views

CVE-2026-47896

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache Lucene.Net Lucene.Net.Replicator library. This issue affects Apache Lucene.Net.Replicator: from 4.8.0-beta00005 through 4.8.0-beta00017. Users are recommended to upgrade to version 4.8.0-beta00018...

8.9CVSS0.00479EPSS
Exploits0References2
NVD
NVD
added 4 days ago4 views

CVE-2026-47898

Improper Restriction of XML External Entity Reference vulnerability in Apache Lucene.Net Lucene.Net.Analysis.Common library. This issue affects Apache Lucene.Net.Analysis.Common: from 4.8.0-beta00005 before 4.8.0-beta00018. Users are recommended to upgrade to version 4.8.0-beta00018, which fixes...

4CVSS0.00134EPSS
Exploits0References2
NVD
NVD
added 4 days ago4 views

CVE-2026-47897

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache Lucene.Net Lucene.Net.Replicator library. This issue affects Apache Lucene.Net.Replicator: from 4.8.0-beta00005 before 4.8.0-beta00018. Users are recommended to upgrade to version 4.8.0-beta00018,...

8.9CVSS0.00385EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago43 views

CVE-2026-47896 Apache Lucene.Net: Unauthenticated arbitrary file read on the Lucene.Net.Replicator replication server

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache Lucene.Net Lucene.Net.Replicator library. This issue affects Apache Lucene.Net.Replicator: from 4.8.0-beta00005 through 4.8.0-beta00017. Users are recommended to upgrade to version 4.8.0-beta00018...

8.9CVSS0.00479EPSS
Exploits0References1
Rows per page
Query Builder