Lucene search
K

2953 matches found

OSV
OSV
added 2026/03/26 5:32 p.m.5 views

CVE-2026-33503 Ory Kratos has a SQL injection via forged pagination tokens

Ory Kratos is an identity, user management and authentication system for cloud services. Prior to version 26.2.0, the ListCourierMessages Admin API in Ory Kratos is vulnerable to SQL injection due to flaws in its pagination implementation. Pagination tokens are encrypted using the secret configur...

7.2CVSS6.4AI score0.00252EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/26 4:39 p.m.6 views

EUVD-2026-16250

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to C++ UB potential memory corruption. This is triggered by an MQTT everestexternal/nodered/connector/cmd/switchthreephaseswhilecharging message and results in Charger::sharedcontext / internalcontext...

8.2CVSS5.8AI score0.00248EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/25 4:14 p.m.3 views

CVE-2026-25347 WordPress WP REST Cache plugin <= 2026.1.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Acato WP REST Cache wp-rest-cache allows Stored XSS.This issue affects WP REST Cache: from n/a through = 2026.1.0...

7.1CVSS5.8AI score0.00175EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/03/22 12:0 a.m.7 views

Debian dsa-6174 : spip - security update

The remote Debian 13 host has a package installed that is affected by a vulnerability as referenced in the dsa-6174 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6174-1 [email protected] https://www.debian.org/security/...

8.8CVSS5.7AI score0.00239EPSS
Exploits0References4
CVE
CVE
added 2026/03/20 9:35 p.m.23 views

CVE-2026-32887

The Connected document details a concurrency vulnerability in the Effect ecosystem where AsyncLocalStorage (ALS) context is not properly propagated across fibers in a web handler under concurrent load. Root cause: a scheduler drains multiple fiber continuations in a single drain cycle, causing AL...

7.4CVSS5.8AI score0.0027EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2026/03/13 7:53 p.m.9 views

CVE-2025-13778

Missing authentication for critical function vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1...

7.1CVSS0.00274EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/13 1:8 p.m.5 views

CVE-2025-13778 Device Reboot Control

Missing authentication for critical function vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1...

7.1CVSS5.8AI score0.00274EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/03/12 10:39 p.m.7 views

@01.software/cli (>=0.1.1 <=0.2.0-dev.260310.cf511cb), @01.software/sdk (>=0.0.1-251008.90016 <=0.3.0) +399 more potentially affected by CVE-2026-1526 via undici (>=7.0.0-alpha.3 <=7.22.0)

undici NPM version =7.0.0-alpha.3, =0.1.1, =0.0.1-251008.90016, =0.0.6, =0.0.1, =0.0.2, =0.1.0, =0.0.33, =0.0.1, =1.0.0, =21.0.0, =0.5.0, =1.0.1, =2.8.7 and more Source cves: CVE-2026-1526 Source advisory: SNYK:JS-UNDICI-15518068...

7.5CVSS7AI score0.0115EPSS
Exploits0
Snyk
Snyk
added 2026/02/27 11:50 a.m.1 views

Improper Handling of Case Sensitivity

Overview @whyour/qinglong is a Timed task management platform supporting Python3, JavaScript, Shell, Typescript Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity. due to the case-sensitive string matching in authentication middleware. A remote attacker can...

10CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2026/02/27 7:4 a.m.2 views

SUSE-SU-2026:0674-1 Security update for the Linux Kernel RT (Live Patch 0 for SUSE Linux Enterprise 15 SP7)

This update for the SUSE Linux Enterprise kernel 6.4.0-150700.5 fixes one security issue The following security issue was fixed: - CVE-2025-38129: pagepool: fix use-after-free in pagepoolrecycleinring bsc1258139...

7.8CVSS7.1AI score0.00161EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2026/02/26 10:10 p.m.13 views

@graphql-mesh/plugin-rate-limit (>=0.2.23 <=1.0.0-alpha-20230524103718-9e72bdbec), @graphql-mesh/plugin-snapshot (>=0.1.24 <=1.0.0-alpha-20230524103718-9e72bdbec) +13 more potentially affected by CVE-2026-27903 via minimatch (>=8.0.2 <=8.0.4)

minimatch NPM version =8.0.2, =0.2.23, =0.1.24, =0.15.24, =2.0.0-beta.0, =0.42.1, =0.42.1, =0.42.1, =0.42.1, =0.42.1, =0.42.1, =0.42.1, =0.42.1, =1.6.0, =1.4.1, =1.4.4 Source cves: CVE-2026-27903 Source advisory: OSV:GHSA-7R86-CG39-JMMJ...

7.5CVSS7AI score0.00517EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/02/26 3:16 p.m.7 views

@1771technologies/oneplay (>=0.0.1 <=0.0.6), @cedarjs/cli-storybook-vite (>=1.0.0-canary.12742 <=1.0.0-canary.12784) +15 more potentially affected by CVE-2026-27148 via storybook (>=8.7.0-alpha.0 <=9.1.18)

storybook NPM version =8.7.0-alpha.0, =0.0.1, =1.0.0-canary.12742, =2.0.0-beta.3, =0.0.2-alpha.0, =1.0.0, =0.1.80, =9.0.0-alpha.0, =8.7.0-alpha.0, =9.0.0, =9.0.0-alpha.0, =1.2.1, =0.0.75-beta.11, =1.1.3-beta.3 and more Source cves: CVE-2026-27148 Source advisory: OSV:GHSA-MJF5-7G4M-GX5W...

9.6CVSS5.7AI score0.00542EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/02/26 12:17 a.m.9 views

@1771technologies/oneplay (>=0.0.1 <=0.0.6), @cedarjs/cli-storybook-vite (>=1.0.0-canary.12742 <=1.0.0-canary.12784) +15 more potentially affected by CVE-2026-27148 via storybook (>=9.0.0-alpha.0 <=9.1.18)

storybook NPM version =9.0.0-alpha.0, =0.0.1, =1.0.0-canary.12742, =2.0.0-beta.3, =0.0.2-alpha.0, =1.0.0, =0.1.80, =9.0.0-alpha.0, =9.0.0, =9.0.0, =9.0.0-alpha.0, =1.2.1, =0.0.75-beta.11, =1.1.3-beta.3 and more Source cves: CVE-2026-27148 Source advisory: SNYK:JS-STORYBOOK-15353401...

9.6CVSS5.7AI score0.00542EPSS
Exploits0
Cvelist
Cvelist
added 2026/02/24 5:0 p.m.22 views

CVE-2026-27156 NiceGUI has XSS via Code Injection

NiceGUI is a Python-based UI framework. Prior to version 3.8.0, several NiceGUI APIs that execute methods on client-side elements Element.runmethod, AgGrid.rungridmethod, EChart.runchartmethod, and others use an eval fallback in the JavaScript-side runMethod function. When user-controlled input i...

6.1CVSS0.00163EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/02/20 5:0 a.m.4 views

CVE-2026-2739

This affects versions of the package bn.js before 5.2.3. Calling maskn0 on any BN instance corrupts the internal state, causing toString, divmod, and other methods to enter an infinite loop, hanging the process indefinitely...

6.9CVSS5.2AI score0.00467EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/02/20 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-2739

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - This affects versions of the package bn.js before 5.2.3. Calling maskn0 on any BN instance corrupts the internal state, causing toString, divmod, and other...

6.9CVSS6AI score0.00467EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/20 12:0 a.m.5 views

PT-2026-20998

Name of the Vulnerable Software and Affected Versions bn.js versions prior to 5.2.3 Description The bn.js package is susceptible to a state corruption issue. Calling the maskn0 function on any BN instance corrupts the internal state. This corruption causes methods like toString, divmod, and other...

8.7CVSS5.2AI score0.00521EPSS
Exploits1References207
OSV
OSV
added 2026/02/19 11:16 p.m.7 views

AZL-78216 CVE-2026-26958 affecting package telegraf 1.31.0-15

filippo.io/edwards25519 is a Go library implementing the edwards25519 elliptic curve with APIs for building cryptographic primitives. In versions 1.1.0 and earlier, MultiScalarMult produces invalid results or undefined behavior if the receiver is not the identity point. If Point.MultiScalarMult i...

6.3CVSS5.7AI score0.00366EPSS
Exploits0References1
Photon
Photon
added 2026/02/19 12:0 a.m.8 views

Low Photon OS Security Update - PHSA-2026-5.0-0767

Updates of 'glib' packages of Photon OS have been released...

2.8CVSS5.5AI score0.00139EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/02/19 12:0 a.m.9 views

Amazon Linux 2 : oci-add-hooks, --advisory ALAS2ECS-2026-096 (ALASECS-2026-096)

The version of oci-add-hooks installed on the remote host is prior to 0-0.7.20200504git325a340. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2026-096 advisory. net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service wh...

10CVSS5.9AI score0.01945EPSS
Exploits2References10
Rows per page
Query Builder