Lucene search
+L

1370 matches found

NVD
NVD
added 2026/05/10 5:16 a.m.16 views

CVE-2026-7258

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, some functions, including urldecode, pass signed char to ctype functions like isxdigit. On the systems with default signed char and optimized table-lookup ctype functions - such as NetBSD - this can...

7.5CVSS0.00337EPSS
Exploits0References1
NVD
NVD
added 2026/05/10 5:16 a.m.29 views

CVE-2026-7262

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, when a SOAP server has a typemap configured, the decoding process contains a mistake which checks the wrong variable in case of missing value element. This leads to dereferences a NULL pointer,...

7.5CVSS0.0078EPSS
Exploits0References11
UbuntuCve
UbuntuCve
added 2026/05/10 5:16 a.m.10 views

CVE-2026-6735

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, 8.5. before 8.5.6, due to improper sanitation of user data, it allows an attacker to compose an URL, which will cause the target to execute arbitrary JavaScript code XSS on the target's machine when the target is viewing...

8.8CVSS6AI score0.0021EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/05/10 4:28 a.m.9 views

CVE-2026-7258 Out-of-bounds read in urldecode() on NetBSD

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, some functions, including urldecode, pass signed char to ctype functions like isxdigit. On the systems with default signed char and optimized table-lookup ctype functions - such as NetBSD - this can...

6.3CVSS5.8AI score0.00337EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/10 4:28 a.m.10 views

CVE-2026-7258

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, some functions, including urldecode, pass signed char to ctype functions like isxdigit. On the systems with default signed char and optimized table-lookup ctype functions - such as NetBSD - this can...

6.3CVSS5.8AI score0.00337EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/05/10 4:28 a.m.2 views

CVE-2026-7258 Out-of-bounds read in urldecode() on NetBSD

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, some functions, including urldecode, pass signed char to ctype functions like isxdigit. On the systems with default signed char and optimized table-lookup ctype functions - such as NetBSD - this can...

6.3CVSS7.1AI score0.00337EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.24 views

PT-2026-39160

Computing the MD5 checksum of a malformed BSON object under specific conditions may cause loss of availability in MongoDB server. This issue affects all MongoDB Server v8.2 versions, all MongoDB Server v8.1 versions, MongoDB Server v8.0 versions prior to 8.0.21, MongoDB Server v7.0 versions prior...

7.5CVSS5.8AI score0.00255EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/08 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-7262

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, when a SOAP server has a typemap configured, the decoding...

7.5CVSS5.5AI score0.0078EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/08 12:0 a.m.17 views

Slackware Linux 15.0 / current php82 Multiple Vulnerabilities (SSA:2026-127-03)

The version of php82 installed on the remote host is prior to 8.2.31 / 8.4.21. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2026-127-03 advisory. New php packages are available for Slackware 15.0 and -current to fix security issues. Tenable has extracted the...

9.8CVSS5.8AI score0.0078EPSS
Exploits1References9
Tenable Nessus
Tenable Nessus
added 2026/05/08 12:0 a.m.18 views

Linux Distros Unpatched Vulnerability : CVE-2026-6735

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, 8.5. before 8.5.6, due to improper sanitation of user data, it allows an attacker to...

8.8CVSS6.3AI score0.0021EPSS
Exploits1References3
NVD
NVD
added 2026/05/07 6:16 a.m.18 views

CVE-2026-8063

An authenticated user can crash mongod when running $rankFusion or $scoreFusion with an empty pipeline on a view. When resolving a view, the server inspects the aggregation pipeline to determine whether it begins with an Atlas Search stage. For $rankFusion and $scoreFusion, this inspection reads...

7.1CVSS0.0023EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/07 4:12 a.m.25 views

EUVD-2026-28326

An authenticated user can crash mongod when running $rankFusion or $scoreFusion with an empty pipeline on a view. When resolving a view, the server inspects the aggregation pipeline to determine whether it begins with an Atlas Search stage. For $rankFusion and $scoreFusion, this inspection reads...

7.1CVSS5.8AI score0.0023EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/07 12:0 a.m.7 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: php (UTSA-2026-016501)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016501 advisory. In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14, due to an error inconvert.quoted-printable-decode filter certain data can lead to buffer...

8.2CVSS6.3AI score0.01618EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/05/07 12:0 a.m.48 views

PHP 8.2.x < 8.2.31 Multiple Vulnerabilities

The version of PHP installed on the remote host is prior to 8.2.31. It is, therefore, affected by multiple vulnerabilities as referenced in the Version 8.2.31 advisory. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number...

9.8CVSS5.8AI score0.0078EPSS
Exploits1References17
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/21 12:1 p.m.4 views

Security Bulletin: A security vulnerability may affect IBM WebSphere Liberty that is shipped with TXSeries for Multiplatforms (CVE-2024-29371).

Summary A security vulnerability may affect IBM WebSphere Liberty that is shipped with TXSeries for Multiplatforms CVE-2024-29371. IBM WebSphere Liberty has been updated within TXSeries for Multiplatforms to address this vulnerability. Vulnerability Details CVEID:CVE-2024-29371 DESCRIPTION: In...

7.5CVSS5.6AI score0.00248EPSS
Exploits1Affected Software1
Chainguard
Chainguard
added 2026/04/10 2:13 a.m.6 views

CVE-2026-39882 vulnerabilities

Vulnerabilities for packages: gatekeeper, thanos, amazon-cloudwatch-agent, milvus, buildkitd-fips, prometheus, gitlab-workhorse-ce, datadog-agent-fips, prometheus-fips, tempo-fips, falcosidekick, ingress-nginx-controller, beats, cortex, envoy-ratelimit, op-geth, opentofu, loki-fips,...

5.3CVSS6.2AI score0.0019EPSS
Exploits0
OSV
OSV
added 2026/03/30 4:16 p.m.4 views

UBUNTU-CVE-2026-5170

A user with access to the cluster with a limited set of privilege actions can trigger a crash of a mongod process during the limited and unpredictable window when the cluster is being promoted from a replica set to a sharded cluster. This may cause a denial of service by taking down the primary o...

6CVSS5.8AI score0.00203EPSS
Exploits0References3
MongoDB
MongoDB
added 2026/03/30 3:28 p.m.13 views

Users could trigger a crash of mongod primaries during promotion to sharded

A user with access to the cluster with a limited set of privilege actions can trigger a crash of a mongod process during the limited and unpredictable window when the cluster is being promoted from a replica set to a sharded cluster. This may cause a denial of service by taking down the primary o...

6CVSS5.2AI score0.00203EPSS
Exploits0References1Affected Software1
SUSE CVE
SUSE CVE
added 2026/03/30 8:28 a.m.6 views

SUSE CVE-2020-14391

A flaw was found in the GNOME Control Center in Red Hat Enterprise Linux 8 versions prior to 8.2, where it improperly uses Red Hat Customer Portal credentials when a user registers a system through the GNOME Settings User Interface. This flaw allows a local attacker to discover the Red Hat Custom...

5.5CVSS5.8AI score0.00318EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/03/18 10:18 p.m.6 views

Moderate: Red Hat Security Advisory: grub2 security update

An update for grub2 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

7.8CVSS5.8AI score0.00207EPSS
Exploits0References2
Rows per page
Query Builder