Lucene search
K

14931 matches found

Tenable Nessus
Tenable Nessus
added 2026/04/30 12:0 a.m.10 views

Amazon Linux 2 : firefox, --advisory ALAS2FIREFOX-2026-057 (ALASFIREFOX-2026-057)

The version of firefox installed on the remote host is prior to 140.9.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2026-057 advisory. Memory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1...

9.8CVSS6.2AI score0.0035EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/04/30 12:0 a.m.7 views

Amazon Linux 2 : rclone, --advisory ALAS2-2026-3264 (ALAS-2026-3264)

"The version of rclone installed on the remote host is prior to 1.55.1-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3264 advisory. gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper...

9.1CVSS7.7AI score0.01557EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/04/30 12:0 a.m.19 views

Amazon Linux 2023 : docker (ALAS2023-2026-1615)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1615 advisory. Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler cmd/compile. As a result, the compiler would allow for invalid indexing to...

9.8CVSS7.3AI score0.08123EPSS
Exploits1References20
Tenable Nessus
Tenable Nessus
added 2026/04/30 12:0 a.m.8 views

Amazon Linux 2023 : python3.13, python3.13-devel, python3.13-freethreading (ALAS2023-2026-1600)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1600 advisory. The import hook in CPython that handles legacy .pyc files SourcelessFileLoader is incorrectly handled in FileLoader a base class and so does not use io.opencode to read the .pyc files. sys.aud...

7.5CVSS5.9AI score0.00621EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/04/30 12:0 a.m.15 views

Amazon Linux 2023 : python3.11, python3.11-devel, python3.11-idle (ALAS2023-2026-1620)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1620 advisory. The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update, |= operator, and unpickling paths were not patched, allowing control...

9.1CVSS5.9AI score0.00621EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2026/04/30 12:0 a.m.14 views

Amazon Linux 2 : docker, --advisory ALAS2NITRO-ENCLAVES-2026-097 (ALASNITRO-ENCLAVES-2026-097)

The version of docker installed on the remote host is prior to 25.0.14-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2026-097 advisory. Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go...

9.8CVSS8AI score0.08123EPSS
Exploits1References20
Tenable Nessus
Tenable Nessus
added 2026/04/30 12:0 a.m.7 views

Amazon Linux 2 : thunderbird, --advisory ALAS2-2026-3271 (ALAS-2026-3271)

The version of thunderbird installed on the remote host is prior to 140.9.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3271 advisory. Memory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 an...

9.8CVSS6.2AI score0.0035EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/04/30 12:0 a.m.12 views

Amazon Linux 2 : vim, --advisory ALAS2-2026-3251 (ALAS-2026-3251)

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3251 advisory. A modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens a crafted file. The complete, guitabtooltip and printheader options are missing the PMLE flag, allowing a modeline ...

8.2CVSS5.8AI score0.0047EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/30 12:0 a.m.6 views

Amazon Linux 2 : docker, --advisory ALAS2DOCKER-2026-111 (ALASDOCKER-2026-111)

The version of docker installed on the remote host is prior to 25.0.14-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-111 advisory. Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler...

9.8CVSS8AI score0.08123EPSS
Exploits1References20
Tenable Nessus
Tenable Nessus
added 2026/04/30 12:0 a.m.18 views

Amazon Linux 2 : nerdctl, --advisory ALAS2-2026-3265 (ALAS-2026-3265)

The version of nerdctl installed on the remote host is prior to 2.2.2-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3265 advisory. Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler...

9.8CVSS6.1AI score0.00651EPSS
Exploits0References22
Tenable Nessus
Tenable Nessus
added 2026/04/30 12:0 a.m.9 views

Amazon Linux 2 : libpng, --advisory ALAS2-2026-3266 (ALAS-2026-3266)

The version of libpng installed on the remote host is prior to 1.5.13-8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3266 advisory. Use-after-free in pngsetPLTE, pngsettRNS and pngsethIST in libpng before 1.6.57. Passing a pointer returned by the corresponding...

5.1CVSS5.8AI score0.00195EPSS
Exploits1References4
Amazon
Amazon
added 2026/04/30 12:0 a.m.10 views

Medium: libpng

Issue Overview: Use-after-free in pngsetPLTE, pngsettRNS and pngsethIST in libpng before 1.6.57. Passing a pointer returned by the corresponding getter back into the setter causes the setter to read from a stale pointer after freeing the internal buffer, leading to corrupted chunk data and...

5.1CVSS5.2AI score0.00195EPSS
Exploits1
OSV
OSV
added 2026/04/29 2:48 p.m.5 views

CLSA-2026-1777474126 rsync: Fix of 2 CVEs

CVE-2024-12086: prevent server from reading arbitrary client files via path traversal - CVE-2025-10158: fix invalid access to files array in sender - Add upstream stability fix RsyncProject/rsync PR 706: use-after-free in generator - Enable Amazon Linux 2 ELS...

6.8CVSS7AI score0.01761EPSS
Exploits1References1
OSV
OSV
added 2026/04/29 1:32 p.m.5 views

CLSA-2026-1777469554 rsync: Fix of 2 CVEs

CVE-2024-12086: prevent server from reading arbitrary client files via path traversal - CVE-2025-10158: fix invalid access to files array in sender - Add upstream stability fix RsyncProject/rsync PR 706: use-after-free in generator - Enable Amazon Linux 2 ELS...

6.8CVSS5.9AI score0.01761EPSS
Exploits1References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/29 12:0 p.m.7 views

Malicious code in nicegui (npm)

Malicious npm package published by threat actor "ryanmccollum1" typosquatting the popular Python NiceGUI framework. Part of the same supply chain attack campaign as redeem-onchain-sdk, which collects SSH keys, AWS credentials, .npmrc tokens, Docker auth, Chrome saved logins, .env files, and git...

5.3AI score
Exploits0References1
OSV
OSV
added 2026/04/29 12:0 p.m.5 views

MAL-2026-3181 Malicious code in period-newline (npm)

Malicious npm package published by threat actor "ryanmccollum1" impersonating a benign text-formatting utility. Part of the same supply chain attack campaign as redeem-onchain-sdk, which collects SSH keys, AWS credentials, .npmrc tokens, Docker auth, Chrome saved logins, .env files, and git...

5.4AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/29 8:58 a.m.8 views

Malicious code in amazon-boto (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 649bb559f3078565515a9fee16dbe78e0d1b5575943cbaf020135f8e70e2f17d When using the package, the given AWS credentials are silently exfiltrated to a hardcoded location. This incarnation of the long-running campaign was first...

5.3AI score
Exploits0References1
OSV
OSV
added 2026/04/29 8:58 a.m.8 views

MAL-2026-3148 Malicious code in amazon-boto (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 649bb559f3078565515a9fee16dbe78e0d1b5575943cbaf020135f8e70e2f17d When using the package, the given AWS credentials are silently exfiltrated to a hardcoded location. This incarnation of the long-running campaign was first...

5.4AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/29 8:0 a.m.7 views

Malicious code in apple-coredata-internal-service (npm)

Malicious npm package published by threat actor "raya4321" as part of a coordinated typosquatting campaign impersonating Apple internal infrastructure services authentication, PKI, telemetry, CloudKit, and cloud infrastructure. All packages in this campaign execute credential-theft payloads durin...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/04/29 8:0 a.m.5 views

MAL-2026-3151 Malicious code in apple-cloud-infrastructure-monitor (npm)

Malicious npm package published by threat actor "raya4321" as part of a coordinated typosquatting campaign impersonating Apple internal infrastructure services authentication, PKI, telemetry, CloudKit, and cloud infrastructure. All packages in this campaign execute credential-theft payloads durin...

5.9AI score
Exploits0References1
Rows per page
Query Builder