Lucene search
K

3524 matches found

Nuclei
Nuclei
added 14 hours ago68 views

Issabel Authenticated - Remote Code Execution

A vulnerability was found in Issabel PBX 4.0.0. It has been rated as critical. This issue affects some unknown processing of the file /index.php?menu=asteriskcli of the component Asterisk-Cli. The manipulation of the argument Command leads to os command injection. The attack may be initiated...

9.8CVSS6AI score0.58153EPSS
Exploits2References5
RedHat Linux
RedHat Linux
added yesterday5 views

podman: Podman: Information disclosure via malicious container image environment variables

A flaw was found in Podman, a tool for managing OCI containers and pods. A malicious container image can be crafted with an environment variable that has a key but no value, or an asterisk , to trick Podman. This vulnerability causes Podman to pass host environment variables into the container...

7.5CVSS6AI score0.0026EPSS
Exploits0References6
Nuclei
Nuclei
added 3 days ago16 views

FreePBX >= 17.0.2.36 && < 17.0.3 - Authenticated Command Injection

FreePBX Endpoint Manager 17.0.2.36 to = 17.0.2.36 && 17.0.3 - Authenticated Command Injection author: th3y severity: critical description: | FreePBX Endpoint Manager 17.0.2.36 to 17.0.3 contains a command injection caused by improper sanitization in filestore module's testconnection checksshconne...

8.6CVSS7.1AI score0.84618EPSS
Exploits4References3
EUVD
EUVD
added 2026/07/02 7:40 p.m.7 views

EUVD-2026-41425

Pathway through 0.31.1, fixed in commit d09722e, document store applies a caller-supplied glob pattern to indexed document paths using a hand-written recursive matcher that branches two ways on each token without memoization, giving exponential worst-case complexity. The filepathglobpattern value...

8.7CVSS5.9AI score0.0047EPSS
Exploits0References4
CVE
CVE
added 2026/06/26 4:29 p.m.24 views

CVE-2026-57231

CVE-2026-57231 affects Podman versions 1.8.1 through 5.8.4, where a container image with an Env entry having only a key (and using the * wildcard) can cause host environment variables to be leaked into the container at run time. The PTSecurity document confirms the issue is addressed in Podman 5....

7.5CVSS5.8AI score0.0026EPSS
Exploits0References2Affected Software1
Debian
Debian
added 2026/06/16 5:9 p.m.10 views

[SECURITY] [DLA 4631-1] asterisk security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4631-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz June 16, 2026 https://wiki.debian.org/LTS -...

9.8CVSS5.6AI score0.01927EPSS
Exploits4
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in the 389-DS-base

A flaw was discovered in 389-ds-base. If an asterisk is imported as password hashes, either accidentally or maliciously, then any password will successfully match during authentication, instead of being inactive. This flaw allows an attacker to successfully authenticate as a user whose password h...

6.5CVSS6.6AI score0.01428EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/08 11:24 a.m.15 views

CVE-2026-6907

A flaw was found in Django. The django.middleware.cache.UpdateCacheMiddleware component incorrectly caches web requests when the Vary header contains an asterisk ''. This error can lead to sensitive private data being stored in the cache and subsequently served to unauthorized users, resulting in...

5.3CVSS5.7AI score0.00358EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.14 views

PT-2026-39155

An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. django.middleware.cache.UpdateCacheMiddleware erroneously caches requests where the Vary header contained an asterisk ''. This can lead to private data being stored and served. Earlier, unsupported Django series such as 5.0.x,...

5.3CVSS5.7AI score0.00358EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/05/08 12:0 a.m.28 views

Python Library Django 5.2.x < 5.2.14 / 6.0.x < 6.0.5 Multiple Vulnerabilities

The detected version of the Django Python package is 5.2.x prior to 5.2.14 or 6.0.x prior to 6.0.5. It is, therefore, affected by multiple vulnerabilities, including: - ASGI requests with a missing or understated Content-Length header can bypass the FILEUPLOADMAXMEMORYSIZE limit, potentially...

6.5CVSS5.8AI score0.00544EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/05 6:33 p.m.10 views

Django Uses Cache Containing Sensitive Information

An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. django.middleware.cache.UpdateCacheMiddleware erroneously caches requests where the Vary header contained an asterisk ''. This can lead to private data being stored and served. Earlier, unsupported Django series such as 5.0.x,...

5.3CVSS5.7AI score0.00358EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2026/05/05 4:16 p.m.14 views

PYSEC-2026-55

An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14.django.middleware.cache.UpdateCacheMiddleware erroneously caches requests where the Vary header contained an asterisk ''. This can lead to private data being stored and served.Earlier, unsupported Django series such as 5.0.x, 4.1.x...

5.3CVSS5.8AI score0.00358EPSS
Exploits0References4Affected Software1
Ubuntu
Ubuntu
added 2026/05/05 3:30 p.m.16 views

USN-8232-1: Django vulnerabilities

It was discovered that Django did not vary cached response headers on cookies when sessions were not modified while SESSIONSAVEEVERYREQUEST was enabled. A remote attacker could possibly use this issue to steal a user's session. CVE-2026-35192 Kyle Agronick and Jacob Walls discovered that Django...

6.5CVSS5.8AI score0.00544EPSS
Exploits0
Cvelist
Cvelist
added 2026/05/05 2:50 p.m.55 views

CVE-2026-6907 Potential exposure of private data due to incorrect handling of Vary: * in UpdateCacheMiddleware

An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. django.middleware.cache.UpdateCacheMiddleware erroneously caches requests where the Vary header contained an asterisk ''. This can lead to private data being stored and served. Earlier, unsupported Django series such as 5.0.x,...

4.3CVSS0.00358EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.12 views

Apache Polaris 输入验证错误漏洞

Apache Polaris is a data management and query service component of the Apache Foundation. Version 1.4.0 of Apache Polaris contains a vulnerability related to input validation. This vulnerability arises from the acceptance of literal asterisk characters in namespace and table names without proper...

9.9CVSS5.8AI score0.00424EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/02 12:0 a.m.24 views

PT-2026-36669

Name of the Vulnerable Software and Affected Versions Apache Polaris version 1.4.0 Description Apache Polaris allows the use of literal characters in namespace and table names. These characters are reused unescaped in S3 IAM resource patterns and s3:prefix conditions when building temporary S3...

9.9CVSS5.8AI score0.00424EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/05/02 12:0 a.m.29 views

PT-2026-36668

Name of the Vulnerable Software and Affected Versions Apache Polaris affected versions not specified Description Apache Polaris issues broad temporary storage credentials during staged table creation before validating or reserving the effective table location. This allows an attacker to direct th...

9.9CVSS5.8AI score0.00355EPSS
Exploits0References16
Fedora
Fedora
added 2026/04/30 1:30 a.m.9 views

[SECURITY] Fedora 42 Update: asterisk-18.26.4-1.fc42

Asterisk is a complete PBX in software. It runs on Linux and provides all of the features you would expect from a PBX and more. Asterisk does voice over IP in three protocols, and can interoperate with almost all standards-based telephony equipment using relatively inexpensive hardware...

9.8CVSS6.8AI score0.4557EPSS
Exploits14
Fedora
Fedora
added 2026/04/30 1:21 a.m.8 views

[SECURITY] Fedora 43 Update: asterisk-18.26.4-1.fc43

Asterisk is a complete PBX in software. It runs on Linux and provides all of the features you would expect from a PBX and more. Asterisk does voice over IP in three protocols, and can interoperate with almost all standards-based telephony equipment using relatively inexpensive hardware...

9.8CVSS6.8AI score0.4557EPSS
Exploits14
Fedora
Fedora
added 2026/04/30 12:54 a.m.10 views

[SECURITY] Fedora 44 Update: asterisk-18.26.4-1.fc44

Asterisk is a complete PBX in software. It runs on Linux and provides all of the features you would expect from a PBX and more. Asterisk does voice over IP in three protocols, and can interoperate with almost all standards-based telephony equipment using relatively inexpensive hardware...

9.8CVSS6.8AI score0.4557EPSS
Exploits14
Rows per page
Query Builder