Lucene search
K

183 matches found

OSV
OSV
added 2026/04/01 9:11 p.m.1 views

GHSA-HVC7-763R-4F3H openssl-encrypt has no owner verification on key revocation — any client can revoke any key

Summary The revokekey method in opensslencryptserver/modules/keyserver/service.py at lines 195-270 accepts a clientid parameter but never verifies that the requesting client is the same as key.ownerclientid. Impact Any authenticated client can revoke any other client's key, as long as they provid...

8.7CVSS5.9AI score
Exploits0References3
OSV
OSV
added 2026/03/20 9:5 a.m.9 views

BIT-CEPH-2020-10736

An authorization bypass vulnerability was found in Ceph versions 15.2.0 before 15.2.2, where the ceph-mon and ceph-mgr daemons do not properly restrict access, resulting in gaining access to unauthorized resources. This flaw allows an authenticated client to modify the configuration and possibly...

8CVSS5.8AI score0.00646EPSS
Exploits0References3
OSV
OSV
added 2026/01/20 12:15 a.m.8 views

CVE-2026-22219

Chainlit versions prior to 2.9.4 contain a server-side request forgery SSRF vulnerability in the /project/element update flow when configured with the SQLAlchemy data layer backend. An authenticated client can provide a user-controlled url value in an Element, which is fetched by the SQLAlchemy...

7.7CVSS5.8AI score
Exploits0References3
NVD
NVD
added 2026/01/20 12:15 a.m.5 views

CVE-2026-22218

Chainlit versions prior to 2.9.4 contain an arbitrary file read vulnerability in the /project/element update flow. An authenticated client can send a custom Element with a user-controlled path value, causing the server to copy the referenced file into the attacker’s session. The resulting element...

7.1CVSS0.08843EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/01/19 11:14 p.m.3 views

CVE-2026-22218

Chainlit versions prior to 2.9.4 contain an arbitrary file read vulnerability in the /project/element update flow. An authenticated client can send a custom Element with a user-controlled path value, causing the server to copy the referenced file into the attacker’s session. The resulting element...

7.1CVSS5.5AI score0.08843EPSS
Exploits1References4
CVE
CVE
added 2026/01/19 11:14 p.m.20 views

CVE-2026-22218

Chainlit CVE-2026-22218 affects versions prior to 2.9.4 and is an arbitrary file read in the /project/element update flow. An authenticated client can submit a user-controlled path in a custom Element, causing the server to copy that file into the attacker’s session. The attacker can then retriev...

7.1CVSS5.7AI score0.08843EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/07 9:10 a.m.4 views

CVE-2019-16536

Stack overflow leading to DoS can be triggered by a malicious authenticated client in Clickhouse before 19.14.3.3...

8.8CVSS6.9AI score0.00749EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2025/11/11 1:58 p.m.2 views

redis: Lua library commands may lead to integer overflow and potential RCE

An integer overflow present in the Redis Lua scripting engine that allows an authenticated client to submit a specially crafted Lua script for example via EVAL/EVALSHA that can trigger memory corruption and potentially lead to remote code execution within the Redis server process...

8.8CVSS8AI score0.03692EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2025/11/04 2:45 p.m.3 views

redis: Lua library commands may lead to integer overflow and potential RCE

An integer overflow present in the Redis Lua scripting engine that allows an authenticated client to submit a specially crafted Lua script for example via EVAL/EVALSHA that can trigger memory corruption and potentially lead to remote code execution within the Redis server process...

8.8CVSS8AI score0.03692EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2025/10/29 9:46 a.m.2 views

redis: Lua library commands may lead to integer overflow and potential RCE

An integer overflow present in the Redis Lua scripting engine that allows an authenticated client to submit a specially crafted Lua script for example via EVAL/EVALSHA that can trigger memory corruption and potentially lead to remote code execution within the Redis server process...

8.8CVSS8AI score0.03692EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2025/10/23 8:28 p.m.8 views

redis: Lua library commands may lead to integer overflow and potential RCE

An integer overflow present in the Redis Lua scripting engine that allows an authenticated client to submit a specially crafted Lua script for example via EVAL/EVALSHA that can trigger memory corruption and potentially lead to remote code execution within the Redis server process...

8.8CVSS8AI score0.03692EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2025/10/21 11:58 p.m.1 views

redis: Lua library commands may lead to integer overflow and potential RCE

An integer overflow present in the Redis Lua scripting engine that allows an authenticated client to submit a specially crafted Lua script for example via EVAL/EVALSHA that can trigger memory corruption and potentially lead to remote code execution within the Redis server process...

8.8CVSS8AI score0.03692EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2020-25837

Malware in sbrugna...

6.5CVSS5.6AI score0.01241EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.1 views

EUVD-2017-16420

Malware in sbrugna...

6.5CVSS7.3AI score0.01432EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-29308

Malware in sbrugna...

8.8CVSS8.4AI score0.02385EPSS
Exploits2References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-19373

Malware in sbrugna...

8.8CVSS6.1AI score0.00749EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2021-21087

Malware in sbrugna...

6.5CVSS6.3AI score0.01113EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-34092

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00486EPSS
Exploits0References1
Snyk
Snyk
added 2025/09/09 12:0 a.m.1 views

Missing Release of Memory after Effective Lifetime

Overview Affected versions of this package are vulnerable to Missing Release of Memory after Effective Lifetime via the key exchange process. An attacker can cause gradual memory exhaustion and potential application crashes by repeatedly initiating key exchanges with incorrect guesses as an...

3.1CVSS6.7AI score0.00375EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/09/02 4:52 p.m.4 views

PocketMine-MP `ResourcePackDataInfoPacket` amplification vulnerability due to lack of resource pack sequence status checking

Summary A denial-of-service / out-of-memory vulnerability exists in the STATUSSENDPACKS handling of ResourcePackClientResponsePacket. PocketMine-MP processes the packIds array without verifying that all entries are unique. A malicious non-standard Bedrock client can send multiple duplicate valid...

7.2AI score
Exploits0References5Affected Software1
Rows per page
Query Builder