Lucene search
K

2223 matches found

Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.6 views

Debian dla-4526 : firefox-esr - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4526 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4526-1 [email protected]...

9.8CVSS6AI score0.0035EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.3 views

Mozilla Firefox < 150.0

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 150.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-30 advisory. - Incorrect boundary conditions, integer overflow in the Audio/Video: Playback component. This vulnerability w...

9.8CVSS6.2AI score0.04938EPSS
Exploits1References44
CNNVD
CNNVD
added 2026/04/18 12:0 a.m.9 views

securedrop-client 安全漏洞

Securedrop-client is an open-source application developed by the Freedom of the Press Foundation. Versions of Securedrop-client prior to 0.17.4 contain security vulnerabilities. These vulnerabilities stem from improper filename validation during the gzip archive extraction process. Allowing...

7.5CVSS5.9AI score0.00439EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/17 6:31 p.m.8 views

EUVD-2026-23448

The WP Customer Area plugin for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation in the 'ajaxattachfile' function in all versions up to, and including, 8.3.4. This makes it possible for authenticated attackers with a role that an administrator...

8.8CVSS6.6AI score0.00968EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/04/17 12:0 a.m.11 views

PT-2026-33465

Name of the Vulnerable Software and Affected Versions WP Customer Area versions prior to 8.3.5 Description Insufficient file path validation in the ajax attach file function allows authenticated attackers with roles granted by an administrator, such as Subscriber, to read or delete arbitrary file...

8.8CVSS6.2AI score0.00968EPSS
Exploits0References14
Tenable Nessus
Tenable Nessus
added 2026/04/17 12:0 a.m.5 views

GLSA-202604-03 : FUSE: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202604-03 FUSE: Multiple Vulnerabilities The following vulnerabilities have been discovered in FUSE: a NULL pointer dereference when running with the NUMA architecture and a use-after-free. The worst of which can lead to code...

7.8CVSS6AI score0.0031EPSS
Exploits0References4
Gentoo Linux
Gentoo Linux
added 2026/04/17 12:0 a.m.12 views

DTrace: Arbitrary file creation via dtprobed

Background DTrace is a dynamic tracing tool for analysing or debugging the whole system. Specifically, dtprobed is a component of the DTrace system that keeps track of USDT probes within running processes, parsing and storing the DOF they provide for later consumption by dtrace proper. Descriptio...

5.5CVSS5.9AI score0.00181EPSS
Exploits0
EUVD
EUVD
added 2026/04/16 3:31 p.m.5 views

EUVD-2025-209465

The example examplexcom that was included in airflow documentation implemented unsafe pattern of reading value from xcom in the way that could be exploited to allow UI user who had access to modify XComs to perform arbitrary execution of code on the worker. Since the UI users are already highly...

8.1CVSS5.9AI score0.00579EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/04/16 12:56 p.m.5 views

thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and w...

9.8CVSS5.9AI score0.00329EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/16 12:0 a.m.8 views

PT-2026-33261

Eaton Intelligent Power Protector IPP is affected by insecure library loading in its executable, which could lead to arbitrary code execution by an attacker with access to the software package. This security issue has been fixed in the latest version of Eaton IPP software which is available on th...

7.8CVSS6.3AI score0.00324EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/16 12:0 a.m.7 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: freerdp (UTSA-2026-007189)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007189 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the FreeRDP clients...

9.8CVSS6.1AI score0.00434EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/04/16 12:0 a.m.3 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: freerdp (UTSA-2026-007190)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007190 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the ClearCodec bands decode pa...

9.8CVSS6.1AI score0.00434EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/04/16 12:0 a.m.4 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: freerdp (UTSA-2026-007199)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007199 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the RDPGFX ClearCodec decode...

9.8CVSS6.1AI score0.00434EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2026/04/15 10:57 a.m.6 views

firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume th...

9.8CVSS7.3AI score0.00424EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/04/15 10:48 a.m.7 views

firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corrupti...

9.8CVSS7.3AI score0.00424EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/04/15 12:0 a.m.5 views

SUSE SLES12 Security Update : libpng16 (SUSE-SU-2026:1311-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2026:1311-1 advisory. This update for libpng16 fixes the following issue: - CVE-2026-33416: use-after-free via pointer aliasing in pngsettRNS and pngsetPLTE can lead to...

7.5CVSS6.2AI score0.01052EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/04/14 11:13 p.m.10 views

Giskard has Unsandboxed Jinja2 Template Rendering in ConformityCheck

Summary The ConformityCheck class in giskard-checks rendered the rule parameter through Jinja2's default Template constructor. Because the rule string is silently interpreted as a Jinja2 template, a developer may not realize that template expressions embedded in rule definitions are evaluated at...

7.8CVSS6.1AI score0.00144EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/04/14 10:16 p.m.7 views

CVE-2026-33018

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. Versions 1.8.7 and prior contain a Use-After-Free vulnerability via the loadgif function in fromgif.c, where a single sixelframet object is reused across all frames of an animated GIF and gifinitframe unconditionally...

7CVSS0.00191EPSS
Exploits1References2
CVE
CVE
added 2026/04/14 9:57 p.m.13 views

CVE-2026-33021

CVE-2026-33021 (libsixel) is a use-after-free in sixel_encoder_encode_bytes() affecting libsixel 1.8.7 and earlier. The bug arises because sixel_frame_init() stores a caller-owned pixel buffer pointer directly in frame-&gt;pixels without copying. On a subsequent resize, sixel_frame_convert_to_rgb...

7.3CVSS6AI score0.00247EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/04/14 9:45 p.m.17 views

CVE-2026-33018

libsixel 1.8.7 and prior contain a heap use‑after‑free in load_gif() (fromgif.c): a single sixel_frame_t is reused across all frames of an animated GIF and gif_init_frame() frees/reallocates frame-&gt;pixels between frames regardless of reference counts. A callback using sixel_frame_get_pixels() ...

7CVSS5.8AI score0.00191EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder