Lucene search
K

127 matches found

AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10, Linux

There is a speculative pointer dereferencing issue in the Linux kernel, specifically with the doprlimit function. The value of the resource argument is controlled and is used in pointer arithmetic for the ‘rlim’ variable. This can lead to the leakage of its contents. We recommend upgrading to a...

5.3CVSS6.6AI score0.0072EPSS
Exploits0References2
CVE
CVE
added 2026/04/23 12:9 a.m.21 views

CVE-2026-41243

OpenLearn's OpenLearn project has a vulnerability CVE-2026-41243 where, prior to commit 844b2a40a69d0c4911580fe501923f0b391313ab, enabling safeMode does not prevent public access to unapproved posts via direct post UUID. The post-read path still returns full content to anyone who has the UUID, ev...

6.9CVSS5.7AI score0.00177EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2026/04/21 8:17 p.m.9 views

CVE-2026-40908

WWBN AVideo is an open source video platform. In versions 29.0 and prior, the file git.json.php at the web root executes git log -1 and returns the full output as JSON to any unauthenticated user. This exposes the exact deployed commit hash enabling version fingerprinting against known CVEs,...

5.3CVSS0.0025EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/21 7:52 p.m.2 views

CVE-2026-40908 WWBN AVideo has an Unauthenticated Information Disclosure via git.json.php that Exposes Developer Emails and Deployed Version

WWBN AVideo is an open source video platform. In versions 29.0 and prior, the file git.json.php at the web root executes git log -1 and returns the full output as JSON to any unauthenticated user. This exposes the exact deployed commit hash enabling version fingerprinting against known CVEs,...

5.3CVSS5.7AI score0.0025EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/21 7:52 p.m.35 views

CVE-2026-40908 WWBN AVideo has an Unauthenticated Information Disclosure via git.json.php that Exposes Developer Emails and Deployed Version

WWBN AVideo is an open source video platform. In versions 29.0 and prior, the file git.json.php at the web root executes git log -1 and returns the full output as JSON to any unauthenticated user. This exposes the exact deployed commit hash enabling version fingerprinting against known CVEs,...

5.3CVSS0.0025EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/21 7:52 p.m.10 views

EUVD-2026-24286

WWBN AVideo is an open source video platform. In versions 29.0 and prior, the file git.json.php at the web root executes git log -1 and returns the full output as JSON to any unauthenticated user. This exposes the exact deployed commit hash enabling version fingerprinting against known CVEs,...

5.3CVSS5.7AI score0.0025EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.14 views

PT-2026-34062

Name of the Vulnerable Software and Affected Versions WWBN AVideo versions 29.0 and earlier Description The file 'git.json.php' located at the web root executes the git log -1 command and returns the full output as JSON to unauthenticated users. This leads to the exposure of the deployed commit...

5.3CVSS5.2AI score0.0025EPSS
Exploits1References4
OSV
OSV
added 2026/04/14 10:49 p.m.7 views

GHSA-52HF-63Q4-R926 WWBN AVideo has an Unauthenticated Information Disclosure via git.json.php Exposes Developer Emails and Deployed Version

Summary The file git.json.php at the web root executes git log -1 and returns the full output as JSON to any unauthenticated user. This exposes the exact deployed commit hash enabling version fingerprinting against known CVEs, developer names and email addresses PII, and commit messages which may...

5.3CVSS5.9AI score0.0025EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/04/13 5:6 a.m.5 views

CVE-2026-40447

Integer overflow or wraparound vulnerability in Samsung Open Source Escargot allows undefined behavior.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335...

5.1CVSS5.8AI score0.00172EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/13 4:52 a.m.28 views

CVE-2026-25209

Out-of-bounds read vulnerability in Samsung Open Source Escargot allows Resource Leak Exposure.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335...

6.5CVSS0.00251EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/13 4:44 a.m.4 views

CVE-2026-25206

Out-of-bounds read vulnerability in Samsung Open Source Escargot allows Resource Leak Exposure.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335...

6.7CVSS5.8AI score0.00184EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/13 4:44 a.m.28 views

CVE-2026-25206

Out-of-bounds read vulnerability in Samsung Open Source Escargot allows Resource Leak Exposure.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335...

6.7CVSS0.00184EPSS
Exploits0References1
CVE
CVE
added 2026/04/13 4:38 a.m.19 views

CVE-2026-25205

The CVE-2026-25205 entry concerns Samsung Open Source Escargot and is linked to a heap-based buffer overflow that allows an out-of-bounds write. Affected entity: Escargot (commit 97e8115ab1110bc502b4b5e4a0c689a71520d335). Publicly disclosed details in the connected sources summarize the vulnerabi...

9.8CVSS6AI score0.00187EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/04/13 1:16 a.m.6 views

CVE-2026-25204

Deserialization of untrusted data vulnerability in Samsung Open Source Escargot Java Script allows denial of service condition via process abort. This issue affects escarogt prior to commit hash 97e8115ab1110bc502b4b5e4a0c689a71520d335...

7.5CVSS0.00302EPSS
Exploits0References1
OSV
OSV
added 2026/03/31 11:56 p.m.5 views

GHSA-JCCR-RRW2-VC8H OpenClaw safeBins jq `$ENV` filter bypass allows environment variable disclosure

Summary The jq safe-bin policy blocked explicit env usage but still allowed jq programs that accessed environment data through $ENV. Impact An operator-approved safe-bin jq command could disclose environment variables that the safe-bin policy was supposed to keep out of scope. Affected Component...

7.7CVSS5.8AI score0.00238EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.4 views

PT-2026-28445

Name of the Vulnerable Software and Affected Versions ByteDance Deer-Flow versions prior to commit 5dbb362 Description The software contains a stored cross-site scripting issue in the artifacts API. An attacker can execute arbitrary scripts by uploading malicious HTML or script content as...

5.4CVSS6AI score0.00196EPSS
Exploits0References6
Huntr
Huntr
added 2026/03/22 4:43 p.m.4 views

Git argument injection in deployment pull steps via unsanitized commit_sha enables RCE on workers

Description Prefect's GitRepository storage class passes user-controlled commitsha values as positional arguments to git commands without a -- separator. The commitsha parameter accepts arbitrary strings with no format validation no hex check, no length check. This allows injection of git flags...

9.9CVSS7.7AI score0.00874EPSS
Exploits3
OSV
OSV
added 2026/03/20 10:40 p.m.3 views

CVE-2026-32810 Halloy has insecure file permissions on credential files

Halloy is an IRC application written in Rust. In versions on \nix and macOS prior to commit f180e41061db393acf65bc99f5c5e7397586d9cb, halloy creates its config directory and files using default umask permissions, which typically results in 0644 on files and 0755 on directories. This allows any...

4.8CVSS5.9AI score0.00175EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/02/20 7:22 a.m.6 views

CVE-2025-15586

OGP-Website installs prior git commit 52f865a4fba763594453068acf8fa9e3fc38d663 are affected by a type juggling flaw which if exploited can result in authentication bypass without knowledge of the victim account's password...

10CVSS5.5AI score0.00382EPSS
Exploits0References1
NVD
NVD
added 2026/02/06 7:16 a.m.8 views

CVE-2026-2008

A vulnerability was detected in abhiphile fermat-mcp up to 47f11def1cd37e45dd060f30cdce346cbdbd6f0a. This vulnerability affects the function eqnchart of the file fmcp/mplmcp/core/eqnchart.py. Performing a manipulation of the argument equations results in code injection. It is possible to initiate...

8.8CVSS0.00383EPSS
Exploits1References6
Rows per page
Query Builder