Lucene search
K

38639 matches found

Github Security Blog
Github Security Blog
added 2026/03/31 11:58 p.m.10 views

OpenClaw's Discord component interaction ingress skips guild/channel policy enforcement

Summary Discord button and component interaction ingress did not consistently reapply the same guild and channel policy gates used for normal inbound messages. Impact Users could trigger privileged component actions from contexts that should have been blocked by Discord channel policy. Affected...

5.8AI score
Exploits0References4Affected Software1
vulnersOsv
vulnersOsv
added 2026/03/31 11:2 p.m.9 views

org.webjars.npm:angular-tree-component (>=3.2.3 <=3.7.2), org.webjars.npm:chevrotain (>=11.0.3 <=11.1.2) +72 more potentially affected by CVE-2025-13465 +1 more via org.webjars.npm:lodash-es (>=4.17.21 <=4.17.4)

org.webjars.npm:lodash-es MAVEN version =4.17.21, =3.2.3, =11.0.3, =11.0.3, =11.0.3, =39.0.1, =39.0.1, =39.0.1, =39.0.1, =39.0.1, =39.0.1, =39.0.1, =44.1.0, =39.0.1, =44.3.0 and more Source cves: CVE-2025-13465, CVE-2026-2950 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15869624...

8.2CVSS6.4AI score0.01535EPSS
Exploits0
Cvelist
Cvelist
added 2026/03/31 5:52 p.m.27 views

CVE-2025-62184 Pega Platform versions 8.1.0 through 25.1.0 are affected by a Stored Cross-site Scripting vulnerability in a user interface component.

Pega Platform versions 8.1.0 through 25.1.0 are affected by a Stored Cross-site Scripting vulnerability in a user interface component. Requires an administrative user and given extensive access rights, impact to Confidentiality is low and Integrity is none...

4.8CVSS0.00258EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/31 5:52 p.m.1 views

CVE-2025-62184 Pega Platform versions 8.1.0 through 25.1.0 are affected by a Stored Cross-site Scripting vulnerability in a user interface component.

Pega Platform versions 8.1.0 through 25.1.0 are affected by a Stored Cross-site Scripting vulnerability in a user interface component. Requires an administrative user and given extensive access rights, impact to Confidentiality is low and Integrity is none...

4.8CVSS5.9AI score0.00258EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/31 5:52 p.m.1 views

CVE-2025-62184

Pega Platform versions 8.1.0 through 25.1.0 are affected by a Stored Cross-site Scripting vulnerability in a user interface component. Requires an administrative user and given extensive access rights, impact to Confidentiality is low and Integrity is none...

4.8CVSS5.9AI score0.00258EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/03/31 5:52 p.m.7 views

CVE-2025-62184

CVE-2025-62184 affects Pega Platform versions 8.1.0 through 25.1.0 with a Stored Cross-site Scripting vulnerability in a UI component. Exploitation requires an administrative user with extensive rights; impact is limited to Confidentiality (LOW) and does not impact Integrity or Availability. The ...

4.8CVSS5.9AI score0.00258EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/03/31 3:31 p.m.5 views

EUVD-2026-17412

An integer overflow vulnerability in 'pdf-image.c' in Artifex's MuPDF version 1.27.0 allows an attacker to maliciously craft a PDF that can trigger an integer overflow within the 'pdfloadimageimp' function. This allows a heap out-of-bounds write that could be exploited for arbitrary code executio...

6.1AI score0.00213EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/31 9:31 a.m.2 views

EUVD-2026-17343

A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color component counts when processing a specially crafted JPEG image. A remote attacker can exploit this flaw without user interaction, for...

7.5CVSS6.1AI score0.01069EPSS
Exploits1References4
OSV
OSV
added 2026/03/31 9:16 a.m.2 views

DEBIAN-CVE-2026-5201

A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color component counts when processing a specially crafted JPEG image. A remote attacker can exploit this flaw without user interaction, for...

7.5CVSS8.1AI score0.01069EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2026/03/31 9:16 a.m.5 views

CVE-2026-5201

A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color component counts when processing a specially crafted JPEG image. A remote attacker can exploit this flaw without user interaction, for...

7.5CVSS7.2AI score0.01069EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/31 8:32 a.m.4 views

CVE-2026-5201

A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color component counts when processing a specially crafted JPEG image. A remote attacker can exploit this flaw without user interaction, for...

7.5CVSS6.1AI score0.01069EPSS
Exploits1References26
Vulnrichment
Vulnrichment
added 2026/03/31 8:32 a.m.5 views

CVE-2026-5201 Gdk-pixbuf: gdk-pixbuf: denial of service via heap-based buffer overflow when processing a specially crafted jpeg image

A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color component counts when processing a specially crafted JPEG image. A remote attacker can exploit this flaw without user interaction, for...

7.5CVSS6.1AI score0.01069EPSS
Exploits1References25
OSV
OSV
added 2026/03/31 6:9 a.m.2 views

BELL-CVE-2026-34714

Bulletin has no description...

8.6CVSS5.8AI score0.00588EPSS
Exploits0References1
CNVD
CNVD
added 2026/03/31 12:0 a.m.3 views

Mozilla Firefox and Mozilla Thunderbird Security Bypass Vulnerability (CNVD-2026-16378)

Mozilla Firefox is an open source web browser.Mozilla Thunderbird is a set of e-mail client software separate from the Mozilla Application Suite. The software supports IMAP, POP mail protocols and HTML mail format. A security bypass vulnerability exists in Mozilla Firefox and Mozilla Thunderbird...

9.1CVSS7.3AI score0.00322EPSS
Exploits0
CNVD
CNVD
added 2026/03/31 12:0 a.m.4 views

Mozilla Firefox and Mozilla Thunderbird Denial of Service Vulnerability (CNVD-2026-16375)

Mozilla Firefox is an open source web browser.Mozilla Thunderbird is a set of e-mail client software separate from the Mozilla Application Suite. The software supports IMAP, POP mail protocols and HTML mail format. A denial of service vulnerability exists in Mozilla Firefox and Mozilla Thunderbir...

7.5CVSS7.3AI score0.0053EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.5 views

PT-2026-29222

Name of the Vulnerable Software and Affected Versions Sereal::Decoder versions 4.000 through 4.009 002 Description Sereal::Decoder for Perl embeds a vulnerable version of the Zstandard zstd library. A race condition exists in the one-pass compression functions of Zstandard prior to version 1.3.8,...

8.1CVSS7.2AI score0.01424EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.7 views

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, an American company. A memory misreference vulnerability exists in versions of Google Chrome prior to 146.0.7680.178. The vulnerability stems from a mix-up in the instructions responsible for freeing memory in the Compositing component. An attacker can...

9.6CVSS5.8AI score0.00248EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.7 views

gdk-pixbuf 安全漏洞

gdk-pixbuf is an open-source image loading library developed by GNOME. gdk-pixbuf has a security vulnerability that stems from the improper validation of color component counts during the processing of specially crafted JPEG images by the JPEG image loader. This can lead to a heap buffer overflow...

7.5CVSS7.2AI score0.01069EPSS
Exploits1References3
CNVD
CNVD
added 2026/03/31 12:0 a.m.5 views

Mozilla Firefox and Mozilla Thunderbird Code Execution Vulnerability (CNVD-2026-16372)

Mozilla Firefox is an open source web browser.Mozilla Thunderbird is a set of e-mail client software separate from the Mozilla Application Suite. The software supports IMAP, POP mail protocols and HTML mail format. A code execution vulnerability exists in Mozilla Firefox and Mozilla Thunderbird d...

8.8CVSS8.1AI score0.00313EPSS
Exploits0
CNVD
CNVD
added 2026/03/31 12:0 a.m.6 views

Mozilla Firefox and Mozilla Thunderbird Denial of Service Vulnerability

Mozilla Firefox is an open source web browser.Mozilla Thunderbird is a set of e-mail client software separate from the Mozilla Application Suite. The software supports IMAP, POP mail protocols and HTML mail format. A denial of service vulnerability exists in Mozilla Firefox and Mozilla Thunderbir...

7.5CVSS7.3AI score0.0053EPSS
Exploits0
Rows per page
Query Builder