Lucene search
K

956 matches found

NVD
NVD
added 2026/04/02 3:16 p.m.6 views

CVE-2026-31934

Suricata is a network IDS, IPS and NSM engine. From version 8.0.0 to before version 8.0.4, there is a quadratic complexity issue when searching for URLs in mime encoded messages over SMTP leading to a performance impact. This issue has been patched in version 8.0.4...

7.5CVSS0.00272EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/04/02 3:16 p.m.5 views

CVE-2026-31934

Suricata is a network IDS, IPS and NSM engine. From version 8.0.0 to before version 8.0.4, there is a quadratic complexity issue when searching for URLs in mime encoded messages over SMTP leading to a performance impact. This issue has been patched in version 8.0.4...

7.5CVSS5.7AI score0.00272EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/02 2:21 p.m.2 views

CVE-2026-31934

Suricata is a network IDS, IPS and NSM engine. From version 8.0.0 to before version 8.0.4, there is a quadratic complexity issue when searching for URLs in mime encoded messages over SMTP leading to a performance impact. This issue has been patched in version 8.0.4...

7.5CVSS5.7AI score0.00272EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/04/02 2:16 p.m.3 views

UBUNTU-CVE-2026-31931

Suricata is a network IDS, IPS and NSM engine. From version 8.0.0 to before version 8.0.4, use of the "tls.alpn" rule keyword can cause Suricata to crash with a NULL dereference. This issue has been patched in version 8.0.4...

7.5CVSS5.7AI score0.00351EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/02 2:2 p.m.1 views

CVE-2026-31932 Suricata krb5: quadratic complexity in krb5 buffering

Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, inefficiency in KRB5 buffering can lead to performance degradation. This issue has been patched in versions 7.0.15 and 8.0.4...

7.5CVSS5.8AI score0.00267EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/04/02 2:1 p.m.5 views

CVE-2026-31931

Suricata is a network IDS, IPS and NSM engine. From version 8.0.0 to before version 8.0.4, use of the "tls.alpn" rule keyword can cause Suricata to crash with a NULL dereference. This issue has been patched in version 8.0.4...

7.5CVSS5.2AI score0.00351EPSS
Exploits0
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.6 views

Suricata 安全漏洞

Suricata is a network IDS, IPS, and NSM engine developed by the Open Information Security Foundation. Vulnerabilities existed in versions prior to Suricata 7.0.15 and 8.0.4. These vulnerabilities were caused by specially crafted traffic, which could slow down Suricata’s operation in IDS mode,...

7.5CVSS5.8AI score0.00351EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/01 12:22 p.m.11 views

CVE-2026-29014 MetInfo CMS Unauthenticated PHP Code Injection RCE

MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP code injection vulnerability that allows remote attackers to execute arbitrary code by sending crafted requests with malicious PHP code. Attackers can exploit insufficient input neutralization in the execution path to achieve...

9.8CVSS6.8AI score0.39688EPSS
Exploits4References3
Positive Technologies
Positive Technologies
added 2026/03/30 12:0 a.m.4 views

PT-2026-29047

Name of the Vulnerable Software and Affected Versions MongoDB Server versions prior to 8.2.2 MongoDB Server versions 8.0.18 through 8.0.18 MongoDB Server versions 7.0.31 through 7.0.31 Description A user with limited privileges within a cluster can cause a mongod process to crash when the cluster...

6CVSS5.9AI score0.00203EPSS
Exploits0References15
Tenable Nessus
Tenable Nessus
added 2026/03/27 12:0 a.m.5 views

Oracle Linux 8 : mysql:8.0 (ELSA-2026-5580)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-5580 advisory. mecab 0.996-2.12 - Bump version for 'mysql' module rebuild We are moving the 'mecab-devel' RPM from the 'buildroot' repo to the 'AppStream' repo -...

6.5CVSS7.1AI score0.00337EPSS
Exploits0References7
OSV
OSV
added 2026/03/26 10:5 p.m.4 views

GHSA-2328-F5F3-GJ25 Forge has a basicConstraints bypass in its certificate chain verification (RFC 5280 violation)

Summary pki.verifyCertificateChain does not enforce RFC 5280 basicConstraints requirements when an intermediate certificate lacks both the basicConstraints and keyUsage extensions. This allows any leaf certificate without these extensions to act as a CA and sign other certificates, which node-for...

7.4CVSS6.9AI score0.00348EPSS
Exploits1References4
NVD
NVD
added 2026/03/26 5:16 p.m.8 views

CVE-2026-34071

Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. In version 2.7.3, the /api/v1/convert/eml/pdf endpoint with parameter downloadHtml=true returns unsanitized HTML from the email body with Content-Type: text/html. An attacker who sends a...

6.1CVSS0.0026EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/26 5:0 p.m.7 views

EUVD-2026-16271

Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. In version 2.7.3, the /api/v1/convert/eml/pdf endpoint with parameter downloadHtml=true returns unsanitized HTML from the email body with Content-Type: text/html. An attacker who sends a...

5.4CVSS6AI score0.0026EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.4 views

PT-2026-28600

Name of the Vulnerable Software and Affected Versions Stirling-PDF versions prior to 2.8.0 Description Stirling-PDF is a locally hosted web application designed for PDF file operations. The /api/v1/convert/eml/pdf API endpoint, when used with the downloadHtml=true parameter, returns unsanitized...

6.1CVSS6.1AI score0.0026EPSS
Exploits1References8
CVE
CVE
added 2026/03/25 11:46 p.m.11 views

CVE-2026-34053

OpenEMR prior to version 8.0.0.3 has a missing authorization issue in the AJAX deletion endpoint at interface/forms/procedure_order/handle_deletions.php. This allows any authenticated user, regardless of role, to irreversibly delete procedure orders, answers, and specimens for any patient. Versio...

8.1CVSS5.8AI score0.00415EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/25 11:41 p.m.4 views

CVE-2026-33934

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 have a missing authorization check in portal/sign/lib/show-signature.php that allows any authenticated patient portal user to retrieve the drawn signature image of an...

4.3CVSS6AI score0.00235EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/25 11:31 p.m.5 views

CVE-2026-33917

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 contais a SQL injection vulnerability in the ajaxsave CAMOS form that can be exploited by authenticated attackers. The vulnerability exists due to insufficient input...

8.8CVSS5.8AI score0.00445EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2026/03/25 10:41 p.m.6 views

EUVD-2026-16016

OpenEMR is a free and open source electronic health records and medical practice management application. Versions up to and including 8.0.0.2 contain a SQL injection vulnerability in the patient selection feature that can be exploited by authenticated attackers. The vulnerability exists due to...

7.2CVSS5.8AI score0.00427EPSS
Exploits2References3
EUVD
EUVD
added 2026/03/25 6:31 p.m.5 views

EUVD-2026-15565

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Theme-one The Grid the-grid allows Stored XSS.This issue affects The Grid: from n/a through 2.8.0...

6.5CVSS5.8AI score0.00205EPSS
Exploits0References2
CVE
CVE
added 2026/03/25 6:6 p.m.21 views

CVE-2026-33720

n8n (open source workflow automation) has a vulnerability in pre-2.8.0 where setting N8N_SKIP_AUTH_ON_OAUTH_CALLBACK=true causes the OAuth callback to skip ownership verification of the OAuth state. An attacker can trick a victim into completing an OAuth flow for a credential the attacker control...

6.3CVSS5.8AI score0.0018EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder