Lucene search
+L

2738 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/30 12:0 a.m.8 views

CVE-2026-40686

In Exim before 4.99.2, when utf8 operators are enabled, there is an out-of-bounds read if large UTF-8 trailing characters are present malformed UTF-8 header data. Information might be divulged within an error message produced during handling of an unrelated e-mail message...

6.1CVSS5.1AI score0.00246EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/04/28 6:35 p.m.9 views

CVE-2026-29971

A reflected cross-site scripting XSS vulnerability exists in WebFileSys version before 2.32.0 and fixed in v.2.32.0. User-controlled input is reflected into HTML and JavaScript contexts without proper output encoding, allowing arbitrary JavaScript execution in the victim's browser via the ftpBack...

6.1CVSS5.4AI score0.00299EPSS
Exploits3References1
OSV
OSV
added 2026/04/24 11:0 a.m.12 views

CLSA-2026-1772465492 podman: Fix of 4 CVEs

rebuild with newer golang version 1.25.7-1.el96.tuxcare.els1 to fix the following CVEs - CVE-2025-68121: fix TLS session resumption bypass by preventing shared auto-rotated ticket keys in Config and validating full certificate chain expiry - CVE-2025-61726: limit parsed URL query parameters to...

10CVSS7.1AI score0.01945EPSS
Exploits4References1
CVE
CVE
added 2026/04/23 8:35 a.m.19 views

CVE-2026-3259

CVE-2026-3259 describes a vulnerability in Google Cloud BigQuery’s materialized view refresh mechanism where an authenticated user could trigger a runtime error that reveals sensitive information in error messages. Affected component: BigQuery Materialized View Refresh; root cause: error handling...

7.1CVSS5.7AI score0.00226EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.6 views

PT-2026-34431

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix exception exit lock checking for subprogs process bpf exit full passes check lock = !curframe to check resource leak, which is false in cases when bpf throw is called from a static subprog. This makes check resource leak...

5.6AI score0.001EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.11 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from improper handling of regmap initialization in the dmaengine xilinx xdma module. This issue may le...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.8 views

PT-2026-34211

Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server versions prior to 3.21 Description An improper authorization issue exists where an authenticated attacker can determine the names of private repositories using their numeric ID. This occurs because the mobile upload...

5.3CVSS5.8AI score0.00296EPSS
Exploits0References10
Snyk
Snyk
added 2026/04/17 9:0 p.m.7 views

Generation of Error Message Containing Sensitive Information

Overview Affected versions of this package are vulnerable to Generation of Error Message Containing Sensitive Information due to exposing exception/stack trace of errors even if api/exposestacktraces was set to false. That could lead to exposing additional information to potential attacker...

7.5CVSS5.3AI score0.00449EPSS
Exploits0References2
CVE
CVE
added 2026/04/14 12:9 a.m.21 views

CVE-2026-34264

The CVE concerns SAP Human Capital Management for SAP S/4HANA where during authorization checks the system returns messages that allow an authenticated, low-privilege user to guess and enumerate content beyond their scope. This leads to disclosure of sensitive information (confidentiality impact:...

6.5CVSS5.8AI score0.00269EPSS
Exploits0References2Affected Software1
GithubExploit
GithubExploit
added 2026/04/11 7:14 p.m.110 views

Exploit for SQL Injection in Devcode Openstamanager

CVE-2026-24418: OpenSTAManager has a SQL Injection vulnerabili...

8.7CVSS6AI score0.00356EPSS
Exploits4
NVD
NVD
added 2026/04/08 7:25 p.m.5 views

CVE-2026-39851

Saleor is an e-commerce platform. From 2.10.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, the requestEmailChange mutation was revealing the existence of user-provided email addresses in error messages. This vulnerability is fixed in 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118...

5.3CVSS0.00243EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/04/08 5:33 p.m.18 views

CVE-2026-39851 Saleor has a user enumeration vulnerability due to different error messages

Saleor is an e-commerce platform. From 2.10.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, the requestEmailChange mutation was revealing the existence of user-provided email addresses in error messages. This vulnerability is fixed in 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118...

5.3CVSS0.00243EPSS
Exploits0References6
CVE
CVE
added 2026/04/08 5:33 p.m.8 views

CVE-2026-39851

Saleor (e-commerce platform) contains a user enumeration vulnerability in the requestEmailChange() mutation. From version 2.10.0 up to, but not including, 3.23.0a3, and also in 3.22.47, 3.21.54, and 3.20.118, error messages reveal whether a provided email address exists. This leads to potential i...

5.3CVSS5.9AI score0.00243EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 2026/04/08 5:33 p.m.5 views

EUVD-2026-20536

Saleor is an e-commerce platform. From 2.10.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, the requestEmailChange mutation was revealing the existence of user-provided email addresses in error messages. This vulnerability is fixed in 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118...

5.3CVSS5.9AI score0.00243EPSS
Exploits0References6
OSV
OSV
added 2026/04/08 5:33 p.m.4 views

CVE-2026-39851 Saleor has a user enumeration vulnerability due to different error messages

Saleor is an e-commerce platform. From 2.10.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, the requestEmailChange mutation was revealing the existence of user-provided email addresses in error messages. This vulnerability is fixed in 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118...

5.3CVSS5.9AI score0.00243EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/04/08 12:28 p.m.4 views

CVE-2026-24511

Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.6 and versions 9.11.0.0 through 9.13.0.0, contains a generation of error message containing sensitive information vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information...

4.4CVSS5.9AI score0.00159EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.6 views

saleor 安全漏洞

Saleor is an open-source interface software developed by Saleor Commerce. Vulnerabilities exist in versions of Saleor before 3.23.0a3, as well as versions before 3.22.47, 3.21.54, and 3.20.118. These vulnerabilities stem from the exposure of users’ email addresses in error messages...

5.3CVSS5.8AI score0.00243EPSS
Exploits0References6
OSV
OSV
added 2026/04/03 1:27 p.m.6 views

JLSEC-2026-48

Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a human or screen-scraper user of psql mistake...

3.7CVSS6.8AI score0.0038EPSS
Exploits0References2
OSV
OSV
added 2026/04/03 1:27 p.m.5 views

JLSEC-2026-34

An information leak was discovered in postgresql in versions before 13.2, before 12.6 and before 11.11. A user having UPDATE permission but not SELECT permission to a particular column could craft queries which, under some circumstances, might disclose values from that column in error messages. A...

4.3CVSS7.2AI score0.01187EPSS
Exploits2References3
Snyk
Snyk
added 2026/04/01 6:33 p.m.5 views

Deserialization of Untrusted Data

Overview replicator is an Advanced JavaScript objects serialization. Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the error messages decoding. An attacker can execute arbitrary code by supplying specially crafted input that is deserialized without prope...

6.5CVSS6.3AI score0.00368EPSS
Exploits0References2
Rows per page
Query Builder