Lucene search
K

3863 matches found

AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Colorod

There are two information disclosure vulnerabilities in colord, and they reside in colord/src/cd-device-db.c and colord/src/cd-profile-db.c, respectively. These vulnerabilities exist because the 'errmsg' of 'sqlite3exec' does not get released after use, whereas libxml2 requires that the caller mu...

7.5CVSS7.2AI score0.00791EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.1 views

Astra Linux – Vulnerability in PostgresSQL 11

The use of server error messages by clients in PostgreSQL allows a server that is not trusted under current SSL or GSS settings to send arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message claiming that a human user or someone...

3.7CVSS6.8AI score0.0038EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerabilities have been resolved: dm thin: Fixed a use-after-free crash in dmsmregisterthresholdcallback. Reports of faults injecting into the pool metadata device: - BUG: KASAN: Use-after-free in dmpoolregistermetadatathreshold+0x40/0x80. - Reading of size 8 ...

5.5CVSS6.2AI score0.00204EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/05/18 12:6 p.m.8 views

jq: out-of-bounds read in jv_parse_sized() on error formatting for non-NUL-terminated buffers

A flaw was found in jq, a command line JSON processor, specifically in the libjq API. Parsing a malformed JSON input from a non-NUL-terminated buffer using the jvparsesized function can cause an out-of-bounds read, resulting in an application crash and a possible memory disclosure within the erro...

8.2CVSS5.8AI score0.00559EPSS
Exploits1References6
NVD
NVD
added 2026/05/15 7:17 p.m.14 views

CVE-2026-45622

Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, there is an unauthenticated reflected cross-site scripting XSS issue in the public product return form in Vvveb CMS. The customerorderid POST parameter is inserted into the...

5.3CVSS0.00258EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/15 6:42 p.m.8 views

EUVD-2026-30583

Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, there is an unauthenticated reflected cross-site scripting XSS issue in the public product return form in Vvveb CMS. The customerorderid POST parameter is inserted into the...

5.3CVSS5.6AI score0.00258EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/15 12:0 a.m.12 views

PT-2026-41359

Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, there is an unauthenticated reflected cross-site scripting XSS issue in the public product return form in Vvveb CMS. The customer order id POST parameter is inserted into the...

5.3CVSS5.6AI score0.00258EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/13 10:41 a.m.12 views

Generation of Error Message Containing Sensitive Information

Overview composer/composer is a Dependency Manager for PHP. Composer helps you declare, manage and install dependencies of PHP projects. It ensures you have the right stack everywhere. Affected versions of this package are vulnerable to Generation of Error Message Containing Sensitive Information...

8.6CVSS5.8AI score0.00079EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/05/13 2:8 a.m.11 views

jq: out-of-bounds read in jv_parse_sized() on error formatting for non-NUL-terminated buffers

A flaw was found in jq, a command line JSON processor, specifically in the libjq API. Parsing a malformed JSON input from a non-NUL-terminated buffer using the jvparsesized function can cause an out-of-bounds read, resulting in an application crash and a possible memory disclosure within the erro...

8.2CVSS5.8AI score0.00559EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2026/05/11 10:53 p.m.13 views

crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate

A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the HostnameError.Error function. This flaw, caused by unbounded string concatenation, leads to excessive resource...

7.5CVSS7.1AI score0.00459EPSS
Exploits2References8
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.16 views

PT-2026-39725

WeGIA is a web manager for charitable institutions. In versions prior to 3.7.0, atendido/familiar docfamiliar.php displays an overly descriptive error message, including database-related details. This verbosity leads to information disclosure, which could assist a potential attacker in mapping th...

6.9CVSS5.8AI score0.00253EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/05/08 2:20 a.m.11 views

SUSE CVE-2026-43150

In the Linux kernel, the following vulnerability has been resolved: perf/arm-cmn: Reject unsupported hardware configurations So far we've been fairly lax about accepting both unknown CMN models at least with a warning, and unknown revisions of those which we do know, as although things do...

5.5CVSS5.7AI score0.00139EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2026/05/07 12:24 a.m.20 views

Netty Redis Codec Encoder has a CRLF Injection Issue

Security Vulnerability Report: CRLF Injection in Netty Redis Codec Encoder 1. Vulnerability Summary | Field | Value | |-------|-------| | Product | Netty | | Version | 4.2.12.Final and all prior versions with codec-redis | | Component | io.netty.handler.codec.redis.RedisEncoder | | Vulnerability...

7.1CVSS6.2AI score0.00198EPSS
Exploits1References6Affected Software1
EUVD
EUVD
added 2026/05/06 12:30 p.m.7 views

EUVD-2026-27709

In the Linux kernel, the following vulnerability has been resolved: perf/arm-cmn: Reject unsupported hardware configurations So far we've been fairly lax about accepting both unknown CMN models at least with a warning, and unknown revisions of those which we do know, as although things do...

5.7AI score0.00139EPSS
Exploits0References7
NVD
NVD
added 2026/05/06 12:16 p.m.7 views

CVE-2026-43150

In the Linux kernel, the following vulnerability has been resolved: perf/arm-cmn: Reject unsupported hardware configurations So far we've been fairly lax about accepting both unknown CMN models at least with a warning, and unknown revisions of those which we do know, as although things do...

7.8CVSS0.00139EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.11 views

PT-2026-37490

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel fails to properly reject unsupported hardware configurations in the perf/arm-cmn component. By accepting unknown Coherent Mesh Network CMN models and revisions, the syst...

7.8CVSS7AI score0.00139EPSS
Exploits0
OSV
OSV
added 2026/05/04 1:12 p.m.10 views

JLSEC-2026-407

A use after free vulnerability exists in curl v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails, libcurl would free the memory for the fingerprint before it returns an error message containing the now freed hash. This flaw...

7.5CVSS6.8AI score0.02489EPSS
Exploits1References18
NVD
NVD
added 2026/05/04 1:16 a.m.11 views

CVE-2026-7371

Multiple reflected cross-site scripting xss vulnerabilities exist in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted malicious url can lead to an arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this...

7.4CVSS0.00196EPSS
Exploits0References2
NVD
NVD
added 2026/04/30 10:16 p.m.5 views

CVE-2026-40686

In Exim before 4.99.2, when utf8 operators are enabled, there is an out-of-bounds read if large UTF-8 trailing characters are present malformed UTF-8 header data. Information might be divulged within an error message produced during handling of an unrelated e-mail message...

5.3CVSS0.00246EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/30 12:0 a.m.7 views

CVE-2026-40686

In Exim before 4.99.2, when utf8 operators are enabled, there is an out-of-bounds read if large UTF-8 trailing characters are present malformed UTF-8 header data. Information might be divulged within an error message produced during handling of an unrelated e-mail message...

3.7CVSS5.8AI score0.00246EPSS
Exploits0References4
Rows per page
Query Builder