Lucene search
K

2782 matches found

CNNVD
CNNVD
added 2026/05/27 12:0 a.m.10 views

Goobi viewer - Core 访问控制错误漏洞

Goobi Viewer - Core is a digital data display and browsing web application framework developed by intranda GmbH. In versions 4.8.0 to 26.04.1 of Goobi Viewer - Core, there was an access control vulnerability. This vulnerability stemmed from REST endpoints accepting arbitrary Solr stream expressio...

9.8CVSS5.9AI score0.0041EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.12 views

Budibase 安全漏洞

Budibase is an open-source low-code platform developed by Budibase in the UK. It allows for the creation of internal applications, workflows, and management panels within minutes. Versions of Budibase prior to 3.35.4 contained security vulnerabilities. These vulnerabilities stemmed from the fact...

6.5CVSS5.8AI score0.00115EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.19 views

PT-2026-44002

Name of the Vulnerable Software and Affected Versions RabbitMQ versions 4.2.0 through 4.2.3 Description The MQTT plugin in RabbitMQ allows topic-level authorization using regular expressions with variable substitution. When administrators use patterns like ^client id-sensors$ to restrict access,...

8.1CVSS5.8AI score0.0025EPSS
Exploits0References7
CVE
CVE
added 2026/05/27 12:0 a.m.22 views

CVE-2026-36045

CVE-2026-36045 affects picoclaw up to v0.1.2 (and earlier). The issue is an OS command injection in the ExecTool component (pkg/tools/shell.go) caused by an incomplete denylist in guardCommand() that attempts to restrict shell execution. The vulnerability description is consistently reported acro...

7.3CVSS5.9AI score0.01314EPSS
Exploits0References2
NVD
NVD
added 2026/05/26 12:16 a.m.17 views

CVE-2026-8376

Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds. Perlstudychunk in regcompstudy.c checked the size of the joined substring buffer in characters rather than bytes. For a quantified fixed substring with a lar...

9.8CVSS0.00398EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.10 views

Perl 安全漏洞

Perl is a general-purpose, interpreted, dynamic, cross-platform programming language from the Perl community. Versions of Perl 5.43.10 and earlier contain security vulnerabilities. These vulnerabilities stem from a heap buffer overflow vulnerability that occurs when compiling regular expressions...

9.8CVSS6AI score0.00398EPSS
Exploits1References2
EUVD
EUVD
added 2026/05/25 11:53 p.m.17 views

EUVD-2026-31772

Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds. Perlstudychunk in regcompstudy.c checked the size of the joined substring buffer in characters rather than bytes. For a quantified fixed substring with a lar...

6AI score0.00398EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/25 11:53 p.m.11 views

CVE-2026-8376 Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds

Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds. Perlstudychunk in regcompstudy.c checked the size of the joined substring buffer in characters rather than bytes. For a quantified fixed substring with a lar...

6AI score0.00398EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.10 views

Apache Syncope 安全漏洞

Apache Syncope is the United States Apache Apache Foundation's set of open source digital identity management system for use in enterprise environments. The system supports identity management, role configuration, and more. A security vulnerability exists in Apache Syncope versions 3.0 through...

4.9CVSS5.8AI score0.00436EPSS
Exploits0References3
Veracode
Veracode
added 2026/05/23 5:51 a.m.13 views

Improper Input Validation

com.ibeetl:beetl-spring-classic is vulnerable to Improper Input Validation. The vulnerability is due to improper neutralization of special elements in expression language statements within the SpELFunction component, which allows an attacker to inject and execute malicious expressions remotely...

7.5CVSS7.2AI score0.00406EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/05/22 2:11 p.m.305 views

CVE-2026-9256

NGINX Plus and NGINX Open Source expose a vulnerability in the ngx_http_rewrite_module when a rewrite directive uses distinct, overlapping PCRE captures (e.g., ^/((.*))$) and the replacement references multiple captures (e.g., $1$2) in redirects or arguments. An unauthenticated attacker can send ...

9.2CVSS6.2AI score0.04261EPSS
Exploits3References13Affected Software2
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.13 views

F5 NGINX Plus和F5 NGINX Open Source 安全漏洞

F5 NGINX Plus and F5 NGINX Open Source are both products of the American company F5. F5 NGINX Plus is a software-based application delivery platform. F5 NGINX Open Source is a high-performance web server, reverse proxy server, load balancer, and API gateway. Both F5 NGINX Plus and F5 NGINX Open...

9.2CVSS6AI score0.04261EPSS
Exploits3References3
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.14 views

Linux Distros Unpatched Vulnerability : CVE-2026-33380

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability in SQL Expressions allows an authenticated attacker to read arbitrary files from the Grafana server's filesystem. Only instances with the...

6.5CVSS5.9AI score0.00262EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/21 12:0 a.m.8 views

Unity Linux 20.1070e Security Update: mariadb (UTSA-2026-021664)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021664 advisory. MariaDB through 10.5.9 allows an application crash in findfieldintables and findorderinlist via an unused common table expression CTE. Tenable has extracted the...

5.5CVSS6.8AI score0.00403EPSS
Exploits1References4
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Golang-1.19

Using Parse with a build tag line like "// +build" and deeply nested expressions can lead to a panic due to stack exhaustion...

7.5CVSS6.8AI score0.01046EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/19 2:3 p.m.44 views

CVE-2026-2587

A critical Remote Code Execution RCE vulnerability was identified in the server-side template rendering mechanism used by the Glassfish gadget handler. The application processes .xml files and evaluates user-supplied values within a context where Expression Language EL “expressions” are processed...

9.6CVSS0.00628EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2026/05/19 2:3 p.m.12 views

CVE-2026-2587

A critical Remote Code Execution RCE vulnerability was identified in the server-side template rendering mechanism used by the Glassfish gadget handler. The application processes .xml files and evaluates user-supplied values within a context where Expression Language EL “expressions” are processed...

9.6CVSS6.2AI score0.00628EPSS
Exploits2References1
Tenable Nessus
Tenable Nessus
added 2026/05/19 12:0 a.m.27 views

MongoDB 7.0.x < 7.0.34 / 8.0.x < 8.0.23 / 8.2.x < 8.2.9 / 8.3.x < 8.3.2 Multiple Vulnerabilities (SERVER-122032 / SERVER-122449)

The version of MongoDB installed on the remote host is 7.0 prior to 7.0.34, 8.0 prior to 8.0.23, 8.2 prior to 8.2.9, or 8.3 prior to 8.3.2. It is, therefore, affected by multiple vulnerabilities: - An authenticated user can cause excess memory usage via bitwise match expression AST processing of...

8.8CVSS5.8AI score0.00258EPSS
Exploits0References4
OSV
OSV
added 2026/05/18 8:23 p.m.6 views

GHSA-3653-68V6-RQ57 HAPI FHIR: ReDoS via FHIRPath matches()/replaceMatches() in FHIR Validator HTTP Endpoint

Summary All implementations of FHIRPathEngine accept arbitrary FHIRPath expressions and evaluate them without input validation. The FHIRPath functions matches, matchesFull, and replaceMatches pass user-controlled regular expressions directly to Java's Pattern.compile and String.replaceAll without...

7.5CVSS6.1AI score0.00086EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/18 8:23 p.m.21 views

HAPI FHIR: ReDoS via FHIRPath matches()/replaceMatches() in FHIR Validator HTTP Endpoint

Summary All implementations of FHIRPathEngine accept arbitrary FHIRPath expressions and evaluate them without input validation. The FHIRPath functions matches, matchesFull, and replaceMatches pass user-controlled regular expressions directly to Java's Pattern.compile and String.replaceAll without...

6.1AI score0.00086EPSS
Exploits0References2Affected Software8
Rows per page
Query Builder