Lucene search
K

18300 matches found

Tenable Nessus
Tenable Nessus
added 2026/04/10 12:0 a.m.1 views

Dotnetnuke < 10.2.2 Stored cross-site-scripting (XSS) via SVG upload (GHSA-ffq7-898w-9jc4)

According to its self-reported version, the instance of Dotnetnuke running on the remote web server is prior to 10.2.2. It is, therefore, affected by a vulnerability. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...

5.9AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/10 12:0 a.m.7 views

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: freerdp (UTSA-2026-007105)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007105 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, a malicious RDP server can trigger a heap buffer overflow in FreeRDP client...

8.8CVSS6.2AI score0.00537EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/04/10 12:0 a.m.2 views

FreeBSD : Mozilla -- Incorrect boundary conditions, integer overflow (30522580-33fb-11f1-8ac1-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 30522580-33fb-11f1-8ac1-b42e991fc52e advisory. https://bugzilla.mozilla.org/showbug.cgi?id=2017867 reports: Incorrect boundary conditions, integer...

8.8CVSS5.9AI score0.0035EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/04/10 12:0 a.m.1 views

FreeBSD : Mozilla -- Incorrect boundary conditions (322bd409-33fb-11f1-8ac1-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 322bd409-33fb-11f1-8ac1-b42e991fc52e advisory. https://bugzilla.mozilla.org/showbug.cgi?id=2022554 reports: Incorrect boundary conditions in the...

8.8CVSS5.8AI score0.00304EPSS
Exploits0References3
OSV
OSV
added 2026/04/09 5:17 p.m.3 views

SUSE-SU-2026:21157-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 140.9.1 ESR bsc1261663. - MFSA 2026-27: CVE-2026-5731: memory safety bugs fixed in Firefox ESR 115.34.1, Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2...

9.8CVSS5.8AI score0.0035EPSS
Exploits0References5
OSV
OSV
added 2026/04/09 3:16 p.m.2 views

ALPINE-CVE-2026-34757

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From 1.0.9 to before 1.6.57, passing a pointer obtained from pnggetPLTE, pnggettRNS, or pnggethIST back into the corresponding setter on the same...

4.4CVSS6AI score0.00195EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/09 2:41 p.m.23 views

CVE-2026-34757 LIBPNG has a yse-after-free in png_set_PLTE, png_set_tRNS and png_set_hIST leading to corrupted chunk data and potential heap information disclosure

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From 1.0.9 to before 1.6.57, passing a pointer obtained from pnggetPLTE, pnggettRNS, or pnggethIST back into the corresponding setter on the same...

5.1CVSS0.00195EPSS
Exploits1References5
EUVD
EUVD
added 2026/04/09 2:41 p.m.1 views

EUVD-2026-20897

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From 1.0.9 to before 1.6.57, passing a pointer obtained from pnggetPLTE, pnggettRNS, or pnggethIST back into the corresponding setter on the same...

5.1CVSS6AI score0.00195EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/04/09 2:41 p.m.0 views

CVE-2026-34757

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From 1.0.9 to before 1.6.57, passing a pointer obtained from pnggetPLTE, pnggettRNS, or pnggethIST back into the corresponding setter on the same...

5.1CVSS6AI score0.00195EPSS
Exploits1References6Affected Software1
RedHat Linux
RedHat Linux
added 2026/04/09 12:12 p.m.3 views

freerdp: FreeRDP: Arbitrary code execution via heap buffer overflow in GDI surface pipeline

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. A malicious RDP server can exploit a heap buffer overflow vulnerability by sending a specially crafted graphics command to a FreeRDP client. This allows the server to write data outside of its intended memory...

8.8CVSS6.7AI score0.00537EPSS
Exploits1References6
OSV
OSV
added 2026/04/09 12:7 p.m.3 views

RLSA-2026:5931 Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: thunderbird: Use-after-free in the JavaScript Engine component CVE-2026-4701 firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.34, Firefox ESR...

7.5CVSS7.3AI score0.00773EPSS
Exploits0References38
Rockylinux
Rockylinux
added 2026/04/09 12:7 p.m.8 views

thunderbird security update

An update is available for thunderbird. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Mozilla Thunderbird is a standalone mail and newsgroup client. Security...

10CVSS7.2AI score0.00773EPSS
Exploits0
EUVD
EUVD
added 2026/04/09 12:31 a.m.2 views

EUVD-2026-20667

Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

6.6AI score0.00339EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.5 views

PT-2026-31620

Name of the Vulnerable Software and Affected Versions LIBPNG versions 1.0.9 through 1.6.56 Description LIBPNG is a library used by applications to read, create, and manipulate PNG image files. A flaw exists where passing a pointer obtained from png get PLTE, png get tRNS, or png get hIST back int...

7.5CVSS6AI score0.0064EPSS
Exploits2References85
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.6 views

PT-2026-31734

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.6.4 Description SiYuan, a personal knowledge management system, prior to version 3.6.4, configured Mermaid.js with 'securityLevel: "loose"' and 'htmlLabels: true'. This configuration allowed tags with 'src' attribute...

8.7CVSS5.9AI score0.00306EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2026/04/09 12:0 a.m.1 views

RockyLinux 10 : thunderbird (RLSA-2026:6342)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:6342 advisory. firefox: thunderbird: Use-after-free in the JavaScript Engine component CVE-2026-4701 firefox: thunderbird: Memory safety bugs fixed in Firefox ESR...

10CVSS5.9AI score0.00773EPSS
Exploits0References79
SUSE CVE
SUSE CVE
added 2026/04/08 11:29 p.m.3 views

SUSE CVE-2026-5732

Incorrect boundary conditions, integer overflow in the Graphics: Text component. This vulnerability was fixed in Firefox 149.0.2, Firefox ESR 140.9.1, Thunderbird 149.0.2, and Thunderbird 140.9.1...

8.8CVSS5.8AI score0.0035EPSS
Exploits0References13
SUSE CVE
SUSE CVE
added 2026/04/08 11:29 p.m.4 views

SUSE CVE-2026-5733

Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 149.0.2 and Thunderbird 149.0.2...

8.8CVSS5.8AI score0.00304EPSS
Exploits0References3
OSV
OSV
added 2026/04/08 1:41 p.m.7 views

CLSA-2026-1775655705 kernel-uek: Fix of 34 CVEs

ALSA: usb-audio: Fix use-after-free in sndusbmixerfree CVE-2026-23089 - HID: core: Harden s32ton against conversion to 0 bits CVE-2025-38556 - KVM: nSVM: Ignore nCR34:0 when loading PDPTEs from memory CVE-2024-50115 - KVM: x86: Reset IRTE to host control if new route isn't postable CVE-2025-37885...

8.8CVSS7.2AI score0.21314EPSS
Exploits1References1
OSV
OSV
added 2026/04/08 12:46 p.m.6 views

CLSA-2026-1775652408 Fix CVE(s): CVE-2026-24484

SECURITY UPDATE: denial of service from multi-layer nested MVG to SVG conversion - debian/patches/CVE-2026-24484.patch: Add recursion-depth check for graphic-context and prevent excessive nested vector graphics that cause crashes or resource exhaustion due to unbounded recursion. -...

5.3CVSS7.2AI score0.00401EPSS
Exploits0References1
Rows per page
Query Builder