Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2026/05/13 8:23 p.m.9 views

CVE-2026-42882

oxyno-zeta/s3-proxy is an aws s3 proxy written in go. Prior to 5.0.0, s3-proxy contains an authentication bypass caused by inconsistent URL path interpretation between the authentication middleware and the bucket handler. The authentication middleware evaluates resource path patterns against the...

9.4CVSS5.8AI score0.00554EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/11 7:26 p.m.8 views

CVE-2026-42882

oxyno-zeta/s3-proxy is an aws s3 proxy written in go. Prior to 5.0.0, s3-proxy contains an authentication bypass caused by inconsistent URL path interpretation between the authentication middleware and the bucket handler. The authentication middleware evaluates resource path patterns against the...

9.4CVSS5.8AI score0.00554EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/22 9:25 p.m.8 views

justhtml has sanitization bypass in custom policies and programmatic DOM

Summary justhtml 1.17.0 fixes multiple security issues in sanitization, serialization, and programmatic DOM handling. Most of these issues affected advanced or custom configurations rather than the default safe path. Affected versions - justhtml , MathML , SVG / , and MathML text integration poin...

5.8AI score
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2026/02/17 3:59 p.m.5 views

freerdp: FreeRDP: Denial of Service and potential code execution via client-side heap buffer overflow

A flaw was found in FreeRDP. A malicious server can exploit a client-side heap buffer overflow vulnerability in the gdiSurfaceToSurface path. This vulnerability, caused by a mismatch in memory handling, can lead to a crash Denial of Service of the client application. Furthermore, it carries a ris...

9.8CVSS6.5AI score0.00434EPSS
Exploits1References7
OSV
OSV
added 2026/01/27 3:40 p.m.2 views

CVE-2026-0648

The vulnerability stems from an incorrect error-checking logic in the CreateCounter function in threadx/utility/rtoscompatibilitylayers/OSEK/txosek.c when handling the return value of osekgetcounter. Specifically, the current code checks if cntrid equals 0u to determine failure, but...

7.8CVSS5.9AI score0.00105EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/10/07 6:10 p.m.13 views

CVE-2025-8291 ZIP64 End of Central Directory (EOCD) Locator record offset not checked

The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory EOCD Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be assumed to be the previous record in the ZIP archive. This could be abused to create Z...

4.3CVSS0.00353EPSS
Exploits0References10
Rows per page
Query Builder