Lucene search
K

2913 matches found

CNNVD
CNNVD
added 2026/04/20 12:0 a.m.9 views

NEMU 安全漏洞

NEMU is an open-source teaching system simulator developed by XiangShan. Versions of NEMU prior to v2025.12.r2 contained security vulnerabilities. These vulnerabilities were caused by improper instruction validation in the RISC-V Vector decoder, which could lead to incorrect trap behavior,...

7.5CVSS5.8AI score0.00543EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/18 9:0 p.m.8 views

Improper Validation of Specified Index, Position, or Offset in Input

Overview Affected versions of this package are vulnerable to Improper Validation of Specified Index, Position, or Offset in Input due to accepting external output buffers but not rejecting out-of-range writes small buf or large offset. This inconsistency allows silent partial writes into...

9.3CVSS5.8AI score0.00337EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/16 9:9 p.m.10 views

Improper Validation of Unsafe Equivalence in Input

Overview @node-oauth/oauth2-server is a Complete, framework-agnostic, compliant and well tested module for implementing an OAuth2 Server in node.js Affected versions of this package are vulnerable to Improper Validation of Unsafe Equivalence in Input in the token process. An attacker can obtain...

8.2CVSS5.8AI score0.00259EPSS
Exploits1References3
CVE
CVE
added 2026/04/16 6:43 p.m.22 views

CVE-2026-6442

CVE-2026-6442 concerns Snowflake Cortex Code CLI prior to version 1.0.25, where improper validation of bash commands allows embedding crafted content to cause the CLI agent to execute arbitrary code outside the sandbox. The NVD/CVE records describe this as a local RCE risk with non-deterministic ...

8.3CVSS6.2AI score0.00358EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/14 4:52 p.m.5 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to Improper Certificate Validation in crypto/x509 [CVE-2025-58188]

Summary IBM Watson Speech Services Cartridge is vulnerable to Improper Certificate Validation in crypto/x509, due to incorrect processing of chains which contain DSA public keys. CVE-2025-58188. Crypto/x509 is used in our speech utilities. This vulnerabilitiy has been addressed. Please read the...

7.5CVSS7AI score0.00361EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/04/14 11:7 a.m.3 views

SUSE-SU-2026:1314-1 Security update for ignition

This update for ignition fixes the following issue: - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2 :path pseudo-header bsc1260251...

9.1CVSS5.8AI score0.01557EPSS
Exploits1References3
OSV
OSV
added 2026/04/14 8:29 a.m.6 views

SUSE-SU-2026:21115-1 Security update for ignition

This update for ignition fixes the following issue: - CVE-2026-33186: Fixed an authorization bypass due to improper validation of the HTTP/2: path pseudo-header bsc1260251...

9.1CVSS7.3AI score0.01557EPSS
Exploits1References3
NVD
NVD
added 2026/04/11 1:16 a.m.4 views

CVE-2026-5059

aws-mcp-server AWS CLI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of aws-mcp-server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handlin...

9.8CVSS0.01908EPSS
Exploits1References1
Snyk
Snyk
added 2026/04/10 7:20 p.m.4 views

Improper Validation of Consistency within Input

Overview Affected versions of this package are vulnerable to Improper Validation of Consistency within Input through the internalImportFromBackup process in lxd/apiinternal.go. An attacker can create a backup archive with a benign backup/index.yaml and a malicious backup/container/backup.yaml, th...

9.1CVSS5.5AI score0.00424EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/10 6:8 p.m.3 views

Improper Validation of Array Index

Overview Affected versions of this package are vulnerable to Improper Validation of Array Index of tcg-kp-AIKCertificate Extended Key Usage OID during TPM device attestation. An attacker can cause a panic and disrupt service availability by submitting a crafted attestation key certificate with an...

6.3CVSS5.8AI score0.00181EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/09 6:10 p.m.2 views

Improper Validation of Unsafe Equivalence in Input

Overview Affected versions of this package are vulnerable to Improper Validation of Unsafe Equivalence in Input via the TopicSelectorStore process. An attacker can access private updates intended for authorized subscribers or prevent delivery to legitimate recipients by poisoning the match result...

7.1CVSS5.8AI score0.00341EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/09 6:10 p.m.2 views

Improper Validation of Unsafe Equivalence in Input

Overview Affected versions of this package are vulnerable to Improper Validation of Unsafe Equivalence in Input via the TopicSelectorStore process. An attacker can access private updates intended for authorized subscribers or prevent delivery to legitimate recipients by poisoning the match result...

7.1CVSS5.8AI score0.00341EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/08 3:0 p.m.8 views

rfc3161-client Has Improper Certificate Validation

Summary An Authorization Bypass vulnerability in rfc3161-client's signature verification allows any attacker to impersonate a trusted TimeStamping Authority TSA. By exploiting a logic flaw in how the library extracts the leaf certificate from an unordered PKCS7 bag of certificates, an attacker ca...

7.5CVSS5.8AI score0.00188EPSS
Exploits1References5Affected Software1
Snyk
Snyk
added 2026/04/07 5:10 p.m.2 views

Improper Validation of Array Index

Overview github.com/jackc/pgx/v5/pgproto3 is a low-level PostgreSQL database driver Affected versions of this package are vulnerable to Improper Validation of Array Index in the Bind.Decode function. An attacker can cause unexpected memory access or application crashes by sending specially crafte...

9.8CVSS5.9AI score0.00605EPSS
Exploits0References3
Veracode
Veracode
added 2026/04/07 3:46 p.m.7 views

Logic Flaw

KubeVirt is vulnerable to a logic flaw. The vulnerability is due to improper validation in the virt-controller, which allows an attacker to create a malicious pod with matching labels to mislead the controller and disrupt VMI management, leading to denial-of-service...

5.3CVSS5.9AI score0.00347EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/07 3:30 p.m.6 views

Open Cluster Management (OCM): Cross-cluster privilege escalation via improper Kubernetes client certificate renewal validation

A flaw was found in Open Cluster Management OCM, the technology underlying Red Hat Advanced Cluster Management ACM. Improper validation of Kubernetes client certificate renewal allows a managed cluster administrator to forge a client certificate that can be approved by the OCM controller. This...

8.2CVSS5.8AI score0.00112EPSS
Exploits1References6Affected Software1
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.8 views

SEPPmail Secure Email Gateway 安全漏洞

SEPPmail Secure Email Gateway is an email security gateway developed by the German company SEPPmail. Versions of SEPPmail Secure Email Gateway prior to version 15.0.3 contained security vulnerabilities. These vulnerabilities stemmed from improper validation of S/MIME encrypted MIME entities for...

9.1CVSS5.8AI score0.0025EPSS
Exploits0References1
Veracode
Veracode
added 2026/03/31 3:55 a.m.29 views

Improper Authentication

github.com/1panel-dev/1panel is vulnerable to improper authentication.The vulnerability is due to improper server-side validation of a client-controlled parameter, which allows an unauthenticated attacker to bypass CAPTCHA protections and perform automated login attempts leading to potential...

7.5CVSS7.2AI score0.0039EPSS
Exploits0References4Affected Software2
Snyk
Snyk
added 2026/03/30 5:5 p.m.4 views

Improper Validation of Array Index

Overview Affected versions of this package are vulnerable to Improper Validation of Array Index through improper validation in the index decoding for version 4 files. An attacker with write access to the .git directory to modify or inject the index file can cause a panic and terminate the process...

6.9CVSS5.7AI score0.00153EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/27 3:56 p.m.3 views

Improper Handling of Length Parameter Inconsistency

Overview ecdsa is an easy-to-use implementation of ECDSA cryptography Elliptic Curve Digital Signature Algorithm, implemented purely in Python, released under the MIT license. Affected versions of this package are vulnerable to Improper Handling of Length Parameter Inconsistency due to improper...

6.9CVSS5.9AI score0.00476EPSS
Exploits1References2
Rows per page
Query Builder