Lucene search
K

3124 matches found

SUSE CVE
SUSE CVE
added 2026/06/12 2:31 a.m.14 views

SUSE CVE-2026-11884

A heap buffer overflow flaw was found in 389 Directory Server. When serializing objectclass definitions, the ocsuperior SUP field length is omitted from buffer size calculations in readschemadse and schemaoctostring, but the field is still written via strcat. An attacker with Directory Manager...

6.5CVSS5.7AI score0.00349EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.17 views

PT-2026-48432

Name of the Vulnerable Software and Affected Versions 389 Directory Server affected versions not specified Description A heap buffer overflow occurs during the serialization of objectclass definitions. The length of the oc superior SUP field is omitted from buffer size calculations within the rea...

6.5CVSS6.2AI score0.00349EPSS
Exploits0References10
F5 Networks
F5 Networks
added 2026/06/05 3:17 p.m.15 views

K000161603: Apache Tomcat vulnerability CVE-2026-32990

Security Advisory Description Improper Input Validation vulnerability in Apache Tomcat due to an incomplete fix of CVE-2025-66614. This issue affects Apache Tomcat: from 11.0.15 through 11.0.19, from 10.1.50 through 10.1.52, from 9.0.113 through 9.0.115. Users are recommended to upgrade to versio...

5.3CVSS5.8AI score0.00307EPSS
Exploits0Affected Software1
Hacker One
Hacker One
added 2026/06/01 8:53 a.m.18 views

curl: heap-use-after-free in state.referer when CURLOPT_REFERER replaced or cleared after perform

Calling curleasysetoptcurl, CURLOPTREFERER, ... to replace or clear a previously-set referer after curleasyperform frees the old string via Curlsetstropt lib/setopt.c:87 but leaves data-state.referer.ptr pointing at the freed heap region. curleasygetinfoCURLINFOREFERER and curleasyduphandle then...

5.6AI score
Exploits0
OSV
OSV
added 2026/05/29 3:45 p.m.15 views

GHSA-J6FM-9RFM-J5HX Froxlor has an incomplete fix for CVE-2026-30932

Summary The LOC record regex uses \s+ which matches newlines allowing embedded newlines to pass, TLSA matchingType=0 has no upper bound on hex data length, and all validators return raw input without zone-file escaping. Affected Package - Ecosystem: Other - Package: froxlor - Affected versions: a...

8.6CVSS5.9AI score0.00544EPSS
Exploits1References6
CVE
CVE
added 2026/05/29 1:11 p.m.26 views

CVE-2026-45619

Summary: WWBN AVideo prior to 29.0 allowed SSRF via isSSRFSafeURL() because subsequent fetches used file_get_contents() with redirects enabled. Two endpoints (plugin/AI/receiveAsync.json.php and objects/EpgParser.php) validate the URL but do not prevent redirects, enabling a redirect-based DNS re...

6.5CVSS5.8AI score0.00136EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/05/29 1:7 p.m.38 views

CVE-2026-45620 AVideo CVE-2026-43881 incomplete fix - `objects/mention.json.php:17` is an unauthenticated user enumeration

WWBN AVideo is an open source video platform. In 29.0 and earlier, objects/mention.json.php has no User::loginCheck or admin gate. It only has an entry guard: pregmatch'/^@/', $REQUEST'term' and hard-coded rowCount=10. This enables unauthenticated user enumeration...

5.3CVSS0.00193EPSS
Exploits0References1
CVE
CVE
added 2026/05/28 6:4 p.m.25 views

CVE-2026-4944

The provided documents describe a vulnerability in vllm-project/vllm version 0.14.1 where trust_remote_code is hardcoded to True in nemotron_vl.py and kimi_k25.py, bypassing user-specified --trust-remote-code=False and enabling remote code execution via malicious HuggingFace model repositories. T...

8.8CVSS7.9AI score0.00747EPSS
Exploits0References1
NVD
NVD
added 2026/05/26 9:16 p.m.24 views

CVE-2026-9642

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

0.00053EPSS
Exploits0
EUVD
EUVD
added 2026/05/26 7:36 p.m.18 views

EUVD-2026-31970

There is a mitigation bypass / incomplete fix for CVE-2025-62582 Unauthenticated Remote Database Access An unauthenticated remote attacker can access configured databases in a DIAView project...

9.8CVSS5.8AI score0.00485EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/26 7:36 p.m.16 views

CVE-2026-9642

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

5.7AI score0.00053EPSS
Exploits0References2
CVE
CVE
added 2026/05/22 12:17 p.m.62 views

CVE-2026-44417

CVE-2026-44417 is an Apache CXF-related issue that completes the fix for CVE-2025-48913. The vulnerability arises when untrusted users can configure JMS in CXF, potentially enabling code execution. The published advisories indicate an incomplete fix previously, and upgrades are recommended to mit...

7.5CVSS7.5AI score0.0064EPSS
Exploits0References5Affected Software1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in libdbi-perl

A issue was discovered in the DBI module through version 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically specified via the fdir attribute in the data source name DSN. NOTE: This issue exists due to an incomplete fix for CVE-2014-10401...

6.1CVSS6.7AI score0.00488EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.21 views

Astra Linux – Vulnerability in Tomcat9

The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61, or 7.0.0 to 7.0.107, the Tomcat instance was still vulnerable to CVE-2020-9494, even when using a configuration edge case that was highly unlikely to be used. It should be...

7CVSS6.7AI score0.09491EPSS
Exploits15References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.12 views

Astra Linux – Vulnerability in python-git

GitPython before version 3.1.32 does not prevent the use of insecure non-multi options in clone and clonefrom commands. NOTE: This issue exists due to an incomplete fix for CVE-2022-24439...

9.8CVSS8.2AI score0.00984EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in libzstd

Starting from v1.4.1 and before v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and immediately restricted those permissions afterward. As a result, the output files could temporarily be readable or writable to...

4.7CVSS5.9AI score0.00346EPSS
Exploits0References1
OSV
OSV
added 2026/05/19 3:51 p.m.17 views

GHSA-6M52-M754-PW2G Nuxt: Dev server exposes built source over LAN to malicious sites (incomplete fix for GHSA-4gf7-ff8x-hq99)

Summary This is an incomplete fix for GHSA-4gf7-ff8x-hq99. Source code may be stolen during dev when using the webpack / rspack builder if the dev server is bound to a non-loopback address e.g. nuxt dev --host and the developer opens a malicious site on the same network. Details The fix for...

5.9CVSS5.8AI score0.0028EPSS
Exploits2References5
OSV
OSV
added 2026/05/18 1:30 p.m.7 views

GHSA-VPFX-PXQW-2W79 AVideo CVE-2026-43881 incomplete fix - `objects/mention.json.php:17` is an unauthenticated user enumeration sibling that survives `d9cdc7024`

CVE-2026-43881 fix d9cdc7024 patched users.json.php only. The same anti-pattern survives at master HEAD in: objects/mention.json.php:17 $ignoreAdmin = true; objects/mention.json.php:18 $users = User::getAllUsers$ignoreAdmin, 'name', 'email', 'user', 'channelName', 'a'; No User::loginCheck, no adm...

5.3CVSS5.8AI score0.00193EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/18 1:30 p.m.18 views

AVideo CVE-2026-43881 incomplete fix - `objects/mention.json.php:17` is an unauthenticated user enumeration sibling that survives `d9cdc7024`

CVE-2026-43881 fix d9cdc7024 patched users.json.php only. The same anti-pattern survives at master HEAD in: objects/mention.json.php:17 $ignoreAdmin = true; objects/mention.json.php:18 $users = User::getAllUsers$ignoreAdmin, 'name', 'email', 'user', 'channelName', 'a'; No User::loginCheck, no adm...

5.3CVSS5.8AI score0.0027EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/05/13 8:58 p.m.12 views

EUVD-2026-30169

EcclesiaCRM is CRM Software for church management. In 8.0.0 and earlier, the ValidateInput function's default case in EcclesiaCRM's query view passes user-supplied POST parameters directly into SQL queries via strreplace without any sanitization, enabling SQL injection through query parameters th...

9.8CVSS5.9AI score0.0035EPSS
Exploits1References2
Rows per page
Query Builder