Lucene search
K

408 matches found

CVE
CVE
added 2026/04/22 11:30 p.m.21 views

CVE-2026-5935

CVE-2026-5935 affects IBM Total Storage Service Console (TSSC) / TS4500 IMC versions 9.2–9.6. The IBM advisory documents an OS Command Injection vulnerability (CWE-78) due to improper validation of user input, allowing an unauthenticated user to execute arbitrary commands with normal user privile...

9.8CVSS6.1AI score0.0034EPSS
Exploits0References1Affected Software2
OSV
OSV
added 2026/04/22 6:31 p.m.3 views

GHSA-VCHC-9GGH-3236 Duplicate Advisory: uutils coreutils has a Path Traversal issue

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-89p7-7cq3-hhr2. This link is maintained to preserve external references. Original Description A vulnerability in the rm utility of uutils coreutils allows the bypass of safeguard mechanisms intended to protect t...

5.6CVSS6.1AI score0.00166EPSS
Exploits1References3
NVD
NVD
added 2026/04/22 5:16 p.m.6 views

CVE-2026-35363

A vulnerability in the rm utility of uutils coreutils allows the bypass of safeguard mechanisms intended to protect the current directory. While the utility correctly refuses to delete . or .., it fails to recognize equivalent paths with trailing slashes, such as ./ or .///. An accidental or...

5.6CVSS0.00166EPSS
Exploits1References1
Snyk
Snyk
added 2026/04/22 5:6 p.m.8 views

Improper Check for Unusual or Exceptional Conditions

Overview Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions via the PolicyDataSubsToNotifyPost process. An attacker can create unintended notification subscriptions with invalid, empty, or partially processed input by sending malformed or...

6.9CVSS5.8AI score0.09955EPSS
Exploits0References2
CVE
CVE
added 2026/04/22 4:8 p.m.27 views

CVE-2026-35363

The CVE-2026-35363 entry concerns the rm utility in uutils coreutils. The issue: path normalization bug allows bypass of safeguards for the current directory. It correctly refuses . and .. but fails to recognize equivalent paths with trailing slashes (e.g., ./ or .///). An accidental/malicious ex...

5.6CVSS6AI score0.00166EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/22 4:8 p.m.3 views

CVE-2026-35363

A vulnerability in the rm utility of uutils coreutils allows the bypass of safeguard mechanisms intended to protect the current directory. While the utility correctly refuses to delete . or .., it fails to recognize equivalent paths with trailing slashes, such as ./ or .///. An accidental or...

5.6CVSS6AI score0.00166EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.5 views

PT-2026-34499

Name of the Vulnerable Software and Affected Versions uutils coreutils affected versions not specified Description A flaw in the rm utility allows the bypass of safeguard mechanisms designed to protect the current directory. Although the utility prevents the deletion of . or .., it does not...

5.6CVSS6AI score0.00166EPSS
Exploits1References12
Cvelist
Cvelist
added 2026/04/21 11:47 p.m.46 views

CVE-2026-40343 free5GC UDR: Fail-open handling in PolicyDataSubsToNotifyPost allows unintended subscription creation

free5GC UDR is the user data repository UDR for free5GC, an an open-source project for 5th generation 5G mobile core networks. In versions up to and including 1.4.2, a fail-open request handling flaw in the UDR service causes the /nudr-dr/v2/policy-data/subs-to-notify POST handler to continue...

6.9CVSS0.09955EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/21 8:19 a.m.5 views

EUVD-2025-209536

Zervit's portable HTTP/web server is vulnerable to remote DoS attacks when a configuration reset request is made. The vulnerability is caused by inadequate validation of user-supplied input. An attacker can exploit this vulnerability by sending malicious requests. If the vulnerability is...

8.2CVSS5.8AI score0.00253EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/21 8:19 a.m.2 views

CVE-2025-13826 Incorrect input validation on the Zervit portable HTTP/Web server

Zervit's portable HTTP/web server is vulnerable to remote DoS attacks when a configuration reset request is made. The vulnerability is caused by inadequate validation of user-supplied input. An attacker can exploit this vulnerability by sending malicious requests. If the vulnerability is...

8.2CVSS5.8AI score0.00253EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/04/15 3:40 p.m.4 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS7.2AI score0.00728EPSS
Exploits0References8
SUSE Linux
SUSE Linux
added 2026/04/15 10:21 a.m.5 views

Security update for libssh

This update for libssh fixes the following issues: CVE-2026-3731: denial of service via out-of-bounds read in SFTP extension name handler bsc1259377. CVE-2026-0964: SCP protocol path traversal in sshscppullrequest bsc1258049. CVE-2026-0965: possible denial of service when parsing unexpected...

6.9CVSS6.5AI score0.00631EPSS
Exploits0References24
RedHat Linux
RedHat Linux
added 2026/04/14 6:48 a.m.2 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS5.8AI score0.00728EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/04/13 2:29 a.m.3 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS5.8AI score0.00728EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/04/13 2:1 a.m.6 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS5.8AI score0.00728EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/04/09 9:55 a.m.7 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS7.2AI score0.00728EPSS
Exploits0References8
Microsoft CVE
Microsoft CVE
added 2026/03/31 8:1 a.m.8 views

Libssh: buffer underflow in ssh_get_hexa() on invalid input

...

8.2CVSS5.8AI score0.00582EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/03/26 8:6 p.m.2 views

CVE-2026-0966

A flaw was found in libssh. The API function sshgethexa is vulnerable to a denial of service when processing zero-length input. This can be exploited remotely by an attacker during GSSAPI Generic Security Service Application Program Interface authentication if the server's logging verbosity is se...

8.2CVSS6.3AI score0.00582EPSS
Exploits0
OSV
OSV
added 2026/03/25 4:22 p.m.5 views

USN-8123-1 mbedtls vulnerabilities

It was discovered that Mbed TLS incorrectly handled memory allocation failures. A remote attacker could possibly use this issue to crash the program. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. CVE-2021-44732 Jonathan Winzig discovered that Mbed TLS incorrectly handled crafted...

9.8CVSS6.1AI score0.02569EPSS
Exploits4References8
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/24 6:56 a.m.7 views

Security Bulletin: Multiple vulnerabilities in IBM MQ Operator and Queue manager container images

Summary Multiple vulnerabilities were addressed in IBM MQ Operator and Queue manager container images Vulnerability Details CVEID:CVE-2025-9086 DESCRIPTION: 1. A cookie is set using the secure keyword for https://target 2. curl is redirected to or otherwise made to speak with http://target same...

9.8CVSS7.7AI score0.47621EPSS
Exploits10Affected Software1
Rows per page
Query Builder