12797 matches found
EUVD-2026-27550
Vulnerability in the Oracle Cloud Native Environment Command Line Interface product of Oracle Open Source Projects. The supported versions that is affected is v2.3.2. Easily exploitable vulnerability allows unauthenticated attacker to compromise Oracle Cloud Native Environment Command Line...
github.com/sirupsen/logrus: github.com/sirupsen/logrus: Denial-of-Service due to large single-line payload
A denial-of-service vulnerability in github.com/sirupsen/logrus occurs when Entry.Writer processes a single-line payload larger than 64KB with no newline characters. Due to a limitation in Go’s internal bufio.Scanner, the read operation fails with a “token too long” error, causing the underlying...
CVE-2026-35255
Vulnerability in the Oracle Cloud Native Environment Command Line Interface product of Oracle Open Source Projects. The supported versions that is affected is v2.3.2. Easily exploitable vulnerability allows unauthenticated attacker to compromise Oracle Cloud Native Environment Command Line...
CVE-2026-35255
Vulnerability in the Oracle Cloud Native Environment Command Line Interface product of Oracle Open Source Projects. The supported versions that is affected is v2.3.2. Easily exploitable vulnerability allows unauthenticated attacker to compromise Oracle Cloud Native Environment Command Line...
CVE-2026-35255
Vulnerability in the Oracle Cloud Native Environment Command Line Interface product of Oracle Open Source Projects. The supported versions that is affected is v2.3.2. Easily exploitable vulnerability allows unauthenticated attacker to compromise Oracle Cloud Native Environment Command Line...
CVE-2026-35255
Vulnerability in the Oracle Cloud Native Environment Command Line Interface product of Oracle Open Source Projects. The supported versions that is affected is v2.3.2. Easily exploitable vulnerability allows unauthenticated attacker to compromise Oracle Cloud Native Environment Command Line...
CVE-2026-35255
Oracle Cloud Native Environment Command Line Interface (CNCLI) vulnerability in v2.3.2 where a malicious environment variable can allow an unauthenticated attacker to execute arbitrary code. CVSS: LOCAL attack vector, LOW complexity, LOW privileges required, user interaction required; impact is h...
CVE-2026-35254
Vulnerability in the Oracle OCI CLI product of Oracle Open Source Projects. The supported versions that is affected is 3.77. Easily exploitable vulnerability allows unauthenticated attacker with network access to compromise Oracle OCI CLI. Successful attacks of this vulnerability can result in...
SUSE CVE-2026-31753
In the Linux kernel, the following vulnerability has been resolved: auxdisplay: line-display: fix NULL dereference in linedisprelease linedisprelease currently retrieves the enclosing struct linedisp via tolinedisp. That lookup depends on the attachment list, but the attachment may already have...
Gotenberg 参数注入漏洞
Gotenberg is an open-source, developer-friendly API developed by Gotenberg. It is used to convert various document formats into PDF files. Versions of Gotenberg 8.30.1 and earlier contained a parameter injection vulnerability. This vulnerability stemmed from the fact that the metadata writing...
PT-2026-38220
Vvveb before version 1.0.8.2 contains an information disclosure vulnerability that allows unauthenticated attackers to obtain sensitive server information by triggering unhandled exceptions in the password-reset module. Attackers can access the admin password-reset endpoint to trigger a fatal err...
Vvveb 安全漏洞
Vvveb is a powerful and easy-to-use CMS developed by Givan’s individual developers. It is used to build websites, blogs, or e-commerce stores. Versions of Vvveb prior to 1.0.8.2 contained security vulnerabilities. These vulnerabilities were caused by an issue with the password reset module, where...
PT-2026-37348
Name of the Vulnerable Software and Affected Versions Oracle OCI CLI version 3.77 Description An issue in the Oracle OCI CLI product of Oracle Open Source Projects allows an unauthenticated attacker with network access to compromise the system. This flaw enables users to perform a path traversal,...
CRLF Injection
Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to CRLF Injection via the downloadICS.php process. An attacker can inject arbitrary calendar events and spoof event details by supplying specially crafted input...
shadow-utils: Fix of CVE-2017-12424
CVE-2017-12424: fix heap buffer overflow in commoniosort when an entry has a NULL line...
CLSA-2026-1777947090 shadow-utils: Fix of CVE-2017-12424
CVE-2017-12424: fix heap buffer overflow in commoniosort when an entry has a NULL line...
CLSA-2026-1777558504 vim: Fix of 10 CVEs
CVE-2021-3928: in suggesttriewalk only credit a non-word-char boundary with SCORENONWORD when preword is non-empty, so spell suggestions do not read uninitialized memory behind preword. - CVE-2021-3974: in nfaregmatch NFAMARK / NFAMARKGT / NFAMARKLT, save reginput - regline and re-fetch regline...
dovecot: denial of service via specially crafted NOOP command
A flaw was found in dovecot. An unauthenticated and remote attacker can send a specially crafted "NOOP" command containing numerous open and close parentheses without a command-ending line feed, causing the server to allocate an excessive amount of memory, resulting in a denial of service...
Microdot has HTTP response splitting in Response.set_cookie()
Impact The Response.setcookie method does not sanitize its string arguments, and in particular will not detect the presence of the \r\n sequence in them. This can be a potential source of header injection attacks. For a header injection attack through this issue to be possible, an attacker must...
HTTP Response Splitting
Overview microdot is a The impossibly small web framework for MicroPython Affected versions of this package are vulnerable to HTTP Response Splitting in the setcookie function. An attacker can inject arbitrary HTTP headers by supplying malicious input containing carriage return and line feed...