Lucene search
+L

538 matches found

Tenable Nessus
Tenable Nessus
added 2026/03/06 12:0 a.m.5 views

Vim < 9.2.0074 Heap-based Buffer Overflow (GHSA-h4mf-vg97-hj8j)

The version of Vim installed on the remote host is prior to 9.2.0074. It is, therefore, affected by a vulnerability as referenced in the GHSA-h4mf-vg97-hj8j advisory. - Vim is an open source, command line text editor. Prior to version 9.2.0074, a heap-based buffer overflow out-of-bounds read exis...

5.5CVSS6.2AI score0.0022EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/04 7:45 p.m.6 views

CVE-2025-64736

An out-of-bounds read vulnerability exists in the ABF parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch 5462afb0. A specially crafted .abf file can lead to an information leak. An attacker can provide a malicious file to trigger this vulnerability...

7.1CVSS5.9AI score0.00184EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/01 1:43 a.m.10 views

CVE-2026-28270

Kiteworks is a private data network PDN. Prior to version 9.2.0, a vulnerability in Kiteworks configuration allows uploading of arbitrary files without proper validation. Malicious administrators could exploit this to upload unauthorized file types to the system. Version 9.2.0 contains a patch fo...

7.2CVSS6AI score0.01607EPSS
Exploits0References1
OSV
OSV
added 2026/02/28 2:47 a.m.6 views

GHSA-8P85-9QPW-FWGW @fastify/middie has Improper Path Normalization when Using Path-Scoped Middleware

Summary A path normalization inconsistency in @fastify/middie can result in authentication/authorization bypass when using path-scoped middleware for example, app.use'/secret', auth. When Fastify router normalization options are enabled such as ignoreDuplicateSlashes, useSemicolonDelimiter, and...

8.2CVSS6AI score0.0039EPSS
Exploits0References7
NVD
NVD
added 2026/02/27 10:16 p.m.12 views

CVE-2026-28419

Vim is an open source, command line text editor. Prior to version 9.2.0075, a heap-based buffer underflow exists in Vim's Emacs-style tags file parsing logic. When processing a malformed tags file where a delimiter appears at the start of a line, Vim attempts to read memory immediately preceding...

6.6CVSS0.00168EPSS
Exploits0References4
OSV
OSV
added 2026/02/27 10:16 p.m.6 views

AZL-78509 CVE-2026-28419 affecting package vim 9.1.1616-1

Vim is an open source, command line text editor. Prior to version 9.2.0075, a heap-based buffer underflow exists in Vim's Emacs-style tags file parsing logic. When processing a malformed tags file where a delimiter appears at the start of a line, Vim attempts to read memory immediately preceding...

6.6CVSS6.2AI score0.00168EPSS
Exploits0References1
OSV
OSV
added 2026/02/27 10:16 p.m.7 views

UBUNTU-CVE-2026-28420

Vim is an open source, command line text editor. Prior to version 9.2.0076, a heap-based buffer overflow WRITE and an out-of-bounds READ exist in Vim's terminal emulator when processing maximum combining characters from Unicode supplementary planes. Version 9.2.0076 fixes the issue...

4.4CVSS6.3AI score0.00177EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/02/27 9:58 p.m.9 views

CVE-2026-28418

Vim is an open source, command line text editor. Prior to version 9.2.0074, a heap-based buffer overflow out-of-bounds read exists in Vim's Emacs-style tags file parsing logic. When processing a malformed tags file, Vim can be tricked into reading up to 7 bytes beyond the allocated memory boundar...

5.5CVSS6AI score0.0022EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/02/27 8:21 p.m.5 views

CVE-2026-28271 Kiteworks Core is vulnerable to Server-Side Request Forgery (SSRF)

Kiteworks is a private data network PDN. Prior to version 9.2.0, a vulnerability in Kiteworks configuration functionality allows bypassing of SSRF protections through DNS rebinding attacks. Malicious administrators could exploit this to access internal services that should be restricted. Version...

6.5CVSS5.8AI score0.0043EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/27 8:21 p.m.23 views

CVE-2026-28271 Kiteworks Core is vulnerable to Server-Side Request Forgery (SSRF)

Kiteworks is a private data network PDN. Prior to version 9.2.0, a vulnerability in Kiteworks configuration functionality allows bypassing of SSRF protections through DNS rebinding attacks. Malicious administrators could exploit this to access internal services that should be restricted. Version...

6.5CVSS0.0043EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/27 8:21 p.m.13 views

CVE-2026-28271 Kiteworks Core is vulnerable to Server-Side Request Forgery (SSRF)

Kiteworks is a private data network PDN. Prior to version 9.2.0, a vulnerability in Kiteworks configuration functionality allows bypassing of SSRF protections through DNS rebinding attacks. Malicious administrators could exploit this to access internal services that should be restricted. Version...

6.5CVSS5.9AI score0.0043EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/27 8:19 p.m.7 views

CVE-2026-28270 Kiteworks Core has an Unrestricted Upload of File with Dangerous Type

Kiteworks is a private data network PDN. Prior to version 9.2.0, a vulnerability in Kiteworks configuration allows uploading of arbitrary files without proper validation. Malicious administrators could exploit this to upload unauthorized file types to the system. Version 9.2.0 contains a patch fo...

4.9CVSS6AI score0.01607EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/27 8:19 p.m.9 views

EUVD-2026-9065

Kiteworks is a private data network PDN. Prior to version 9.2.0, a vulnerability in Kiteworks configuration allows uploading of arbitrary files without proper validation. Malicious administrators could exploit this to upload unauthorized file types to the system. Version 9.2.0 contains a patch fo...

4.9CVSS6AI score0.01607EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/27 12:0 a.m.9 views

PT-2026-22394

Name of the Vulnerable Software and Affected Versions Kiteworks versions prior to 9.2.0 Description Kiteworks is a private data network. Prior to version 9.2.0, a configuration issue allows the upload of arbitrary files without proper validation. A malicious administrator could exploit this to...

7.2CVSS6AI score0.01607EPSS
Exploits0References8
NVD
NVD
added 2026/02/26 11:16 p.m.14 views

CVE-2026-28269

Kiteworks is a private data network PDN. Prior to version 9.2.0, avulnerability in Kiteworks command execution functionality allows authenticated users to redirect command output to arbitrary file locations. This could be exploited to overwrite critical system files and gain elevated access...

8.8CVSS0.01951EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/02/24 4:9 p.m.9 views

Important: Red Hat Security Advisory: protobuf security update

An update for protobuf is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

8.2CVSS6.3AI score0.00613EPSS
Exploits0References2
OSV
OSV
added 2026/02/20 2:16 a.m.3 views

UBUNTU-CVE-2026-26065

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Versions 9.2.1 and below are vulnerable to Path Traversal through PDB readers both 132-byte and 202-byte header variants that allow arbitrary file writes with arbitrary extension and arbitrary...

9.3CVSS6.3AI score0.0052EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/02/20 1:44 a.m.4 views

CVE-2026-26064 calibre: Path Traversal Vulnerability Enables Arbitrary File Write and Remote Code Execution

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Versions 9.2.1 and below contain a Path Traversal vulnerability that allows arbitrary file writes anywhere the user has write permissions. On Windows, this leads to Remote Code Execution by writin...

9.3CVSS5.9AI score0.0088EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/02/20 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-26064

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Versions 9.2.1 and below contain a Path Traversal...

9.3CVSS6AI score0.0088EPSS
Exploits1References2
NVD
NVD
added 2026/02/19 12:16 a.m.12 views

CVE-2026-25926

Notepad++ is a free and open-source source code editor. An Unsafe Search Path vulnerability CWE-426 exists in versions prior to 8.9.2 when launching Windows Explorer without an absolute executable path. This may allow execution of a malicious explorer.exe if an attacker can control the process...

7.3CVSS0.00248EPSS
Exploits1References3
Rows per page
Query Builder