Lucene search
K

7745 matches found

OSV
OSV
added 2026/05/29 7:43 p.m.19 views

GHSA-W5PP-99CH-QJ29 go-git: Malformed Git object data may cause panics or resource exhaustion

Impact Several denial-of-service issues were identified in go-git when parsing maliciously crafted Git repository data. An attacker may craft a malicious .pack, .idx or loose objects that causes an application using an affected version of go-git to panic or consume excessive resources. This can...

6.5CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/05/29 5:49 p.m.10 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview org.webjars.npm:vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the BaseHandler.set trap in lib/bridge.js. An...

9.2CVSS6.3AI score0.00287EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/29 5:44 p.m.9 views

Incomplete List of Disallowed Inputs

Overview org.webjars.npm:vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs through Symbol.for handling in lib/setup-sandbox.js and the bridge write traps in lib/bridge.js...

9.5CVSS5.9AI score0.00266EPSS
Exploits0References2
Microsoft Secure
Microsoft Secure
added 2026/05/29 4:0 p.m.39 views

Microsoft is named a Leader in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection

As threats become more coordinated and faster to execute, endpoint protection has become the proving ground for modern defense. For the seventh consecutive time, Microsoft has been named a Leader in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection. We believe this reflects both the...

5.8AI score
Exploits0
Cvelist
Cvelist
added 2026/05/29 1:7 p.m.37 views

CVE-2026-45620 AVideo CVE-2026-43881 incomplete fix - `objects/mention.json.php:17` is an unauthenticated user enumeration

WWBN AVideo is an open source video platform. In 29.0 and earlier, objects/mention.json.php has no User::loginCheck or admin gate. It only has an entry guard: pregmatch'/^@/', $REQUEST'term' and hard-coded rowCount=10. This enables unauthenticated user enumeration...

5.3CVSS0.00193EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-45861

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - gfs2: Fix slab-use-after-free in qdput Commit a475c5dd16e5 gfs2: Free quota data objects synchronously started freeing quota data objects during filesystem...

7.8CVSS7.1AI score0.00159EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/28 6:28 p.m.50 views

EUVD-2026-32987

Ubuntu Linux 6.8, 6.17 and 7.0 contain AppArmor SAUCE patches which incorrectly validate the size of an internal structure, leading to an out-of-bounds read in notification handling code. The bug can be triggered by an unprivileged local user and can result in information disclosure from adjacent...

5.5CVSS5.8AI score0.00106EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/28 6:28 p.m.8 views

CVE-2026-47332

Ubuntu Linux 6.8, 6.17 and 7.0 contain AppArmor SAUCE patches which incorrectly validate the size of an internal structure, leading to an out-of-bounds read in notification handling code. The bug can be triggered by an unprivileged local user and can result in information disclosure from adjacent...

5.5CVSS5.8AI score0.00106EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/28 6:28 p.m.8 views

CVE-2026-47332 Out-of-bounds read in Ubuntu Linux AppArmor notification handling

Ubuntu Linux 6.8, 6.17 and 7.0 contain AppArmor SAUCE patches which incorrectly validate the size of an internal structure, leading to an out-of-bounds read in notification handling code. The bug can be triggered by an unprivileged local user and can result in information disclosure from adjacent...

5.5CVSS5.8AI score0.00106EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/28 5:52 p.m.10 views

EUVD-2026-32976

deepobj provides get, set, delete deep objects in javascript. Prior to 1.0.3, prototype pollution is possible when property paths contain proto/constructor/prototype. The property path must not be exposed as user input. This vulnerability is fixed in 1.0.3...

8.2CVSS5.8AI score0.00316EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/28 5:1 p.m.30 views

CVE-2026-44794 Nautobot: REST API permits creation of GenericForeignKey references to objects that the user should not be able to reference

Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, in the case of inter-object references via GenericForeignKey a pattern allowing an object to reference another object that may belong to one of several different "content types" or database tables,...

5.4CVSS0.00177EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/05/28 3:57 a.m.10 views

SUSE CVE-2026-45861

In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix slab-use-after-free in qdput Commit a475c5dd16e5 "gfs2: Free quota data objects synchronously" started freeing quota data objects during filesystem shutdown instead of putting them back onto the LRU list, but it failed ...

7.8CVSS5.8AI score0.00159EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/28 3:52 a.m.12 views

SUSE CVE-2026-46084

In the Linux kernel, the following vulnerability has been resolved: RDMA/manaib: Disable RX steering on RSS QP destroy When an RSS QP is destroyed e.g. DPDK exit, manaibdestroyqprss destroys the RX WQ objects but does not disable vPort RX steering in firmware. This leaves stale steering...

5.5CVSS5.7AI score0.00129EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/28 3:44 a.m.33 views

CVE-2026-9793 Keycloak: keycloak: security policy bypass in jwe-encrypted request object processing

A flaw was found in Keycloak. When a JSON Web Encryption JWE encrypted request object is submitted, Keycloak may incorrectly process unsigned claims if the decrypted content is raw JSON, bypassing the configured signature policy. This allows a remote attacker to submit unauthorized claims, leadin...

5.9CVSS0.0012EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/28 12:0 a.m.18 views

Linux Distros Unpatched Vulnerability : CVE-2026-45022

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - go-git is an extensible git implementation library written in pure Go. Prior to 5.19.0 and 6.0.0-alpha.3, go-git may parse malformed Git objects in a way that...

7.5CVSS5.5AI score0.00159EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.8 views

Keycloak 数据伪造问题漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak itself. Keycloak has a data falsification vulnerability. This vulnerability arises when submitting JSON Web encrypted request objects, and if the decrypted content is the original JSON, Keycloak may improperl...

5.9CVSS5.8AI score0.0012EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.8 views

Nautobot 安全漏洞

Nautobot is a web automation platform developed by the Nautobot team. Versions prior to Nautobot 2.4.33 and 3.1.2 contained security vulnerabilities. These vulnerabilities stemmed from the combination of the find field and the useregex flag during batch renaming of UI objects, allowing for the us...

6.5CVSS5.8AI score0.00312EPSS
Exploits0References6
CVE
CVE
added 2026/05/27 9:56 p.m.30 views

CVE-2026-46416

Microsoft UFO (open-source framework for intelligent automation) in version 3.0.1-4-ge2626659 uses a single shared UFOWebSocketHandler instance for multiple authenticated WebSocket connections. The handler caches per-connection protocol objects in mutable fields, and each new connection overwrite...

6.3CVSS5.8AI score0.00276EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 9:56 p.m.11 views

CVE-2026-46416

Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO creates one shared UFOWebSocketHandler instance and reuses it for multiple authenticated WebSocket connections. The handler stores per-connection protocol objects in...

6.3CVSS5.8AI score0.00276EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/27 8:42 p.m.9 views

EUVD-2026-32663

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Prior to 5.12.1, when ujson.dump writes to a file-like object and the write operation raises an exception, the serialized JSON string object is not decremented, leaking memory. Each failed write operatio...

8.7CVSS5.8AI score0.00421EPSS
Exploits1References3
Rows per page
Query Builder