Lucene search
K

19513 matches found

Debian CVE
Debian CVE
added 2026/06/23 12:0 a.m.6 views

CVE-2025-61022

An issue in the sqlotbcolpreds component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

7.5CVSS5.8AI score0.0035EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/06/23 12:0 a.m.5 views

CVE-2025-61023

An issue in the stcompare component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

7.5CVSS5.8AI score0.00482EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/06/23 12:0 a.m.4 views

CVE-2025-61020

An issue in the sqlostripinjoin component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

7.5CVSS5.8AI score0.00482EPSS
Exploits0
CVE
CVE
added 2026/06/23 12:0 a.m.8 views

CVE-2025-61025

CVE-2025-61025 affects openlink virtuoso-opensource 7.2.11, specifically the sslr_qst_get component. The issue allows a Denial of Service via crafted SQL statements. The CVSSv3.1 vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H with a base score of 7.5 (HIGH). Connected sources identify the...

7.5CVSS5.9AI score0.0035EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/23 12:0 a.m.4 views

CVE-2025-61019

An issue in the sqlokeypartbest component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

5.9AI score0.0035EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/22 10:45 p.m.12 views

EUVD-2026-32587

Budibase: SSRF via OAuth2 token endpoint URL reaches internal hosts and cloud metadata...

8.5CVSS5.8AI score0.00174EPSS
Exploits0References2
NVD
NVD
added 2026/06/22 4:16 p.m.10 views

CVE-2026-7664

IBM Langflow OSS 1.0.0 through 1.8.4 could allow unauthenticated attackers to access protected MCP project resources and execute MCP operations due to improper authorization enforcement in the Streamable MCP transport endpoint...

9.8CVSS0.00277EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/22 2:26 p.m.3 views

Security Bulletin: DataStage on Cloud Pak for Data has several vulnerabilities due to open source software

Summary Open source packages are used as part of the overall processing in DataStage on Cloud Pak for Data. Vulnerability Details CVEID:CVE-2026-33871 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, a remote...

9.8CVSS6.7AI score0.0115EPSS
Exploits1Affected Software1
CVE
CVE
added 2026/06/22 2:10 p.m.12 views

CVE-2026-7664

Summary: IBM Langflow OSS versions 1.0.0–1.8.4 are affected by an unauthenticated access issue due to improper authorization enforcement on the Streamable MCP transport endpoint, potentially allowing access to protected MCP project resources and execution of MCP operations. Affected products/vers...

9.8CVSS5.9AI score0.00277EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/22 1:22 p.m.8 views

EUVD-2026-38245

IBM Langflow OSS 1.0.0 through 1.9.3 has an vulnerability due to an improper isolation of Python execution combined with an authentication bypass that allows an unauthenticated attacker to execute arbitrary code on the host system, resulting in complete compromise...

10CVSS6.4AI score0.00502EPSS
Exploits0References1
OSV
OSV
added 2026/06/22 5:47 a.m.4 views

BIT-NGINX-GATEWAY-2026-42530 NGINX Open-Source ngx_http_v3_module vulnerability

NGINX Open Source has a vulnerability in the ngxhttpv3module module. When NGINX Open Source is configured to use the HTTP/3 QUIC module, a remote unauthenticated attacker along with conditions beyond their control can use a specially crafted HTTP/3 session to reopen a QPACK encoder stream. This m...

9.2CVSS6.1AI score0.03225EPSS
Exploits3References2
OSV
OSV
added 2026/06/22 5:47 a.m.4 views

BIT-NGINX-2026-42530 NGINX Open-Source ngx_http_v3_module vulnerability

NGINX Open Source has a vulnerability in the ngxhttpv3module module. When NGINX Open Source is configured to use the HTTP/3 QUIC module, a remote unauthenticated attacker along with conditions beyond their control can use a specially crafted HTTP/3 session to reopen a QPACK encoder stream. This m...

9.2CVSS6.1AI score0.03225EPSS
Exploits3References2
Redos
Redos
added 2026/06/22 12:0 a.m.5 views

ROS-20260622-73-0041

The vulnerability of the ngxhttpdavmodule module in NGINX Plus and NGINX Open Source servers is related to buffer overflow in dynamic memory. Exploiting this vulnerability can allow a malicious actor to cause service failures...

8.8CVSS6.2AI score0.21621EPSS
Exploits0
Redos
Redos
added 2026/06/22 12:0 a.m.6 views

ROS-20260622-73-0042

The vulnerability of the ngxhttpmp4module in NGINX Plus and NGINX Open Source HTTP servers is related to reading beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to cause service failures or execute arbitrary code...

8.5CVSS6.3AI score0.00918EPSS
Exploits0
Redos
Redos
added 2026/06/22 12:0 a.m.6 views

ROS-20260622-73-0045

The vulnerability of the ngxmailauthhttpmodule module in NGINX Plus and NGINX Open Source is related to the use of the NULL pointer. Exploiting this vulnerability can allow a malicious actor to cause service interruptions...

8.7CVSS5.9AI score0.00921EPSS
Exploits0
OSV
OSV
added 2026/06/21 4:1 p.m.12 views

MAL-2026-6251 Malicious code in zomato-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3a1b48a397992964f8f3982dc69a33431bfb26c911c29a1e5d124581cef46a40 Dependency-confusion package targeting an internal Zomato namespace. The package ships only a stub index.js module.exports = name: 'zomato-config',...

6AI score
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/21 3:50 p.m.3 views

Security Bulletin: Unauthenticated Remote Code Execution in Langflow OSS PythonREPLComponent via Builtins Injection

Summary Langflow OSS contains unauthenticated RCE vulnerability in PythonREPLComponent "Python Interpreter". Component's getglobals builds restricted globals dict from globalimports whitelist default: "math" but never sets globals"builtins" = . CPython's exec automatically inserts full builtins...

10CVSS6.4AI score0.00502EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-48142

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpcharsetmodule module. When content is served or proxied through a location block with both...

6.3CVSS6.2AI score0.00398EPSS
Exploits0References4
OSV
OSV
added 2026/06/19 9:17 p.m.6 views

UBUNTU-CVE-2026-49346

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.1.0, a crafted H.265 bitstream with large SPS dimensions and 16-bit bit depth causes a signed integer overflow in de265imagegetbuffer libde265/image.cc:128. The overflow wraps the plane allocation size to a sma...

7.1CVSS5.9AI score0.00227EPSS
Exploits1References3
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in qtbase-opensource-src

A issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. There is an incorrect HPack integer overflow check in network/access/http2/hpacktable.cpp...

9.8CVSS7.5AI score0.00986EPSS
Exploits0References2
Rows per page
Query Builder