Lucene search
K

1214 matches found

RedHat Linux
RedHat Linux
added 2026/07/01 5:32 p.m.5 views

foreman: Foreman: Information disclosure via improper validation of nested request parameters

A flaw was found in Foreman. An authenticated user with host-edit permissions could exploit a cross-tenant information disclosure vulnerability. This flaw occurs because the taxonomyscope controller method does not properly validate organization and location IDs from nested request parameters,...

4.3CVSS5.7AI score0.00231EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/30 2:42 p.m.5 views

mariadb: Arbitrary code execution via improper parameter validation during SST

A flaw was found in MariaDB server. During the State Snapshot Transfer SST process, a malicious joiner node could exploit improper parameter validation on the donor node. This vulnerability, specifically within the rsync SST method, allows the malicious joiner to execute arbitrary shell commands ...

9.1CVSS6.1AI score0.00654EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/30 1:11 p.m.4 views

mariadb: Arbitrary code execution via improper parameter validation during SST

A flaw was found in MariaDB server. During the State Snapshot Transfer SST process, a malicious joiner node could exploit improper parameter validation on the donor node. This vulnerability, specifically within the rsync SST method, allows the malicious joiner to execute arbitrary shell commands ...

9.1CVSS6.1AI score0.00654EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/30 1:11 p.m.5 views

mariadb: Arbitrary Code Execution via improper parameter validation during State Snapshot Transfer

A flaw was found in MariaDB. During a State Snapshot Transfer SST, the donor node improperly validates parameters sent by a joiner node. This vulnerability allows a malicious joiner to execute arbitrary shell commands on the donor server through the mariabackup SST method. This could lead to a...

8CVSS6.1AI score0.00567EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/30 11:22 a.m.7 views

mariadb: Arbitrary code execution via improper parameter validation during SST

A flaw was found in MariaDB server. During the State Snapshot Transfer SST process, a malicious joiner node could exploit improper parameter validation on the donor node. This vulnerability, specifically within the rsync SST method, allows the malicious joiner to execute arbitrary shell commands ...

9.1CVSS6.1AI score0.00654EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/30 7:8 a.m.14 views

mariadb: Arbitrary code execution via improper parameter validation during SST

A flaw was found in MariaDB server. During the State Snapshot Transfer SST process, a malicious joiner node could exploit improper parameter validation on the donor node. This vulnerability, specifically within the rsync SST method, allows the malicious joiner to execute arbitrary shell commands ...

9.1CVSS6.1AI score0.00654EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/29 10:57 p.m.3 views

mariadb: Arbitrary code execution via improper parameter validation during SST

A flaw was found in MariaDB server. During the State Snapshot Transfer SST process, a malicious joiner node could exploit improper parameter validation on the donor node. This vulnerability, specifically within the rsync SST method, allows the malicious joiner to execute arbitrary shell commands ...

9.1CVSS6.1AI score0.00654EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/29 10:57 p.m.3 views

mariadb: Arbitrary Code Execution via improper parameter validation during State Snapshot Transfer

A flaw was found in MariaDB. During a State Snapshot Transfer SST, the donor node improperly validates parameters sent by a joiner node. This vulnerability allows a malicious joiner to execute arbitrary shell commands on the donor server through the mariabackup SST method. This could lead to a...

8CVSS6.1AI score0.00567EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/06/28 1:8 a.m.6 views

SUSE CVE-2026-53304

In the Linux kernel, the following vulnerability has been resolved: scsi: sg: Resolve soft lockup issue when opening /dev/sgX The parameter defreservedsize defines the default buffer size reserved for each Sgfd and should be restricted to a range between 0 and 1,048,576 see...

5.9AI score0.00101EPSS
Exploits0References3
NVD
NVD
added 2026/06/26 8:17 p.m.7 views

CVE-2026-53304

In the Linux kernel, the following vulnerability has been resolved: scsi: sg: Resolve soft lockup issue when opening /dev/sgX The parameter defreservedsize defines the default buffer size reserved for each Sgfd and should be restricted to a range between 0 and 1,048,576 see...

5.5CVSS0.00101EPSS
Exploits0References8
OSV
OSV
added 2026/06/26 8:17 p.m.4 views

UBUNTU-CVE-2026-53304

In the Linux kernel, the following vulnerability has been resolved: scsi: sg: Resolve soft lockup issue when opening /dev/sgX The parameter defreservedsize defines the default buffer size reserved for each Sgfd and should be restricted to a range between 0 and 1,048,576 see...

5.5CVSS5.8AI score0.00101EPSS
Exploits0References11
Veracode
Veracode
added 2026/06/18 7:54 a.m.61 views

NoSQL Injection

Spring Data MongoDB is vulnerable to NoSQL Injection. The vulnerability is due to insufficient validation of parameters bound to regular expressions in @Query-annotated repository methods, where attacker-controlled input can break out of the intended regex quoting e.g., ^\Q?0\E$ and manipulate...

5.9CVSS5.3AI score0.00262EPSS
Exploits0References2Affected Software1
Packet Storm News
Packet Storm News
added 2026/06/10 12:0 a.m.10 views

ACPM Transfer Validation and Stress Testing Proof of Concept

This C program is a controlled stress-testing proof of concept designed to evaluate robustness, parameter validation, and stability of the acpmdoxfer interface under repeated high-volume calls and intentionally oversized transfer descriptors...

5.5AI score
Exploits0
Snyk
Snyk
added 2026/06/09 6:36 p.m.11 views

Collapse of Data into Unsafe Value

Overview Affected versions of this package are vulnerable to Collapse of Data into Unsafe Value incomplete validation of raw string arguments in certain IMAP command parameters such as criteria, searchkeys and attr. An attacker can cause commands to hang or trigger timeouts by supplying specially...

5.9CVSS5.9AI score0.00239EPSS
Exploits0References3
NVD
NVD
added 2026/06/09 1:16 a.m.11 views

CVE-2026-44755

SAP Business Objects Business Intelligence Platform does not sufficiently validate email sending parameters supplied by authenticated users, resulting in an email spoofing vulnerability.This vulnerability has a low impact on integrity and does not affect the confidentiality and availability of th...

4.3CVSS0.00109EPSS
Exploits0References2
CVE
CVE
added 2026/06/09 12:21 a.m.32 views

CVE-2026-44755

CVE-2026-44755 affects SAP Business Objects Business Intelligence Platform. The issue arises from insufficient validation of email sending parameters by authenticated users, enabling email spoofing. Impact is described as low for integrity and no impact on confidentiality or availability (CVSS v3...

4.3CVSS5.5AI score0.00109EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/09 12:21 a.m.9 views

CVE-2026-44755 Email Spoofing vulnerability in SAP Business Objects Business Intelligence Platform

SAP Business Objects Business Intelligence Platform does not sufficiently validate email sending parameters supplied by authenticated users, resulting in an email spoofing vulnerability.This vulnerability has a low impact on integrity and does not affect the confidentiality and availability of th...

4.3CVSS5.5AI score0.00109EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.22 views

SAP Business Objects Business Intelligence Platform 访问控制错误漏洞

SAP Business Objects Business Intelligence Platform is a set of business intelligence software and enterprise performance solutions provided by the German company SAP. This product includes features such as report generation, analysis, and data visualization. There is an access control...

4.3CVSS5.4AI score0.00109EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.26 views

PT-2026-48312

Name of the Vulnerable Software and Affected Versions Spring Data MongoDB versions 5.0.0 through 5.0.5 Spring Data MongoDB versions 4.5.0 through 4.5.11 Spring Data MongoDB versions 4.4.0 through 4.4.14 Spring Data MongoDB versions 4.3.0 through 4.3.16 Spring Data MongoDB versions 4.2.0 through...

5.9CVSS5.8AI score0.00262EPSS
Exploits0References3
Amazon
Amazon
added 2026/06/08 12:0 a.m.17 views

Important: docker

Issue Overview: The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated client...

10CVSS5.6AI score0.00533EPSS
Exploits0
Rows per page
Query Builder