Lucene search
K

15095 matches found

Github Security Blog
Github Security Blog
added 2026/05/08 11:33 p.m.10 views

view_component: Preview Route Can Dispatch Inherited Helper Methods

Summary The preview route derives an example name from the URL and calls it with publicsend. The code does not verify that the requested method is one of the preview examples explicitly defined by the preview class. As a result, inherited public methods on ViewComponent::Preview are...

6.5CVSS5.9AI score0.00343EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2026/05/08 8:25 p.m.14 views

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

Overview Affected versions of this package are vulnerable to Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' via the processing of JDBC connection URL parameters. An attacker can execute arbitrary code by supplying a crafted connection URL that causes the loading...

9.2CVSS6.3AI score0.00573EPSS
Exploits0References2
NVD
NVD
added 2026/05/08 7:16 p.m.30 views

CVE-2026-8178

An issue exists in Amazon Redshift JDBC Driver versions prior to 2.2.2. Under certain conditions, the driver could load and execute arbitrary classes when processing JDBC connection URL parameters. An actor who can influence the connection URL could potentially execute code in the application...

9.2CVSS0.00573EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/08 6:36 p.m.6 views

CVE-2026-8178

An issue exists in Amazon Redshift JDBC Driver versions prior to 2.2.2. Under certain conditions, the driver could load and execute arbitrary classes when processing JDBC connection URL parameters. An actor who can influence the connection URL could potentially execute code in the application...

9.2CVSS6.1AI score0.00573EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/08 3:24 p.m.6 views

CVE-2026-41690 Prototype pollution and path traversal in i18next-http-middleware via user-controlled language and namespace parameters

18next-http-middleware is a middleware to be used with Node.js web frameworks like express or Fastify and also for Deno. Versions prior to 3.9.3 allow an unauthenticated HTTP client to pollute Object.prototype in the Node.js process hosting the middleware, via two unvalidated entry points that...

8.6CVSS5.9AI score0.0031EPSS
Exploits0References1
NVD
NVD
added 2026/05/08 2:16 p.m.10 views

CVE-2026-43337

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix NULL pointer dereference in dcn401inithw dcn401inithw assumes that updatebwboundingbox is valid when entering the update path. However, the existing condition: !fams2enable && updatebwboundingbox || freqchang...

5.5CVSS0.00112EPSS
Exploits0References3
OSV
OSV
added 2026/05/08 2:16 p.m.8 views

UBUNTU-CVE-2026-43337

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix NULL pointer dereference in dcn401inithw dcn401inithw assumes that updatebwboundingbox is valid when entering the update path. However, the existing condition: !fams2enable && updatebwboundingbox || freqchang...

5.5CVSS5.7AI score0.00112EPSS
Exploits0References6
CVE
CVE
added 2026/05/08 1:31 p.m.21 views

CVE-2026-43337

CVE-2026-43337 concerns the Linux kernel DRM/AMD display path, where a NULL pointer dereference can occur in dcn401_init_hw() when calling update_bw_bounding_box() without validating the callback pointer. The existing condition ((!fams2_enable && update_bw_bounding_box) || freq_changed) can evalu...

5.5CVSS5.7AI score0.00112EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/05/08 1:31 p.m.34 views

CVE-2026-43337 drm/amd/display: Fix NULL pointer dereference in dcn401_init_hw()

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix NULL pointer dereference in dcn401inithw dcn401inithw assumes that updatebwboundingbox is valid when entering the update path. However, the existing condition: !fams2enable && updatebwboundingbox || freqchang...

0.00112EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/08 1:31 p.m.7 views

CVE-2026-43337

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix NULL pointer dereference in dcn401inithw dcn401inithw assumes that updatebwboundingbox is valid when entering the update path. However, the existing condition: !fams2enable && updatebwboundingbox || freqchang...

5.5CVSS5.7AI score0.00112EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.13 views

PT-2026-38988

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix NULL pointer dereference in dcn401 init hw dcn401 init hw assumes that update bw bounding box is valid when entering the update path. However, the existing condition: !fams2 enable && update bw bounding box |...

5.7AI score0.00112EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.6 views

Laravel Nova 5 Toggle Field 授权问题漏洞

Laravel Nova 5 Toggle Field is a tool developed by Almir Hodzic for quickly toggling boolean values in Laravel Nova 5. Versions of Laravel Nova 5 Toggle Field prior to 1.3.0 had an authorization vulnerability. This vulnerability stemmed from the fact that the endpoint was only protected by web an...

6.5CVSS5.9AI score0.00201EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.14 views

Magnitude Simba Amazon Redshift JDBC Driver 安全漏洞

The Magnitude Simba Amazon Redshift JDBC Driver is a JDBC driver provided by the American company Magnitude. It enables database connection through the standard JDBC Application Programming Interface API available in the Java Platform Enterprise Edition. Versions of the Magnitude Simba Amazon...

9.2CVSS6.1AI score0.00573EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.10 views

SEPPmail Secure Email Gateway 安全漏洞

SEPPmail Secure Email Gateway is an email security gateway developed by the German company SEPPmail. Versions of SEPPmail Secure Email Gateway prior to version 15.0.2.1 contained security vulnerabilities. These vulnerabilities stemmed from the use of the eval function in the new GINA UI, allowing...

9.3CVSS6.3AI score0.00847EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.13 views

PT-2026-39302

Name of the Vulnerable Software and Affected Versions view component versions 3.0.0 through 4.8.x Description The preview route derives an example name from the URL and invokes it using public send without verifying if the requested method is an explicitly defined preview example. This allows...

6.5CVSS5.8AI score0.00343EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.8 views

Mapserver 安全漏洞

Mapserver is an open-source platform developed by the Open Geospatial Foundation, designed for publishing spatial data and interactive map applications to the web. Vulnerabilities existed in MapServer versions from 6.0 to 8.6.2. These vulnerabilities stemmed from the combination of the...

6.1CVSS5.7AI score0.00247EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/05/08 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-39825

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses...

5.3CVSS5.9AI score0.0039EPSS
Exploits0References4
NVD
NVD
added 2026/05/07 8:16 p.m.19 views

CVE-2026-39825

ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery...

5.3CVSS0.0039EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/05/07 8:16 p.m.8 views

CVE-2026-39825

ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery...

5.3CVSS5.8AI score0.0039EPSS
Exploits0References7
OSV
OSV
added 2026/05/07 8:16 p.m.4 views

UBUNTU-CVE-2026-39825

ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery...

5.3CVSS5.8AI score0.0039EPSS
Exploits0References8
Rows per page
Query Builder