Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Positive Technologies
Positive Technologiesadded yesterday5 views

PT-2026-48325

Spring Data REST is vulnerable to SpEL expression injection through map-typed properties when processing JSON Patch application/json-patch+json requests. When a persistent entity exposes a Map-typed property, the JSON Pointer path segment used as the map key is embedded directly into a SpEL...

8.1CVSS5.5AI score
Exploits0References2
SUSE CVE
SUSE CVEadded 2023/02/15 4:20 a.m.1 views

SUSE CVE-2018-1000156

GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITORPROGRAM invocation using ed can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's...

7.8CVSS8AI score0.36762EPSS
Exploits0References9
RedHat Linux
RedHat Linuxadded 2018/06/27 7:19 p.m.0 views

patch: Malicious patch files cause ed to execute arbitrary commands

GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITORPROGRAM invocation using ed can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's...

9.3CVSS7.2AI score0.36762EPSS
Exploits0References4
RedHat Linux
RedHat Linuxadded 2018/06/27 7:2 p.m.2 views

patch: Malicious patch files cause ed to execute arbitrary commands

GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITORPROGRAM invocation using ed can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's...

9.3CVSS7.2AI score0.36762EPSS
Exploits0References4
RedHat Linux
RedHat Linuxadded 2018/06/27 7:2 p.m.3 views

patch: Malicious patch files cause ed to execute arbitrary commands

GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITORPROGRAM invocation using ed can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's...

9.3CVSS7.2AI score0.36762EPSS
Exploits0References4
OSV
OSVadded 2018/04/06 1:29 p.m.2 views

AZL-6785 CVE-2018-1000156 affecting package patch for versions less than 2.7.6-7

GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITORPROGRAM invocation using ed can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's...

7.8CVSS7.2AI score0.36762EPSS
Exploits0References1
OSV
OSVadded 2018/04/06 1:29 p.m.1 views

ALPINE-CVE-2018-1000156

GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITORPROGRAM invocation using ed can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's...

7.8CVSS7.5AI score0.36762EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2018/02/14 7:19 a.m.27 views

CVE-2018-6951

A NULL pointer dereference flaw was found in the way patch processed patch files. An attacker could potentially use this flaw to crash patch by tricking it into processing crafted patches...

7.5CVSS2.5AI score0.46115EPSS
Exploits0References1
Rows per page
Query Builder