Lucene search
K

71 matches found

OSV
OSV
added 2026/03/26 6:37 p.m.2 views

GHSA-CPJ3-3R2F-XJ59 OpenBao has Reflected XSS in its OIDC authentication error message

Impact OpenBao installations that have an OIDC/JWT authentication method enabled and a role with callbackmode=direct configured are vulnerable to XSS via the errordescription parameter on the page for a failed authentication. This allows an attacker access to the token used in the Web UI by a...

9.4CVSS5.8AI score0.00287EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/03/26 6:32 p.m.5 views

OpenBao lacks user confirmation for OIDC direct callback mode

Impact OpenBao does not prompt for user confirmation when logging in via JWT/OIDC and a role with callbackmode set to direct. This allows an attacker to start an authentication request and perform "remote phishing" by having the victim visit the URL and automatically log-in to the session of the...

9.6CVSS5.9AI score0.00411EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/26 3:2 p.m.4 views

CVE-2026-32299

Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an improper authorization issue in the page content retrieval feature may allow retrieval of non-public information. Versions 1.41.1 and...

7.5CVSS5.8AI score0.00268EPSS
Exploits0References1
OSV
OSV
added 2026/03/24 4:10 a.m.4 views

SUSE-SU-2026:20829-1 Security update for the Linux Kernel RT (Live Patch 2 for SUSE Linux Enterprise 16)

This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.7.1 fixes various security issues The following security issues were fixed: - CVE-2025-40214: afunix: Initialise sccindex in unixaddedge bsc1255052. - CVE-2025-40258: mptcp: fix race condition in mptcpschedulework bsc1255053. -...

5.5CVSS5.9AI score0.00183EPSS
Exploits0References17
Cvelist
Cvelist
added 2026/03/23 7:15 p.m.25 views

CVE-2026-33548 MantisBT has Stored HTML Injection / XSS when displaying Tags in Timeline

Mantis Bug Tracker MantisBT is an open source issue tracker. In version 2.28.0, improper escaping of tag names retrieved from History in Timeline myviewpage.php allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript, when displaying a tag that has...

8.6CVSS0.00196EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/19 7:4 p.m.13 views

league/commonmark has an embed extension allowed_domains bypass

Impact The DomainFilteringAdapter in the Embed extension is vulnerable to an allowlist bypass due to a missing hostname boundary assertion in the domain-matching regex. An attacker-controlled domain like youtube.com.evil passes the allowlist check when youtube.com is an allowed domain. This enabl...

6.3CVSS5.8AI score0.00241EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/18 3:14 a.m.9 views

CVE-2026-32254

Kube-router is a turnkey solution for Kubernetes networking. Prior to version 2.8.0, Kube-router's proxy module does not validate externalIPs or loadBalancer IPs before programming them into the node's network configuration. Version 2.8.0 contains a patch for the issue. Available workarounds...

7.1CVSS5.8AI score0.00297EPSS
Exploits1References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/20 7:39 p.m.7 views

CVE-2026-26202

Penpot is an open-source design tool for design and code collaboration. Prior to version 2.13.2, an authenticated user can read arbitrary files from the server by supplying a local file path e.g. /etc/passwd as a font data chunk in the create-font-variant RPC endpoint, resulting in the file...

7.5CVSS5.8AI score0.00437EPSS
Exploits1References1
OSV
OSV
added 2026/02/13 6:4 a.m.2 views

SUSE-SU-2026:0489-1 Security update for the Linux Kernel RT (Live Patch 2 for SUSE Linux Enterprise 15 SP7)

This update for the SUSE Linux Enterprise kernel 6.4.0-150700.7.8 fixes various security issues The following security issues were fixed: - CVE-2025-38352: posix-cpu-timers: fix race between handleposixcputimers and posixcputimerdel bsc1249205. - CVE-2025-39742: RDMA: hfi1: fix possible...

7.4CVSS5.8AI score0.01345EPSS
Exploits8References11
OSV
OSV
added 2026/02/03 12:0 a.m.3 views

OPENSUSE-SU-2026:10140-1 patch-2.8-2.1 on GA media

These are all security issues fixed in the patch-2.8-2.1 package on the GA media of openSUSE Tumbleweed...

5.5CVSS5.8AI score0.00705EPSS
Exploits1References1
NVD
NVD
added 2026/01/28 5:16 p.m.7 views

CVE-2025-13918

Symantec Endpoint Protection, prior to 14.3 RU10 Patch 1, RU9 Patch 2, and RU8 Patch 3, may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are...

6.7CVSS0.00147EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/01/27 5:1 a.m.7 views

Astra Linux – Vulnerability in binutils

A vulnerability has been discovered in GNU Binutils 2.45. The affected element is the function elfswapshdr in the bfd/elfcode.h library of the Linker component. Manipulation of this function leads to a heap-based buffer overflow. This attack must be carried out locally. The exploit has been...

7.8CVSS6AI score0.00235EPSS
Exploits1References3
OSV
OSV
added 2026/01/26 9:12 a.m.1 views

SUSE-SU-2026:20165-1 Security update for the Linux Kernel RT (Live Patch 2 for SUSE Linux Enterprise 16)

This update for the SUSE Linux Enterprise kernel 6.12.0-160000.7.1 fixes one security issue The following security issue was fixed: - CVE-2025-40212: nfsd: fix refcount leak in nfsdsetfhdentry bsc1254196...

5.8AI score0.00161EPSS
Exploits0References3
OSV
OSV
added 2026/01/23 4:43 p.m.2 views

SUSE-SU-2026:20148-1 Security update for the Linux Kernel (Live Patch 2 for SUSE Linux Enterprise 16)

This update for the SUSE Linux Enterprise kernel 6.12.0-160000.7.1 fixes one security issue The following security issue was fixed: - CVE-2025-40212: nfsd: fix refcount leak in nfsdsetfhdentry bsc1254196...

5.8AI score0.00161EPSS
Exploits0References3
OSV
OSV
added 2026/01/23 4:43 p.m.3 views

SUSE-SU-2026:20163-1 Security update for the Linux Kernel (Live Patch 2 for SUSE Linux Enterprise 16)

This update for the SUSE Linux Enterprise kernel 6.12.0-160000.7.1 fixes one security issue The following security issue was fixed: - CVE-2025-40212: nfsd: fix refcount leak in nfsdsetfhdentry bsc1254196...

5.8AI score0.00161EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/01/13 12:53 a.m.6 views

SUSE CVE-2025-15506

A vulnerability was found in AcademySoftwareFoundation OpenColorIO up to 2.5.0. This issue affects the function ConvertToRegularExpression of the file src/OpenColorIO/FileRules.cpp. Performing a manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has...

4.8CVSS6.5AI score0.00165EPSS
Exploits0References3
CVE
CVE
added 2026/01/06 7:7 p.m.16 views

CVE-2026-21491

CVE-2026-21491 affects iccDEV libraries prior to version 2.3.1.2. The vulnerability is a Unicode buffer overflow in CIccTagTextDescription when processing ICC color profiles. Version 2.3.1.2 contains a patch; no workarounds are noted in the provided documents. Remediate by upgrading to 2.3.1.2 or...

7.1CVSS6.9AI score0.00185EPSS
Exploits1References4Affected Software1
RedHat Linux
RedHat Linux
added 2025/12/18 1:20 p.m.7 views

binutils: GNU Binutils Linker heap-based overflow

A head based buffer overflow flaw has been discovered in GNU bin utilities. The affected element is the function elfswapshdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally...

7.8CVSS6.4AI score0.00235EPSS
Exploits1References12
RedHat Linux
RedHat Linux
added 2025/12/18 10:12 a.m.4 views

binutils: GNU Binutils Linker heap-based overflow

A head based buffer overflow flaw has been discovered in GNU bin utilities. Impacted is the function bfdelfparseehframe of the file bfd/elf-eh-frame.c of the component Linker. Executing manipulation can lead to heap-based buffer overflow. The attack is restricted to local execution...

7.8CVSS6.6AI score0.00234EPSS
Exploits1References12
OSV
OSV
added 2025/12/05 6:19 p.m.2 views

GHSA-4QG8-FJ49-PXJH Sigstore Timestamp Authority allocates excessive memory during request parsing

Impact Excessive memory allocation Function api.ParseJSONRequest currently splits via a call to strings.Split an optionally-provided OID which is untrusted data on periods. Similarly, function api.getContentType splits the Content-Type header which is also untrusted data on an application string...

7.5CVSS6.8AI score0.00411EPSS
Exploits0References4
Rows per page
Query Builder