Lucene search
K

11082 matches found

CNNVD
CNNVD
added 2026/05/14 12:0 a.m.10 views

Valtimo 日志信息泄露漏洞

Valtimo is an open-source low-code platform for business process automation developed by Valtimo in the Netherlands. Versions 12.4.0 to 12.33.0 and 13.26.0 of Valtimo have a vulnerability related to log information leakage. This vulnerability stems from the LoggingRestClientCustomizer automatical...

7.6CVSS5.8AI score0.002EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.8 views

PoDoFo 资源管理错误漏洞

PoDoFo is a free, portable C++ library open sourced by PoDoFo. Versions of PoDoFo from 1.0.0 to 1.0.4 had a resource management bug. This bug stemmed from a double release in the computehashtosign function. When the EVPDigestFinal function failed after the buf had already been released, the error...

2.5CVSS5.8AI score0.00096EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/14 12:0 a.m.6 views

CVE-2026-46419

Yubico webauthn-server-core aka java-webauthn-server 2.8.0 before 2.8.2 incorrectly checks a function's return value in the second factor flow, leading to impersonation...

7.5CVSS5.8AI score0.00308EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/13 9:32 p.m.12 views

CVE-2026-44369 CVAT: Stored XSS via annotation guides

CVAT is an open source interactive video and image annotation tool for computer vision. From 2.5.0 to 2.63.0, an attacker who is able to create or edit an annotation guide on a task is able to add malicious JavaScript code, which will then run in the browser of anyone who opens this annotation...

8.5CVSS6AI score0.00266EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/05/13 8:2 p.m.8 views

@beardeddudes/strapi-types (>=0.1.0 <=0.1.1), @bimbeo160/admin (=4.12.2) +70 more potentially affected by CVE-2026-22599 via @strapi/plugin-content-type-builder (>=4.0.0 <=4.26.0)

@strapi/plugin-content-type-builder NPM version =4.0.0, =0.1.0, =4.12.2, =0.0.1, =1.0.9, =1.3.2, =4.1.12, =0.2.0, =1.0.0-alpha.2, =1.1.0, =1.4.0-rc.0 - @mtcndyl/strapi-plugin-firebase-auth =1.0.3 and more Source cves: CVE-2026-22599 Source advisory: OSV:GHSA-3XCQ-8MJW-H6MX...

9.3CVSS5.8AI score0.01178EPSS
Exploits0
EUVD
EUVD
added 2026/05/13 6:30 p.m.14 views

EUVD-2025-209824

NXP moal.ko Wi-Fi driver 5.1.7.10 FW version from v17.92.1.p149.43 To v17.92.1.p149.157 was discovered to contain a buffer overflow via the modpara parameter in the woalinitmoduleparam function...

6AI score0.00183EPSS
Exploits1References3
vulnersOsv
vulnersOsv
added 2026/05/13 4:16 p.m.8 views

360solutions-bc-mcp (=0.5.3), advanced-yaml (>=0.3.4 <=0.4.3) +295 more potentially affected by CVE-2026-44432 via urllib3 (>=2.6.0 <=2.6.3)

urllib3 PYPI version =2.6.0, =0.3.4, =0.1.0, =0.5.0, =0.24.2, =0.5.0, =1.0.5, =26.1.0, =26.5.0b1, =0.45.0, =0.2.6, =0.5.1, =1.6.6.8 and more Source cves: CVE-2026-44432 Source advisory: OSV:PYSEC-2026-142...

8.9CVSS6AI score0.0068EPSS
Exploits0
NVD
NVD
added 2026/05/13 4:16 p.m.19 views

CVE-2026-43486

In the Linux kernel, the following vulnerability has been resolved: arm64: contpte: fix setaccessflags no-op check for SMMU/ATS faults contpteptepsetaccessflags compared the gathered ptepget value against the requested entry to detect no-ops. ptepget ORs AF/dirty from all sub-PTEs in the CONT...

5.5CVSS0.00114EPSS
Exploits0References4
NVD
NVD
added 2026/05/13 4:16 p.m.11 views

CVE-2025-29338

NXP moal.ko Wi-Fi driver 5.1.7.10 FW version from v17.92.1.p149.43 To v17.92.1.p149.157 was discovered to contain a buffer overflow via the modpara parameter in the woalinitmoduleparam function...

5.6CVSS0.00183EPSS
Exploits1References2
OSV
OSV
added 2026/05/13 3:33 p.m.5 views

GHSA-V25J-WQCW-FVHJ wger has an Uncontrolled Resource Consumption issue

Summary Any authenticated user can create a routine spanning an arbitrarily long date range e.g. 100 years and then trigger the datesequence computation via any of the routine detail endpoints. The server iterates once per day in an unbounded while loop with no maximum duration validation, causin...

6.5CVSS5.8AI score
Exploits0References3
vulnersOsv
vulnersOsv
added 2026/05/13 3:30 p.m.8 views

nautobot-app-intent-networking (>=2.0.9 <=2.0.11), nautobot-bgp-models (>=3.0.0a1 <=3.0.0a2) +13 more potentially affected by CVE-2026-44797 via nautobot (>=3.0.0rc2 <=3.1.1)

nautobot PYPI version =3.0.0rc2, =2.0.9, =3.0.0a1, =3.0.0rc1, =4.0.0a1, =3.0.0a1, =4.0.0a1, =4.0.0a2 - nautobot-ssot =4.0.0a1 - nautobot-welcome-wizard =3.0.0a1 Source cves: CVE-2026-44797 Source advisory: OSV:GHSA-C35Q-VXRP-PH26...

8.5CVSS5.8AI score0.00235EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/13 3:30 p.m.8 views

nautobot-app-intent-networking (>=2.0.9 <=2.0.11), nautobot-bgp-models (>=3.0.0a1 <=3.0.0a2) +13 more potentially affected by CVE-2026-44796 via nautobot (>=3.0.0rc2 <=3.1.1)

nautobot PYPI version =3.0.0rc2, =2.0.9, =3.0.0a1, =3.0.0rc1, =4.0.0a1, =3.0.0a1, =4.0.0a1, =4.0.0a2 - nautobot-ssot =4.0.0a1 - nautobot-welcome-wizard =3.0.0a1 Source cves: CVE-2026-44796 Source advisory: OSV:GHSA-QRPW-GJVH-X5GM...

6.5CVSS5.8AI score0.00312EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/13 3:29 p.m.7 views

a-data-processing (=0.0.1), a-mailx (=0.1.0) +1490 more potentially affected by CVE-2026-45134 via langsmith (>=0.0.10 <=0.7.38)

langsmith PYPI version =0.0.10, =0.1.0, =0.1.3, =0.1.0b0, =4.8.2, =0.1.3, =0.1.0, =0.1.0, =0.1.1, =2.1.7, =2.1.8 - agent-builder =0.0.1 and more Source cves: CVE-2026-45134 Source advisory: SNYK:PYTHON-LANGSMITH-16658748...

7.1CVSS5.7AI score0.00199EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/13 3:29 p.m.9 views

@abtnode/core (>=1.0.15 <=1.1.9), @agentuity/evals (>=0.0.104 <=2.0.26) +718 more potentially affected by CVE-2026-44724 via systeminformation (>=4.1.5 <=5.31.5)

systeminformation NPM version =4.1.5, =1.0.15, =0.0.104, =3.0.0-alpha.0, =0.0.6, =0.0.63, =0.0.2, =3.0.0-alpha.0, =0.1.1, =0.1.1, =4.1.0, =4.0.0-devnet.2-patch.0, =0.0.1-2.1-beta-provision, =3.0.0-next.12, =1.0.0, =2.0.0 and more Source cves: CVE-2026-44724 Source advisory:...

7.8CVSS5.7AI score0.0062EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/05/13 3:8 p.m.8 views

CVE-2026-42266

JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. From 4.0.0 to 4.5.6, the allow-list of extensions that can be installed from PyPI Extension Manager allowedextensionsuris is not correctly enforced by JupyterLab. The Py...

8.8CVSS5.8AI score0.0053EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/05/13 3:8 p.m.11 views

CVE-2026-42266

JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. From 4.0.0 to 4.5.6, the allow-list of extensions that can be installed from PyPI Extension Manager allowedextensionsuris is not correctly enforced by JupyterLab. The Py...

8.8CVSS5.8AI score0.0053EPSS
Exploits0
Nginx
Nginx
added 2026/05/13 2:12 p.m.19 views

resolver use-after-free in OCSP

resolver use-after-free in OCSP Severity: medium CVE-2026-40701 Not vulnerable: 1.31.0+, 1.30.1+ Vulnerable: 1.19.0-1.30.0...

6.3CVSS5.8AI score0.00677EPSS
Exploits0References1Affected Software1
SUSE CVE
SUSE CVE
added 2026/05/13 3:34 a.m.10 views

SUSE CVE-2026-43404

In the Linux kernel, the following vulnerability has been resolved: mm: Fix a hmmrangefault livelock / starvation problem If hmmrangefault fails a foliotrylock in doswappage, trying to acquire the lock of a device-private folio for migration, to ram, the function will spin until it succeeds...

5.8AI score0.00093EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/13 3:34 a.m.8 views

SUSE CVE-2026-43435

In the Linux kernel, the following vulnerability has been resolved: rustbinder: fix oneway spam detection The spam detection logic in TreeRange was executed before the current request was inserted into the tree. So the new request was not being factored in the spam calculation. Fix this by moving...

5.7AI score0.00121EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.8 views

Bandit 安全漏洞

Bandit is a high-performance HTTP and WebSocket server developed by Mat Trudel. Versions of Bandit from 1.6.1 to 1.11.1 contained security vulnerabilities. These vulnerabilities were caused by infinite loops, which could allow unauthenticated remote attackers to exploit the system through...

8.7CVSS5.8AI score0.00637EPSS
Exploits1References2
Rows per page
Query Builder