Lucene search
K

11084 matches found

vulnersOsv
vulnersOsv
added 2026/05/12 3:0 p.m.9 views

@0xchain/telemetry (>=1.1.0-beta.8 <=1.1.0-beta.18), @20206205tech/nestjs-common (>=0.8.0 <=0.11.3) +958 more potentially affected by CVE-2026-44288 via protobufjs (>=8.0.0 <=8.0.1)

protobufjs NPM version =8.0.0, =1.1.0-beta.8, =0.8.0, =1.0.0, =1.1.4, =0.3.1, =0.3.1, =0.7.1, =0.7.0, =0.8.0 and more Source cves: CVE-2026-44288 Source advisory: SNYK:JS-PROTOBUFJS-16643234...

5.3CVSS5.7AI score0.00301EPSS
Exploits0
Cvelist
Cvelist
added 2026/05/12 2:18 p.m.31 views

CVE-2026-32687 SQL injection via channel name in Postgrex.Notifications.listen/3 and unlisten/3

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in elixir-ecto postgrex 'Elixir.Postgrex.Notifications' module allows SQL Injection. The channel argument passed to 'Elixir.Postgrex.Notifications':listen/3 and...

7.5CVSS0.00198EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2026/05/12 12:32 p.m.7 views

ai.new-wave:spring-agent-app (>=0.1.0 <=0.3.0), ai.new-wave:spring-agent-core (>=0.1.0 <=0.3.0) +372 more potentially affected by CVE-2026-41712 via org.springframework.ai:spring-ai-model (>=2.0.0-M1 <=2.0.0-M5)

org.springframework.ai:spring-ai-model MAVEN version =2.0.0-M1, =0.1.0, =0.1.0, =1.21.9, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.2 and more Source cves: CVE-2026-41712 Source advisory: OSV:GHSA-Q62F-H9X2-GCQC...

7.5CVSS5.7AI score0.0026EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/12 11:24 a.m.4 views

@aaa-backend-stack/graphql-rest-bindings (>=1.16.0 <=1.16.9), @aaa-backend-stack/image-service (>=1.16.0 <=1.16.9) +590 more potentially affected by CVE-2026-8162 via multiparty (>=4.0.0 <=4.2.3)

multiparty NPM version =4.0.0, =1.16.0, =1.16.0, =1.16.0, =0.1.155, =1.0.0, =1.1.0, =0.0.1, =0.0.1, =0.1.0, =0.58.14, =0.1.0, =1.0.0, =2.101.2 and more Source cves: CVE-2026-8162 Source advisory: SNYK:JS-MULTIPARTY-16787378...

7.5CVSS5.7AI score0.00279EPSS
Exploits0
OSV
OSV
added 2026/05/12 8:56 a.m.7 views

BIT-PHP-MIN-2026-7259 Null pointer dereference in php_mb_check_encoding() via mb_ereg_search_init()

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, a mismatch between encoding lists in Oniguruma and mbfl leads to a NULL pointer dereference, resulting in a segmentation fault and denial of service. The vulnerability is exploitable when...

6.5CVSS5.8AI score0.00202EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

NanaZip 安全漏洞

NanaZip is a compression software open source by the M2-Team. Versions of NanaZip from 5.0.1252.0 to 6.0.1698.0 contained security vulnerabilities. These vulnerabilities stemmed from the recursive, depth-unlimited behavior of the nlohmann::json::parse and GetAllPaths functions in the Electron...

5.5CVSS5.8AI score0.00111EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.15 views

PT-2026-40050

Cross-Site Request Forgery vulnerability allows an attacker to perform unauthorized actions via crafted web page. This issue affects Pandora FMS: from 777 through 800...

7.1CVSS5.8AI score0.00144EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.8 views

Modsecurity 数字错误漏洞

Modsecurity is an open-source web traffic security processing library developed by OWASP ModSecurity. Versions of Modsecurity from 3.0.0 to 3.0.15 contained a numerical error vulnerability. This vulnerability stemmed from an unsigned integer underflow, which led to unhandled exceptions and could...

8.2CVSS5.8AI score0.00396EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.10 views

granian 输入验证错误漏洞

Granian is a high-performance Python HTTP server developed by Emmett under open source principles, using Rust as the programming language. Versions 1.2.0 to 2.7.4 of Granian contain a vulnerability related to input validation. This vulnerability arises when an unvalidated client sends a WebSocket...

7.5CVSS5.8AI score0.00324EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

Apache Tomcat 安全漏洞

Apache Tomcat is a lightweight web application server developed by the Apache Foundation in the United States. It supports Servlet and JavaServer Page JSP technologies. Security vulnerabilities exist in versions of Apache Tomcat ranging from 11.0.0-M1 to 11.0.21, from 10.1.0-M1 to 10.1.54, from...

9.8CVSS5.8AI score0.01233EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.14 views

Hugo 路径遍历漏洞

Hugo is a framework based on the Go language used by the Gohugoio community for quickly generating static websites. Versions of Hugo from 0.43 to 0.161.0 had a path traversal vulnerability. This vulnerability occurred due to the lack of restrictions on file system access when calling Node tools,...

8.6CVSS5.9AI score0.00274EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.8 views

Apache Tomcat 输入验证错误漏洞

Apache Tomcat is a lightweight web application server developed by the Apache Foundation in the United States. It supports Servlet and JavaServer Page JSP technologies. Vulnerabilities exist in versions of Apache Tomcat from 11.0.0-M1 to 11.0.21, 10.1.0-M1 to 10.1.54, 9.0.0.M1 to 9.0.117, and...

9.8CVSS5.8AI score0.01339EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.11 views

PT-2026-40308

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, when SoapServer is configured with SOAP PERSISTENCE SESSION, the handler object is persisted across requests via session storage. However, in the case SOAP requests results in an error, the...

9.8CVSS5.8AI score0.00302EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/11 9:31 p.m.16 views

cowlib cow_http_te module: Uncontrolled Resource Consumption vulnerability allows Excessive Allocation

Uncontrolled Resource Consumption vulnerability in ninenines cowlib cowhttpte module allows Excessive Allocation. The chunked transfer-encoding parser in cowhttpte accepts an unbounded number of hex digits in the chunk-size field. Each digit causes a bignum multiplication Len 16 + digit, so parsi...

8.7CVSS5.8AI score0.00431EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2026/05/11 9:5 p.m.31 views

CVE-2026-43887 Outline: Stored XSS via Comment Mentions

Outline is a service that allows for collaborative documentation. From 0.84.0 to 1.6.1, the Outline comment section permits users to mention other users; however, the backend does not validate or sanitize the href attribute associated with these mentions. As a result, potentially dangerous...

7.3CVSS0.00245EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/05/11 9:0 p.m.9 views

@tanstack/vue-start (>=1.141.0 <=1.167.58) potentially affected by CVE-2026-45321 via @tanstack/vue-start-client (>=1.141.0 <=1.166.43)

@tanstack/vue-start-client NPM version =1.141.0, =1.141.0, =1.167.58 Source cves: CVE-2026-45321 Source advisory: SNYK:JS-TANSTACKVUESTARTCLIENT-16640254...

9.6CVSS7.4AI score0.02342EPSS
Exploits3
vulnersOsv
vulnersOsv
added 2026/05/11 9:0 p.m.5 views

@squawk/mcp (>=0.4.1 <=0.8.1) potentially affected by unknown CVE via @squawk/navaid-data (>=0.4.1 <=0.5.2)

@squawk/navaid-data NPM version =0.4.1, =0.4.1, =0.8.1 Source cves: unknown CVE Source advisory: SNYK:JS-SQUAWKNAVAIDDATA-16640894...

5.5AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/11 9:0 p.m.7 views

@squawk/mcp (>=0.2.0 <=0.9.0) potentially affected by unknown CVE via @squawk/icao-registry (>=0.2.3 <=0.5.1)

@squawk/icao-registry NPM version =0.2.3, =0.2.0, =0.9.0 Source cves: unknown CVE Source advisory: SNYK:JS-SQUAWKICAOREGISTRY-16640891...

5.8AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/11 9:0 p.m.6 views

@squawk/mcp (>=0.2.0 <=0.9.0) potentially affected by unknown CVE via @squawk/procedures (>=0.2.4 <=0.5.1)

@squawk/procedures NPM version =0.2.4, =0.2.0, =0.9.0 Source cves: unknown CVE Source advisory: SNYK:JS-SQUAWKPROCEDURES-16640885...

5.8AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/11 9:0 p.m.10 views

@d-trattner/pidex (>=0.1.1 <=0.1.3), birdclaw (>=0.1.0 <=0.7.0) +1 more potentially affected by CVE-2026-45321 via @tanstack/react-start (>=1.167.2 <=1.167.65)

@tanstack/react-start NPM version =1.167.2, =0.1.1, =0.1.0, =0.0.0-dev, =0.23.0 Source cves: CVE-2026-45321 Source advisory: SNYK:JS-TANSTACKREACTSTART-16640215...

9.6CVSS7.5AI score0.02342EPSS
Exploits3
Rows per page
Query Builder