Lucene search
K

406 matches found

Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.4 views

PT-2026-31793

Name of the Vulnerable Software and Affected Versions WolfSSL affected versions not specified Description WolfSSL improperly handles URI name constraints from constrained intermediate Certificate Authorities CAs during certificate chain verification. The parsing of these constraints occurs, but...

7CVSS6AI score0.00165EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2026/04/08 8:55 a.m.4 views

CVE-2026-35611

A flaw was found in Addressable. This vulnerability allows a remote attacker to cause a Denial of Service DoS by providing a maliciously crafted Uniform Resource Identifier URI to the URI template implementation. Specifically, certain URI templates using the explode modifier or multiple variables...

7.5CVSS5.9AI score0.0036EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/08 12:5 a.m.3 views

EUVD-2026-19788

Addressable has a Regular Expression Denial of Service in Addressable templates...

7.5CVSS5.9AI score0.0036EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/08 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-35611

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. From 2.3.0 to before 2.9.0, within the URI...

7.5CVSS6.4AI score0.0036EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/07 6:14 p.m.7 views

Regular Expression Denial of Service (ReDoS)

Overview addressable is an is an alternative implementation to the URI implementation that is part of Ruby's standard library. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the URI template matching due to the use of regular expressions with...

8.7CVSS5.9AI score0.0036EPSS
Exploits0References2
Redos
Redos
added 2026/04/07 12:0 a.m.5 views

ROS-20260407-73-0033

A vulnerability in the kernel/trace/ftrace.c component of the Linux kernel is related to the use of resources with a similar identifier. Exploitation of the vulnerability allows an attacker to cause a denial of service...

7.8CVSS7AI score0.00168EPSS
Exploits0
Ubuntu
Ubuntu
added 2026/04/06 4:3 p.m.5 views

USN-8151-1: lambdaisland/uri vulnerability

It was discovered that lambdaisland/uri did not properly sanitize the backslash character in URI strings. An attacker could possibly use this issue to bypass security checks or redirect users...

6.1CVSS6.4AI score0.00553EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/04/06 10:57 a.m.5 views

CVE-2026-34229

Emlog is an open source website building system. Prior to version 2.6.8, there is a stored cross-site scripting XSS vulnerability in emlog comment module via URI scheme validation bypass. This issue has been patched in version 2.6.8...

6.1CVSS5.7AI score0.0023EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/03 10:31 p.m.2 views

CVE-2026-34229 Emlog: Stored XSS in Comment Module via URI Scheme Validation Bypass

Emlog is an open source website building system. Prior to version 2.6.8, there is a stored cross-site scripting XSS vulnerability in emlog comment module via URI scheme validation bypass. This issue has been patched in version 2.6.8...

6.1CVSS5.7AI score0.0023EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/03 12:0 a.m.7 views

PT-2026-30264

Emlog is an open source website building system. Prior to version 2.6.8, there is a stored cross-site scripting XSS vulnerability in emlog comment module via URI scheme validation bypass. This issue has been patched in version 2.6.8...

6.1CVSS5.7AI score0.0023EPSS
Exploits1References3
Ubuntu
Ubuntu
added 2026/03/31 8:49 a.m.5 views

USN-8137-1: Ruby vulnerability

It was discovered that the Ruby URI gem did not properly handle sensitive information when combining URIs. A remote attacker could possibly use this issue to leak authentication credentials...

7.5CVSS5.9AI score0.0051EPSS
Exploits0
Cvelist
Cvelist
added 2026/03/29 4:30 a.m.39 views

CVE-2026-5031 BichitroGan ISP Billing Software Endpoint users-view resource injection

A vulnerability was found in BichitroGan ISP Billing Software 2025.3.20. Impacted is an unknown function of the file /?route=settings/users-view/ of the component Endpoint. The manipulation of the argument ID results in improper control of resource identifiers. The attack can be launched remotely...

5.3CVSS0.00226EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/29 12:0 a.m.12 views

PT-2026-28743

Name of the Vulnerable Software and Affected Versions BichitroGan ISP Billing Software version 2025.3.20 Description A flaw exists in BichitroGan ISP Billing Software that allows for improper control of resource identifiers. The issue is located within an unknown function of the file ‘/?...

5.3CVSS5.7AI score0.00226EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2026/03/26 10:19 p.m.19 views

Loofah has improper detection of disallowed URIs via `allowed_uri?`

Summary Loofah::HTML5::Scrub.alloweduri? does not correctly reject javascript: URIs when the scheme is split by HTML entity-encoded control characters such as carriage return, line feed, or tab. Details The alloweduri? method strips literal control characters before decoding HTML entities. Payloa...

5.6AI score
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/03/26 8:30 p.m.20 views

CVE-2026-33635 iCalendar has ICS injection via unsanitized URI property values

iCalendar is a Ruby library for dealing with iCalendar files in the iCalendar format defined by RFC-5545. Starting in version 2.0.0 and prior to version 2.12.2, .ics serialization does not properly sanitize URI property values, enabling ICS injection through attacker-controlled input, adding...

4.3CVSS0.00244EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/26 8:30 p.m.2 views

CVE-2026-33635

iCalendar is a Ruby library for dealing with iCalendar files in the iCalendar format defined by RFC-5545. Starting in version 2.0.0 and prior to version 2.12.2, .ics serialization does not properly sanitize URI property values, enabling ICS injection through attacker-controlled input, adding...

4.3CVSS5.9AI score0.00244EPSS
Exploits1References4Affected Software1
Debian CVE
Debian CVE
added 2026/03/26 8:30 p.m.4 views

CVE-2026-33635

iCalendar is a Ruby library for dealing with iCalendar files in the iCalendar format defined by RFC-5545. Starting in version 2.0.0 and prior to version 2.12.2, .ics serialization does not properly sanitize URI property values, enabling ICS injection through attacker-controlled input, adding...

4.3CVSS5.6AI score0.00244EPSS
Exploits1
EUVD
EUVD
added 2026/03/26 4:52 p.m.4 views

EUVD-2026-16291

srvx is vulnerable to middleware bypass via absolute URI in request line...

4.8CVSS5.8AI score0.00246EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.7 views

iCalendar 注入漏洞

iCalendar is an open-source Ruby library for processing iCalendar format files. Versions 2.0.0 to 2.12.2 of iCalendar contain a vulnerability due to improper cleanup of URI attribute values during .ics serialization, which may lead to ICS injection attacks...

4.3CVSS5.8AI score0.00244EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/24 12:0 a.m.8 views

Vikunja 安全漏洞

Vikunja is an open-source to-do application developed by Vikunja developers. Versions of Vikunja from 0.21.0 to 2.2.0 contained security vulnerabilities. These vulnerabilities stemmed from the Vikunja Desktop Electron wrapper, which directly passed the URL from the window.open call to...

8CVSS5.9AI score0.00248EPSS
Exploits1References2
Rows per page
Query Builder