Lucene search
K

2822 matches found

AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.11 views

Astra Linux – Vulnerability in Chromium

The use of after-free in V8 in Google Chrome before version 147.0.7727.55 allowed a remote attacker to execute arbitrary code within a sandbox through a crafted HTML page. Chromium security severity: High...

8.8CVSS7.7AI score0.00303EPSS
Exploits0References3
CVE
CVE
added 2026/04/22 9:16 p.m.30 views

CVE-2026-41171

Squidex (open source headless CMS) Versions prior to 7.23.0 are affected by an SSRF vulnerability in the Jint HTTP client used by scripting functions (e.g., getJSON, request). An authenticated user with low privileges can force the server to make arbitrary outbound HTTP requests to attacker-contr...

8.6CVSS5.9AI score0.00215EPSS
Exploits0References2
Mageia
Mageia
added 2026/04/02 4:48 p.m.13 views

Updated nss & firefox packages fix security vulnerabilities

Denial-of-service in the XML component. CVE-2025-59375 Race condition, use-after-free in the Graphics: WebRender component. CVE-2026-4684 Incorrect boundary conditions in the Graphics: Canvas2D component. CVE-2026-4685 Incorrect boundary conditions in the Graphics: Canvas2D component. CVE-2026-46...

10CVSS6.5AI score0.01279EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/03/23 10:53 a.m.8 views

CVE-2026-22737

A flaw was found in Spring Framework. When Java scripting engine enabled template views such as those using JRuby or Jython are used in Spring MVC and Spring WebFlux applications, a remote attacker can exploit this to disclose sensitive content from files located outside the intended script...

6.5CVSS5.7AI score0.00385EPSS
Exploits1References4
NVD
NVD
added 2026/03/20 12:16 a.m.6 views

CVE-2026-22737

Use of Java scripting engine enabled e.g. JRuby, Jython template views in Spring MVC and Spring WebFlux applications can result in disclosure of content from files outside the configured locations for script template views. This issue affects Spring Framework: from 7.0.0 through 7.0.5, from 6.2.0...

5.9CVSS0.00385EPSS
Exploits1References1
OSV
OSV
added 2026/03/20 12:16 a.m.7 views

UBUNTU-CVE-2026-22737

Use of Java scripting engine enabled e.g. JRuby, Jython template views in Spring MVC and Spring WebFlux applications can result in disclosure of content from files outside the configured locations for script template views. This issue affects Spring Framework: from 7.0.0 through 7.0.5, from 6.2.0...

5.9CVSS5.8AI score0.00385EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2026/03/20 12:16 a.m.7 views

CVE-2026-22737

Use of Java scripting engine enabled e.g. JRuby, Jython template views in Spring MVC and Spring WebFlux applications can result in disclosure of content from files outside the configured locations for script template views. This issue affects Spring Framework: from 7.0.0 through 7.0.5, from 6.2.0...

5.9CVSS5.8AI score0.00385EPSS
Exploits1References2
CVE
CVE
added 2026/03/19 11:53 p.m.101 views

CVE-2026-22737

CVE-2026-22737 affects Spring Framework components that render script template views via a Java scripting engine (e.g., JRuby, Jython) in Spring MVC and Spring WebFlux. The issue allows disclosure of content from files outside configured script template view locations due to the scripting engine ...

5.9CVSS5.7AI score0.00385EPSS
Exploits1References1Affected Software1
Debian CVE
Debian CVE
added 2026/03/19 11:53 p.m.6 views

CVE-2026-22737

Use of Java scripting engine enabled e.g. JRuby, Jython template views in Spring MVC and Spring WebFlux applications can result in disclosure of content from files outside the configured locations for script template views. This issue affects Spring Framework: from 7.0.0 through 7.0.5, from 6.2.0...

5.9CVSS5.5AI score0.00385EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/03/19 12:0 a.m.10 views

PT-2026-26455

Name of the Vulnerable Software and Affected Versions Spring Framework versions 7.0.0 through 7.0.5 Spring Framework versions 6.2.0 through 6.2.16 Spring Framework versions 6.1.0 through 6.1.25 Spring Framework versions 5.3.0 through 5.3.46 Description The use of Java scripting engine enabled...

5.9CVSS6.6AI score0.00385EPSS
Exploits1References60
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.6 views

MiracleLinux 7 : java-11-openjdk-11.0.1.13-3.el7 (AXSA:2019-3622:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2019-3622:01 advisory. OpenJDK: Improper field access checks Hotspot, 8199226 CVE-2018-3169 OpenJDK: Unrestricted access to scripting engine Scripting, 8202936 CVE-2018-31...

9CVSS6.5AI score0.07215EPSS
Exploits2References8
RedHat Linux
RedHat Linux
added 2025/11/24 2:5 a.m.1 views

Redis: Redis Lua Use-After-Free may lead to remote code execution

A vulnerability found in Redis where a flaw in the Lua scripting engine can trigger a use-after-free condition. An authenticated attacker can exploit this by running a specially crafted Lua script, potentially resulting in remote code execution RCE within the Redis process...

9.9CVSS7.9AI score0.86767EPSS
Exploits14References8
RedHat Linux
RedHat Linux
added 2025/11/03 1:42 a.m.4 views

Redis: Redis Lua Use-After-Free may lead to remote code execution

A vulnerability found in Redis where a flaw in the Lua scripting engine can trigger a use-after-free condition. An authenticated attacker can exploit this by running a specially crafted Lua script, potentially resulting in remote code execution RCE within the Redis process...

9.9CVSS7.9AI score0.86767EPSS
Exploits14References8
RedHat Linux
RedHat Linux
added 2025/10/30 10:22 a.m.5 views

Redis: Redis Lua Use-After-Free may lead to remote code execution

A vulnerability found in Redis where a flaw in the Lua scripting engine can trigger a use-after-free condition. An authenticated attacker can exploit this by running a specially crafted Lua script, potentially resulting in remote code execution RCE within the Redis process...

9.9CVSS7.9AI score0.86767EPSS
Exploits14References8
RedHat Linux
RedHat Linux
added 2025/10/23 8:32 a.m.3 views

Redis: Redis Lua Use-After-Free may lead to remote code execution

A vulnerability found in Redis where a flaw in the Lua scripting engine can trigger a use-after-free condition. An authenticated attacker can exploit this by running a specially crafted Lua script, potentially resulting in remote code execution RCE within the Redis process...

9.9CVSS7.9AI score0.86767EPSS
Exploits14References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-0613

Malware in sbrugna...

7.6CVSS7.6AI score0.09325EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-20254

Malware in sbrugna...

7.6CVSS8.5AI score0.09906EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-1413

Malware in sbrugna...

7.6CVSS7.6AI score0.11107EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-13240

Malware in sbrugna...

8.1CVSS7.6AI score0.04805EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.25 views

EUVD-2021-1633

Malware in sbrugna...

7.6CVSS4.4AI score0.01913EPSS
Exploits0References5
Rows per page
Query Builder