Lucene search
K

438 matches found

OSV
OSV
added 2026/05/01 6:23 p.m.4 views

ECHO-5A69-95EC-C529

Bulletin has no description...

5.5CVSS5.7AI score0.00123EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/01 10:25 a.m.4 views

Malicious Package

Overview apple-internal-security-library-v99 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization an...

9.8CVSS5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/01 10:25 a.m.8 views

Malicious code in apple-internal-security-library-v99 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f44267d5128f9ac2c62938b60bfa45264207a0010c41c97082c72246a3a7a248 The package apple-internal-security-library-v99 was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References1
Veracode
Veracode
added 2026/04/30 7:25 a.m.8 views

Improper Authentication

org.springframework.security:spring-security-oauth2-jose is vulnerable to Improper Authentication. The vulnerability is due to missing configuration of a JWT validator when using NimbusJwtDecoder or NimbusReactiveJwtDecoder, which allows an attacker to bypass token validation with crafted JWTs...

6.5CVSS5.2AI score0.00203EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/04/30 12:0 a.m.9 views

UBUNTU-CVE-2026-42009

A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security DTLS packet reordering logic. The comparator function, responsible for ordering DTLS packets by sequence numbers, did not correctly handle packets with duplicate sequence numbers. This...

7.5CVSS5.8AI score0.01335EPSS
Exploits0References4
Oracle linux
Oracle linux
added 2026/04/27 12:0 a.m.11 views

firefox security update

140.10.0-1.0.1 - Fix firefox-oracle-default-prefs.js for new nss Orabug: 37079773 - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file 140.10.0 - Add debranding patches Mustafa Gezen - Add OpenELA default preferences Louis Abel 140.10.0-1 - Update to 140.10.0 ESR...

9.8CVSS5.2AI score0.04938EPSS
Exploits1
OSV
OSV
added 2026/04/24 6:16 p.m.4 views

UBUNTU-CVE-2026-41677

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.0 to before 0.10.78, the frompemcallback APIs did not validate the length returned by the user's callback. A password callback that returns a value larger than the buffer it was given can cause some versions of...

9.1CVSS5.9AI score0.00294EPSS
Exploits0References3
OSV
OSV
added 2026/04/24 3:16 p.m.4 views

UBUNTU-CVE-2026-31567

In the Linux kernel, the following vulnerability has been resolved: PM: sleep: Drop spurious WARNON from pmrestoregfpmask Commit 35e4a69b2003f "PM: sleep: Allow pmrestrictgfpmask stacking" introduced refcount-based GFP mask management that warns when pmrestoregfpmask is called with savedgfpcount ...

5.5CVSS5.5AI score0.00128EPSS
Exploits0References6
OSV
OSV
added 2026/04/16 10:22 a.m.10 views

RHSA-2026:8322 Red Hat Security Advisory: rhc security update

Bulletin has no description...

7.5CVSS7.4AI score0.99999EPSS
Exploits19References20
Oracle linux
Oracle linux
added 2026/04/16 12:0 a.m.13 views

thunderbird security update

140.9.1-1.0.1 - Fix prefs for new nss Orabug: 37079813 - Add Oracle prefs 140.9.1 - Add OpenELA debranding 140.9.1-1 - Update to 140.9.1 ESR...

9.8CVSS5.7AI score0.01052EPSS
Exploits1
Snyk
Snyk
added 2026/04/15 10:16 a.m.7 views

LDAP Injection

Overview org.bouncycastle:bcprov-jdk15to18 is a Java implementation of cryptographic algorithms. Affected versions of this package are vulnerable to LDAP Injection via the parseDN handling and the LDAP store helpers in X509LDAPCertStoreSpi and LDAPStoreHelper. An attacker can influence LDAP searc...

7.3CVSS5.7AI score0.00527EPSS
Exploits0References2
OSV
OSV
added 2026/04/11 8:33 p.m.3 views

MINI-6G9R-78HQ-PX73

Bulletin has no description...

7.5CVSS5.7AI score0.00349EPSS
Exploits0
OSV
OSV
added 2026/04/11 3:17 p.m.3 views

MINI-3F6M-3HVJ-8G9H

Bulletin has no description...

7.5CVSS5.7AI score0.00349EPSS
Exploits0
NVD
NVD
added 2026/04/09 10:16 p.m.7 views

CVE-2026-33778

An Improper Validation of Syntactic Correctness of Input vulnerability in the IPsec library used by kmd and iked of Juniper Networks Junos OS on SRX Series and MX Series allows an unauthenticated, network-based attacker to cause a complete Denial-of-Service DoS. If an affected device receives a...

8.7CVSS0.00338EPSS
Exploits0References1
OSV
OSV
added 2026/04/04 10:5 a.m.3 views

RHSA-2026:3818 Red Hat Security Advisory: grafana-pcp security update

Bulletin has no description...

7.5CVSS5.9AI score0.01945EPSS
Exploits2References19
Tenable Nessus
Tenable Nessus
added 2026/04/04 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-34877

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Mbed TLS versions from 2.19.0 up to 3.6.5, Mbed TLS 4.0.0. Insufficient protection of serialized SSL context or session structures...

9.8CVSS6.1AI score0.00426EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/02 12:0 a.m.2 views

CVE-2026-34876

An issue was discovered in Mbed TLS 3.x before 3.6.6. An out-of-bounds read vulnerability in mbedtlsccmfinish in library/ccm.c allows attackers to obtain adjacent CCM context data via invocation of the multipart CCM API with an oversized taglen parameter. This is caused by missing validation of t...

5.9AI score0.0039EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/02 12:0 a.m.18 views

CVE-2026-34877

An issue was discovered in Mbed TLS versions from 2.19.0 up to 3.6.5, Mbed TLS 4.0.0. Insufficient protection of serialized SSL context or session structures allows an attacker who can modify the serialized structures to induce memory corruption, leading to arbitrary code execution. This is cause...

0.00426EPSS
Exploits0References2
OSV
OSV
added 2026/04/01 8:16 p.m.6 views

DEBIAN-CVE-2026-34872

An issue was discovered in Mbed TLS 3.5.x and 3.6.x through 3.6.5 and TF-PSA-Crypto 1.0. There is a lack of contributory behavior in FFDH due to improper input validation. Using finite-field Diffie-Hellman, the other party can force the shared secret into a small set of values lack of contributor...

9.1CVSS5.3AI score0.00204EPSS
Exploits0References1
OSV
OSV
added 2026/04/01 7:16 p.m.8 views

ALPINE-CVE-2026-25835

Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Random Number Generator PRNG...

7.7CVSS5.9AI score0.0017EPSS
Exploits0References1
Rows per page
Query Builder