Lucene search
K

563 matches found

OSV
OSV
added 2026/04/22 2:16 p.m.7 views

DEBIAN-CVE-2026-31447

In the Linux kernel, the following vulnerability has been resolved: ext4: reject mount if bigalloc with sfirstdatablock != 0 bigalloc with sfirstdatablock != 0 is not supported, reject mounting it...

7.8CVSS5.2AI score0.00135EPSS
Exploits0References1
OSV
OSV
added 2026/04/15 8:16 p.m.3 views

DEBIAN-CVE-2026-6301

Type Confusion in Turbofan in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6AI score0.00372EPSS
Exploits0References1
OSV
OSV
added 2026/04/10 10:9 a.m.5 views

RHSA-2026:7350 Red Hat Security Advisory: nodejs:24 security update

Bulletin has no description...

7.5CVSS6.6AI score0.26356EPSS
Exploits1References100
vulnersOsv
vulnersOsv
added 2026/04/09 5:37 p.m.7 views

@0xwork/connect (>=0.1.0 <=0.1.7), @agentholdings/agent-passport (>=0.1.0 <=0.1.5) +24 more potentially affected by CVE-2026-42428 via openclaw (>=0.0.1 <=2026.4.5)

openclaw NPM version =0.0.1, =0.1.0, =0.1.0, =0.8.3, =0.1.0, =2026.3.25, =0.0.0, =27.2.5, =1.1.0, =2.1.3, =2026.3.24-3, =0.14.39, =0.1.0, =0.1.1, =0.2.18 and more Source cves: CVE-2026-42428 Source advisory: OSV:GHSA-3VVQ-Q2QC-7RMP...

7.5CVSS5.7AI score0.00139EPSS
Exploits0
OSV
OSV
added 2026/04/02 8:16 a.m.7 views

UBUNTU-CVE-2026-5244

A vulnerability has been found in Cesanta Mongoose up to 7.20. This affects the function mgtlsrecvcert of the file mongoose.c of the component TLS 1.3 Handler. Such manipulation of the argument pubkey leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been...

9.8CVSS7AI score0.00727EPSS
Exploits1References2
OSV
OSV
added 2026/04/01 6:16 p.m.8 views

UBUNTU-CVE-2026-34445

Open Neural Network Exchange ONNX is an open standard for machine learning interoperability. Prior to version 1.21.0, the ExternalDataInfo class in ONNX was using Python’s setattr function to load metadata like file paths or data lengths directly from an ONNX model file. It didn’t check if the...

8.6CVSS5.7AI score0.00288EPSS
Exploits0References2
OSV
OSV
added 2026/03/29 6:9 a.m.5 views

BELL-CVE-2026-23283 CVE-2026-23283 does not affect BellSoft software

Bulletin has no description...

5.5CVSS5.8AI score0.00107EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/03/27 6:20 p.m.6 views

4coders-commons (>=0.0.1 <=0.0.2), @11ty/eleventy (=0.3.3) +3644 more potentially affected by CVE-2026-33938 via handlebars (>=4.0.0 <=4.7.8)

handlebars NPM version =4.0.0, =0.0.1, =0.1.0, =0.1.0, =0.0.11, =0.0.52, =0.1.0, =0.0.72, =0.1.0, =1.1.1, =0.0.0-3b548b7bf6ff6554f724240da3a11be924237e6c, =1.16.0, =1.16.0, =1.16.0, =2.4.4 and more Source cves: CVE-2026-33938 Source advisory: OSV:GHSA-3MFM-83XF-C92R...

8.1CVSS6.3AI score0.00709EPSS
Exploits1
OSV
OSV
added 2026/03/25 11:16 a.m.2 views

DEBIAN-CVE-2026-23299

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: purge error queues in socket destructors When TX timestamping is enabled via SOTIMESTAMPING, SKBs may be queued into skerrorqueue and will stay there until consumed. If userspace never gets to read the timestamps, or i...

5.5CVSS5.3AI score0.00121EPSS
Exploits0References1
OSV
OSV
added 2026/03/20 12:16 a.m.7 views

UBUNTU-CVE-2026-22735

Spring MVC and WebFlux applications are vulnerable to stream corruption when using Server-Sent Events SSE. This issue affects Spring Foundation: from 7.0.0 through 7.0.5, from 6.2.0 through 6.2.16, from 6.1.0 through 6.1.25, from 5.3.0 through 5.3.46...

2.6CVSS5.8AI score0.00112EPSS
Exploits0References3
OSV
OSV
added 2026/03/11 10:11 a.m.1 views

RHSA-2026:4173 Red Hat Security Advisory: gimp security update

Bulletin has no description...

8.8CVSS5.7AI score0.01157EPSS
Exploits0References33
CVE
CVE
added 2026/02/27 7:30 a.m.21 views

CVE-2025-13327

CVE-2025-13327 affects the uv component used in open-source projects (notably Python-uv in openSUSE). The issue enables arbitrary code execution during package installation/resolution when processing specially crafted ZIP archives that exploit parsing differentials, with user interaction required...

6.3CVSS5.9AI score0.0015EPSS
Exploits0References5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/26 6:56 p.m.7 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in aws-sdk-s3-1.199.0.gem

Summary IBM Watson Discovery Cartridge affected by vulnerability in aws-sdk-s3-1.199.0.gem Vulnerability Details CVEID:CVE-2025-14762 DESCRIPTION: Missing cryptographic key commitment in the AWS SDK for Ruby may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts ...

6CVSS5.4AI score0.00185EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/02/24 12:45 a.m.4 views

CLEANSTART-2026-HW19594 Within HostnameError

Multiple security vulnerabilities affect the helm package. Within HostnameError. See references for individual vulnerability details...

9.8CVSS5.8AI score0.00626EPSS
Exploits2References19
OSV
OSV
added 2026/02/20 10:11 a.m.6 views

RHSA-2026:3012 Red Hat Security Advisory: munge security update

Bulletin has no description...

7.7CVSS5.1AI score0.00302EPSS
Exploits0References10
OSV
OSV
added 2026/02/20 1:15 a.m.4 views

DEBIAN-CVE-2026-26967

PJSIP is a free and open source multimedia communication library written in C. In versions 2.16 and below, there is a critical Heap-based Buffer Overflow vulnerability in PJSIP's H.264 unpacketizer. The bug occurs when processing malformed SRTP packets, where the unpacketizer reads a 2-byte NAL...

5.3CVSS5.6AI score0.0029EPSS
Exploits0References1
Snyk
Snyk
added 2026/02/09 5:25 p.m.3 views

Malicious Package

Overview json-web-sources is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.5AI score
Exploits0References2
OSV
OSV
added 2026/02/06 1:10 a.m.13 views

CLEANSTART-2026-WX01708 vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device

Multiple security vulnerabilities affect the clamav package. A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. See references for individual vulnerability details...

9.8CVSS8.6AI score0.84841EPSS
Exploits16References73
OSV
OSV
added 2026/02/04 5:16 p.m.6 views

DEBIAN-CVE-2026-23051

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix drm panic null pointer when driver not support atomic When driver not support atomic, fb using plane-fb rather than plane-state-fb. cherry picked from commit 2f2a72de673513247cd6fae14e53f6c40c5841ef...

5.2AI score0.00155EPSS
Exploits0References1
OSV
OSV
added 2026/01/30 3:3 p.m.8 views

CLEANSTART-2026-LP38773 excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate

Multiple security vulnerabilities affect the kube-state-metrics-fips package. An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. See references for individual vulnerability details...

9.8CVSS5.6AI score0.00459EPSS
Exploits2References7
Rows per page
Query Builder