Lucene search
+L

1520 matches found

ptsecurity
ptsecurity
added 6 days ago8 views

PT-2026-57481

This update for libredwg fixes the following issues: Changes in libredwg: - Update to snapshot 0.14.8413 fix dwg next entity NULL pointer dereference CVE-2026-15184, boo1271170 Fix dwg bmp thumbnail overflow checks CVE-2026-15181, boo1271169 Resolve NULL pointer dereference SEGV in match BLOCK...

7.5CVSS6.4AI score0.00339EPSS
Exploits0References20
cgr
cgr
added 2026/07/01 2:16 p.m.24 views

CVE-2026-11274 vulnerabilities

Vulnerabilities for packages: chromium...

4.3CVSS5.8AI score0.00175EPSS
Exploits0
fedora
fedora
added 2026/06/21 1:1 a.m.5 views

[SECURITY] Fedora 44 Update: 389-ds-base-3.2.2-2.fc44

389 Directory Server is an LDAPv3 compliant server. The base package includes the LDAP server and command line utilities for server administration...

7.5CVSS5.8AI score0.00815EPSS
Exploits0
osv
osv
added 2026/05/24 12:0 a.m.7 views

OPENSUSE-SU-2026:10853-1 libppsdocument4_0-6-50.1-2.1 on GA media

These are all security issues fixed in the libppsdocument40-6-50.1-2.1 package on the GA media of openSUSE Tumbleweed...

8.4CVSS5.8AI score0.00529EPSS
Exploits1References1
osv
osv
added 2026/05/13 8:21 p.m.7 views

MAL-2026-3710 Malicious code in ethers-logger (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 8f43ab2ac9caeed4f5dd0895f4da7d3a646038768f5d0024f443bb527fd1ad95 The OpenSSF Package Analysis project identified 'ethers-logger' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...

5.8AI score
Exploits0
redhat
redhat
added 2026/04/27 5:24 p.m.13 views

Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: sed: sed-4.10-1.hum1 aarch64, x8664 sed-4.10-1.hum1.src src...

2.1CVSS5.8AI score0.00142EPSS
Exploits0References3
ossf
ossf
added 2026/04/22 2:49 p.m.12 views

Malicious code in sparkling-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3a51b8dc4e5a69bd2a09d2bb1c705963de6b9513ff871237d21a5f6641abc0ac The package sparkling-sdk was found to contain malicious code. Source: ghsa-malware b0457cea0504e91fd51a3802d694a20e91fab0bf48731ae4a18c484eab349202...

5.7AI score
Exploits0References1
osv
osv
added 2026/04/10 12:51 a.m.7 views

CLEANSTART-2026-DK61762 filippo

Multiple security vulnerabilities affect the prometheus-mysqld-exporter package. filippo. See references for individual vulnerability details...

9.8CVSS5.8AI score0.00765EPSS
Exploits1References9
redhatcve
redhatcve
added 2026/03/31 4:59 a.m.13 views

CVE-2026-30082

Multiple stored cross-site scripting XSS vulnerabilities in the Edit feature of the Software Package List page of IngEstate Server v11.14.0 allow attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the About application, What's news, or Release note parameters...

6.1CVSS6AI score0.00189EPSS
Exploits0References1
euvd
euvd
added 2026/03/30 3:32 p.m.7 views

EUVD-2026-17095

Multiple stored cross-site scripting XSS vulnerabilities in the Edit feature of the Software Package List page of IngEstate Server v11.14.0 allow attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the About application, What's news, or Release note parameters...

6.1CVSS6AI score0.00189EPSS
Exploits0References4
nvd
nvd
added 2026/03/30 3:16 p.m.7 views

CVE-2026-30082

Multiple stored cross-site scripting XSS vulnerabilities in the Edit feature of the Software Package List page of IngEstate Server v11.14.0 allow attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the About application, What's news, or Release note parameters...

6.1CVSS0.00189EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/03/30 12:0 a.m.4 views

CVE-2026-30082

Multiple stored cross-site scripting XSS vulnerabilities in the Edit feature of the Software Package List page of IngEstate Server v11.14.0 allow attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the About application, What's news, or Release note parameters...

6AI score0.00189EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/03/30 12:0 a.m.3 views

CVE-2026-30082

Multiple stored cross-site scripting XSS vulnerabilities in the Edit feature of the Software Package List page of IngEstate Server v11.14.0 allow attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the About application, What's news, or Release note parameters...

6.1CVSS6AI score0.00189EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/03/30 12:0 a.m.11 views

PT-2026-29029

Multiple stored cross-site scripting XSS vulnerabilities in the Edit feature of the Software Package List page of IngEstate Server v11.14.0 allow attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the About application, What's news, or Release note parameters...

6.1CVSS6AI score0.00189EPSS
Exploits0References4
cnnvd
cnnvd
added 2026/03/30 12:0 a.m.8 views

IngEstate Server 安全漏洞

IngEstate Server is a real estate asset management and information service platform developed by IngEstate Server Inc. IngEstate Server v11.14.0 contains a security vulnerability. This vulnerability stems from an editing function on the software package list page that allows for stored cross-site...

6.1CVSS6AI score0.00189EPSS
Exploits0References4
cve
cve
added 2026/03/30 12:0 a.m.21 views

CVE-2026-30082

CVE-2026-30082 describes multiple stored cross-site scripting (XSS) vulnerabilities in the Edit feature of the Software Package List page of IngEstate Server v11.14.0 . The issue allows an attacker to inject crafted payloads via the About application, What’s new, or Release note parameters to exe...

6.1CVSS6AI score0.00189EPSS
Exploits0References2
cvelist
cvelist
added 2026/03/30 12:0 a.m.24 views

CVE-2026-30082

Multiple stored cross-site scripting XSS vulnerabilities in the Edit feature of the Software Package List page of IngEstate Server v11.14.0 allow attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the About application, What's news, or Release note parameters...

0.00189EPSS
Exploits0References2
cvelist
cvelist
added 2026/03/27 6:31 p.m.23 views

CVE-2026-34387 Fleet vulnerable to OS command injection via crafted software package metadata in uninstall scripts

Fleet is open source device management software. Prior to 4.81.1, a command injection vulnerability in Fleet's software installer pipeline allows an attacker to achieve arbitrary code execution as root macOS/Linux or SYSTEM Windows on managed hosts when an uninstall is triggered for a crafted...

8.4CVSS0.01282EPSS
Exploits0References1
ossf
ossf
added 2026/03/24 3:53 p.m.14 views

Malicious code in nodecognivault (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7709482c6e8d04dee2a9310780eff8f0f31cb64800273088f08a5cd1a8570c0a The package nodecognivault was found to contain malicious code...

5.9AI score
Exploits0
osv
osv
added 2026/03/24 3:44 p.m.7 views

MAL-2026-2359 Malicious code in env-embed (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fb6e9ae149bf8b69194b4ae8fea78a4f31cbd1c01a9f65a188c063380b5c1d34 The package env-embed was found to contain malicious code...

5.8AI score
Exploits0
Rows per page
Query Builder