Lucene search
K

306 matches found

OSV
OSV
added 2026/03/20 8:58 a.m.3 views

CVE-2026-33080 Filament: Unvalidated Range and Values summarizer values can be used for XSS

Filament is a collection of full-stack components for accelerated Laravel development. Versions 4.0.0 through 4.8.4 and 5.0.0 through 5.3.4 have two Filament Table summarizers Range, Values that render raw database values without escaping HTML. If there is a lack of validation for the data in the...

7.3CVSS5.8AI score0.00296EPSS
Exploits0References6
OSV
OSV
added 2026/03/19 8:23 p.m.5 views

CVE-2026-27953 ormar has a Pydantic Validation Bypass via Kwargs Injection in Model Constructor

ormar is a async mini ORM for Python. Versions 0.23.0 and below are vulnerable to Pydantic validation bypass through the model constructor, allowing any unauthenticated user to skip all field validation by injecting "pkonly": true into a JSON request body. By injecting "pkonly": true into a JSON...

7.1CVSS5.8AI score0.01192EPSS
Exploits1References11
CNNVD
CNNVD
added 2026/03/19 12:0 a.m.10 views

ormar 安全漏洞

ORMar is a Python ORM library developed by Collerek’s individual developers. Versions of Ormar prior to 0.23.0 contain security vulnerabilities. These vulnerabilities stem from Pydantic validation bypasses in the model constructor. This allows unvalidated users to bypass field validations by...

9.8CVSS5.8AI score0.01192EPSS
Exploits1References9
RedhatCVE
RedhatCVE
added 2026/03/16 2:29 p.m.3 views

CVE-2026-3085

A flaw was found in GStreamer. This heap-based buffer overflow vulnerability in the rtpqdm2depay component allows a remote attacker to execute arbitrary code. The flaw occurs due to insufficient validation of user-supplied data length during the processing of X-QDM Real-time Transport Protocol RT...

8.8CVSS6.7AI score0.00828EPSS
Exploits0References5
NVD
NVD
added 2026/03/16 2:19 p.m.5 views

CVE-2026-2920

GStreamer ASF Demuxer Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary...

7.8CVSS0.00773EPSS
Exploits0References12
OSV
OSV
added 2026/03/16 2:19 p.m.5 views

UBUNTU-CVE-2026-3085

GStreamer rtpqdm2depay Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary...

8.8CVSS6.3AI score0.00828EPSS
Exploits0References4
Zero Day Initiative
Zero Day Initiative
added 2026/03/16 12:0 a.m.4 views

(Pwn2Own) VMware ESXi VMCI Integer Underflow Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of VMware ESXi. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the implementatio...

8.2CVSS6.2AI score0.00393EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/16 12:0 a.m.6 views

Philips Hue Bridge 安全漏洞

The Philips Hue Bridge is a smart lighting gateway device developed by the Japanese company Philips Hue. There is a security vulnerability present in the Philips Hue Bridge, which stems from the lack of validation for the length of user data in the hkhappairstorageput function. This vulnerability...

8.8CVSS7.7AI score0.00514EPSS
Exploits0References1
OSV
OSV
added 2026/03/13 8:40 p.m.2 views

CVE-2026-3086 GStreamer H.266 Codec Parser Out-Of-Bounds Write Remote Code Execution Vulnerability

GStreamer H.266 Codec Parser Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary...

7.8CVSS7.6AI score0.00421EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/03/13 12:0 a.m.7 views

GStreamer 数字错误漏洞

GStreamer is a set of open-source frameworks for processing streaming media. GStreamer has a digital error vulnerability, which stems from the lack of validation of user data during the parsing of image partitions. This vulnerability may lead to integer underflow and remote code execution...

7.8CVSS7.4AI score0.00421EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/13 12:0 a.m.9 views

GStreamer 缓冲区错误漏洞

GStreamer is a set of open-source frameworks for processing streaming media. GStreamer has a buffer error vulnerability, which stems from the lack of validation of user data when handling APS units. This vulnerability may lead to out-of-bounds writes and remote code execution...

7.8CVSS7.6AI score0.00421EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/12 12:0 a.m.11 views

sglang 安全漏洞

SGLang is a programming language and runtime system developed by SGL-project, aimed at accelerating large model inference. SGLang has a security vulnerability; this vulnerability stems from the encoder’s parallel deregistration system, which deserializes unvalidated data through the deregistratio...

9.8CVSS7.1AI score0.01158EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/03/10 12:29 a.m.5 views

SUSE CVE-2026-2923

GStreamer DVB Subtitles Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary dependi...

7.8CVSS6.3AI score0.00729EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2026/03/10 12:29 a.m.4 views

SUSE CVE-2026-3082

GStreamer JPEG Parser Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary...

7.8CVSS6.4AI score0.00787EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/03/03 1:48 a.m.5 views

CVE-2026-24110

An issue was discovered in Tenda W20E V4.0brV15.11.0.6. Attackers may send overly long addDhcpRules data. When these rules enter the addDhcpRule function and are processed by ret = sscanfpRule, " %d\t%^\t\t%^\n\r\t", , dhcpsIP, dhcpsMac;, the lack of size validation for the rules could lead to...

9.8CVSS6.1AI score0.00425EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/03/03 12:0 a.m.9 views

WordPress plugin LatePoint SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.5CVSS6.2AI score0.00322EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/02/21 12:25 a.m.3 views

SUSE CVE-2026-2047

GIMP ICNS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page ...

7.8CVSS6.3AI score0.0062EPSS
Exploits0References4
NVD
NVD
added 2026/02/20 10:16 p.m.7 views

CVE-2026-0797

GIMP ICO File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page o...

8.8CVSS0.01157EPSS
Exploits0References15
CNNVD
CNNVD
added 2026/02/15 12:0 a.m.7 views

Bosch Infotainment ECU 安全漏洞

The Bosch Infotainment ECU is an in-car entertainment system developed by the German company Bosch. There is a security vulnerability in the Bosch Infotainment ECU. This vulnerability stems from the lack of proper boundary validation for the data provided to users. It may lead to a stack-based...

8.8CVSS6.5AI score0.00379EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/14 1:27 a.m.9 views

CVE-2026-25933

Arduino App Lab is a cross-platform IDE for developing Arduino Apps. Prior to 0.4.0, a vulnerability was identified in the Terminal component of the arduino-app-lab application. The issue stems from insufficient sanitization and validation of input data received from connected hardware devices,...

6.8CVSS5.4AI score0.00151EPSS
Exploits0References1
Rows per page
Query Builder