Lucene search
K

3522 matches found

RedHat Linux
RedHat Linux
added 2026/04/20 2:37 a.m.4 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS7.4AI score0.00728EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/04/20 12:48 a.m.6 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS5.8AI score0.00728EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2026/04/16 1:2 a.m.10 views

Froxlor has Local File Inclusion via path traversal in API `def_language` parameter leads to Remote Code Execution

Summary The Froxlor API endpoint Customers.update and Admins.update does not validate the deflanguage parameter against the list of available language files. An authenticated customer can set deflanguage to a path traversal payload e.g., ../../../../../var/customers/webs/customer1/evil, which is...

9.9CVSS6.4AI score0.00524EPSS
Exploits1References5Affected Software1
Snyk
Snyk
added 2026/04/14 8:0 p.m.4 views

Improper Check for Unusual or Exceptional Conditions

Overview Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions in the HandlePolicyDataSubsToNotifySubsIdPut process. An attacker can cause unintended modification of existing Policy Data notification subscriptions by sending malformed, empty, or...

6.9CVSS5.8AI score0.00321EPSS
Exploits1References3
Amazon
Amazon
added 2026/04/14 12:0 a.m.20 views

Important: amazon-efs-utils

Issue Overview: time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used...

9.1CVSS5.8AI score0.01079EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/04/14 12:0 a.m.6 views

SUSE SLES15 / openSUSE 15 Security Update : python39 (SUSE-SU-2026:1296-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1296-1 advisory. - CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined can lead to...

7.5CVSS5.9AI score0.00621EPSS
Exploits0References13
CVE
CVE
added 2026/04/13 3:31 p.m.24 views

CVE-2026-6231

The CVE-2026-6231 issue affects the MongoDB C Driver. The root cause is that the bson_validate function may return early on certain inputs and incorrectly report success, allowing malformed or invalid UTF-8 sequences to bypass validation and be processed incorrectly. Affected products/versions ex...

7.5CVSS5.8AI score0.00184EPSS
Exploits0References1Affected Software1
Amazon
Amazon
added 2026/04/13 12:0 a.m.9 views

Important: amazon-efs-utils

Issue Overview: time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used...

9.1CVSS5.8AI score0.01079EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/04/10 3:10 a.m.2 views

CVE-2026-5500 Improper Validation of AES-GCM Authentication Tag Length in PKCS#7 Envelope Allows Authentication Bypass

wolfSSL's wcPKCS7DecodeAuthEnvelopedData does not properly sanitize the AES-GCM authentication tag length received and has no lower bounds check. A man-in-the-middle can therefore truncate the mac field from 16 bytes to 1 byte, reducing the tag check from 2⁻¹²⁸ to 2⁻⁸...

8.7CVSS5.8AI score0.00355EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/10 12:0 a.m.4 views

SUSE SLES15 Security Update : bind (SUSE-SU-2026:1230-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1230-1 advisory. - CVE-2026-1519: high CPU load during insecure delegation validation due to excessive NSEC3 iterations bsc1260805. Tenable has extracted the...

7.5CVSS5.9AI score0.01545EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/09 2:44 p.m.1 views

CVE-2026-5437

An out-of-bounds read vulnerability exists in DicomStreamReader during DICOM meta-header parsing. When processing malformed metadata structures, the parser may read beyond the bounds of the allocated metadata buffer. Although this issue does not typically crash the server or expose data directly ...

5.9AI score0.00641EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.8 views

PT-2026-31749

An Improper Following of a Certificate's Chain of Trust vulnerability in J-Web of Juniper Networks Junos OS on SRX Series allows a PITM to intercept the communication of the device and get access to confidential information and potentially modify it. When an SRX device is provisioned to connect t...

8.3CVSS5.9AI score0.00121EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/08 5:52 p.m.24 views

CVE-2026-30815 OS Command Injection Vulnerability in OpenVPN Module in TP-Link AX53

An OS command injection vulnerability in the OpenVPN module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attacker to execute system commands when a specially crafted configuration file is processed due to insufficient input validation. Successful exploitation may allow modificatio...

8.5CVSS0.0116EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/07 3:14 p.m.20 views

CVE-2025-24819 A Relative Path Traversal vulnerability in Nokia MantaRay NM

Nokia MantaRay NM is vulnerable to a Relative Path Traversal vulnerability due to improper validation of input parameter on the file system in Software Manager application...

0.00211EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/04 12:0 a.m.8 views

SUSE SLED15 / SLES15 Security Update : python-tornado (SUSE-SU-2026:1171-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:1171-1 advisory. - CVE-2026-31958: parsing large multipart bodies with many parts can cause a denial of service bsc1259553. - incomplete...

8.7CVSS6AI score0.00375EPSS
Exploits0References6
Snyk
Snyk
added 2026/04/03 10:1 p.m.18 views

Not Failing Securely ('Failing Open')

Overview fast-jwt is a Fast JSON Web Token implementation Affected versions of this package are vulnerable to Not Failing Securely 'Failing Open' due to improper validation of the crit header parameter. An attacker can bypass intended authorization policies by crafting a signed token with unknown...

8.7CVSS5.9AI score0.00155EPSS
Exploits1References2
Nuclei
Nuclei
added 2026/04/02 5:22 a.m.30 views

Heimdall - Host Header Injection & Open Redirect

LinuxServer.io Heimdall 2.6.3-ls307 contains a host header injection caused by improper validation of user-supplied HTTP headers X-Forwarded-Host and Referer, letting unauthenticated remote attackers perform host header injection and open redirect attacks, exploit requires no special privileges...

9.8CVSS5.9AI score0.02779EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/04/01 12:0 a.m.42 views

Amazon Linux 2023 : mount-s3 (ALAS2023-2026-1510)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1510 advisory. time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via...

8.7CVSS5.9AI score0.01079EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2026/04/01 12:0 a.m.9 views

Amazon Linux 2 : python, --advisory ALAS2-2026-3218 (ALAS-2026-3218)

The version of python installed on the remote host is prior to 2.7.18-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3218 advisory. The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update, |=...

7.5CVSS5.9AI score0.00621EPSS
Exploits0References6
Snyk
Snyk
added 2026/03/31 11:2 p.m.5 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection due the improper validation of options.imports key names in .template. An attacker can execute arbitrary code at template compilation time by injecting malicious expressions. If Object.prototype has been pollute...

9.8CVSS7.1AI score0.2241EPSS
Exploits3References2
Rows per page
Query Builder