Lucene search
K

5124 matches found

Positive Technologies
Positive Technologies
added 2026/01/23 12:0 a.m.10 views

PT-2026-4356

Name of the Vulnerable Software and Affected Versions Schneider Electric EcoStruxure Process Expert versions prior to 2025 Description An incorrect default permissions issue can lead to privilege escalation via a reverse shell. A local user with normal privileges can modify executable service...

7CVSS5.9AI score0.00103EPSS
Exploits0References2
OSV
OSV
added 2026/01/22 3:49 p.m.5 views

OPENSUSE-SU-2026:20085-1 Security update for go1.25

This update for go1.25 fixes the following issues: Update to go1.25.6 released 2026-01-15 bsc1244485 Security fixes: - CVE-2025-61730: crypto/tls: handshake messages may be processed at the incorrect encryption level bsc1256821. - CVE-2025-68119: cmd/go: unexpected code execution when invoking...

10CVSS6.4AI score0.01945EPSS
Exploits2References13
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.5 views

Azure Linux 3.0 Security Update: python-tensorboard (CVE-2021-33195)

The version of python-tensorboard installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-33195 advisory. - Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate...

7.5CVSS5.7AI score0.03231EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.11 views

openSUSE 16 Security Update : cargo-c (openSUSE-SU-2026:20060-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20060-1 advisory. - CVE-2025-4574: crossbeam-channel: Fixed double-free on drop in Channel::discardallmessages bsc1243179 - CVE-2025-58160: tracing-subscriber:...

8.8CVSS5.7AI score0.00443EPSS
Exploits1References9
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.6 views

Azure Linux 3.0 Security Update: python-tensorboard (CVE-2022-3171)

The version of python-tensorboard installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-3171 advisory. - A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3,...

7.5CVSS5.6AI score0.01048EPSS
Exploits0References2
Oracle linux
Oracle linux
added 2026/01/21 12:0 a.m.15 views

golang security update

1.25.5-1 - Update to Go 1.25.5 fips-1 1.25.3-5 - gating.yaml: Add tier1 s390x tests 1.25.3-4 - Cleanup lib/ ownership - Remove legacy logic forcing lib/ into golang-tests - Move lib/wasm, lib/fips140, and lib/time to main golang package - Fixes gojswasmexec availability 1.25.3-3 - plans/tier0.fmf...

7.5CVSS5.4AI score0.00451EPSS
Exploits2
Debian
Debian
added 2026/01/20 7:13 p.m.15 views

[SECURITY] [DLA 4445-1] python3.9 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4445-1 [email protected] https://www.debian.org/lts/security/ Andrej Shadura January 20, 2026 https://wiki.debian.org/LTS -...

9.8CVSS8.2AI score0.05193EPSS
Exploits1
OSV
OSV
added 2026/01/19 10:42 a.m.5 views

OPENSUSE-SU-2026:20060-1 Security update for cargo-c

This update for cargo-c fixes the following issues: - CVE-2025-4574: crossbeam-channel: Fixed double-free on drop in Channel::discardallmessages bsc1243179 - CVE-2025-58160: tracing-subscriber: Fixed log pollution bsc1249012 - CVE-2024-12224: idna: Fixed improper validation of Punycode labels...

8.8CVSS5.9AI score0.00443EPSS
Exploits1References6
OSV
OSV
added 2026/01/16 3:49 p.m.4 views

GHSA-M3C4-PRHW-MRX6 Deno has an incomplete fix for command-injection prevention on Windows — case-insensitive extension bypass

Summary A prior patch aimed to block spawning Windows batch/shell files by returning an error when a spawned path’s extension matched .bat or .cmd. That check performs a case-sensitive comparison against lowercase literals and therefore can be bypassed when the extension uses alternate casing for...

8.1CVSS7.1AI score0.00619EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/01/14 12:0 a.m.4 views

Oracle Linux 8 : postgresql:15 (ELSA-2026-0524)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-0524 advisory. pgaudit pgrepack postgres-decoderbufs postgresql 15.15-1 - Update to 15.15 - Resolves: RHEL-128819 CVE-2025-12818 Tenable has extracted the preceding...

5.9CVSS5.8AI score0.00301EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/12 9:54 p.m.23 views

CVE-2026-22794 Account Takeover Vulnerability in Appsmith

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.93, the server uses the Origin value from the request headers as the email link baseUrl without validation. If an attacker controls the Origin, password reset / email verification links in emails can be...

9.6CVSS0.00393EPSS
Exploits3References2
Positive Technologies
Positive Technologies
added 2026/01/10 12:0 a.m.10 views

PT-2026-2249

Name of the Vulnerable Software and Affected Versions RustCrypto versions 0.14.0-pre.0 through 0.14.0-rc.0 Description The RustCrypto Elliptic Curves library provides general purpose Elliptic Curve Cryptography ECC support. A denial-of-service issue exists in the SM2 PKE decryption path where an...

7.5CVSS6.6AI score0.00375EPSS
Exploits1References11
Positive Technologies
Positive Technologies
added 2026/01/10 12:0 a.m.6 views

PT-2026-2260

Name of the Vulnerable Software and Affected Versions vLLM versions 0.6.4 through 0.11.9 Description vLLM is an inference and serving engine for large language models LLMs. Users can cause the vLLM engine to crash when serving multimodal models that utilize the Idefics3 vision model implementatio...

6.5CVSS6.6AI score0.00403EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/01/09 12:41 p.m.13 views

CVE-2023-25601

On version 3.0.0 through 3.1.1, Apache DolphinScheduler's python gateway suffered from improper authentication: an attacker could use a socket bytes attack without authentication. This issue has been fixed from version 3.1.2 onwards. For users who use version 3.0.0 to 3.1.1, you can turn off the...

4.3CVSS6.6AI score0.01127EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:56 a.m.3 views

CVE-2018-4447

A memory corruption issue was addressed with improved state management. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2...

9.3CVSS6.2AI score0.01052EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:55 a.m.8 views

CVE-2018-4272

Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6...

8.8CVSS6.7AI score0.02065EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:55 a.m.7 views

CVE-2018-4379

A lock screen issue allowed access to the share function on a locked device. This issue was addressed by restricting options offered on a locked device. This issue affected versions prior to iOS 12.0.1...

5.5CVSS6.1AI score0.00322EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:50 a.m.5 views

CVE-2022-42466

Prior to 2.0.0-M9, it was possible for an end-user to set the value of an editable string property of a domain object to a value that would be rendered unchanged when the value was saved. In particular, the end-user could enter javascript or similar and this would be executed. As of this release,...

6.1CVSS6.7AI score0.01178EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:46 a.m.10 views

CVE-2022-31071

Octopoller is a micro gem for polling and retrying. Version 0.2.0 of the octopoller gem was published containing world-writeable files. Specifically, the gem was packed with files having their permissions set to -rw-rw-rw- i.e. 0666 instead of rw-r--r-- i.e. 0644. This means everyone who is not t...

3.3CVSS6.6AI score0.00214EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:41 a.m.12 views

CVE-2022-35724

It is possible to provide data to be read that leads the reader to loop in cycles endlessly, consuming CPU. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 previously known as avro-rs. Users should update to apache-avro version 0.14.0 which addresses this issue...

7.5CVSS6.7AI score0.01552EPSS
Exploits0References1
Rows per page
Query Builder