Lucene search
K

104 matches found

Cvelist
Cvelist
added last week33 views

CVE-2026-53624 Fiber: HSTS header never set in helmet middleware due to incorrect protocol check

Fiber is an Express inspired web framework written in Go. Prior to 3.4.0, the helmet middleware in middleware/helmet/helmet.go never sets the Strict-Transport-Security response header even when HSTSMaxAge is configured because it checks c.Protocol for https instead of c.Scheme. This issue is fixe...

4.8CVSS0.00207EPSS
Exploits0References4
NVD
NVD
added 2026/07/06 10:16 p.m.7 views

CVE-2026-38973

mrubyc through release3.4.1 was found to contain an out-of-bounds read in builtin missing-method lookup inside mrbcfindmethod...

4.4CVSS0.00116EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/07/01 1:59 p.m.6 views

Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs Security Update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: ruby3.4: ruby3.4-3.4.8-31.3.hum1 aarch64, x8664 ruby3.4-bundled-gems-3.4.8-31.3.hum1 aarch64, x8664 ruby3.4-default-gems-3.4.8-31.3.hum1 noarch ruby3.4-devel-3.4.8-31.3.hum1 aarch64, x8664...

5.8CVSS5.9AI score0.00239EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/06/18 4:5 p.m.9 views

CVE-2026-55204

HAProxy through 3.4.0, fixed in commit 9a6d1fe, contains a null pointer dereference vulnerability in hpackdhtinsert within src/hpack-tbl.c that fails to validate the return value of hpackdhtdefrag when the memory pool is exhausted. An attacker can trigger HPACK dynamic table insertions under memo...

8.7CVSS5.3AI score0.00431EPSS
Exploits0
NVD
NVD
added 2026/06/17 10:16 p.m.13 views

CVE-2026-50196

Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Discovery.Eureka prior to versions 4.2.0 and 3.4.0, DataCenterInfo.FromJson throws ArgumentException for any name value other than "MyOwn" or "Amazon", despite...

7.5CVSS0.00339EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:40 p.m.11 views

CVE-2025-62127

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WEN Themes WEN Logo Slider allows DOM-Based XSS. This issue affects WEN Logo Slider: from n/a through 3.4.0...

5.9CVSS5.4AI score0.00136EPSS
Exploits0References1
OSV
OSV
added 2026/06/05 3:48 p.m.9 views

OESA-2026-2549 rsync security update

Rsync is an open source utility that provides fast incremental file transfer. It uses the "rsync algorithm" which provides a very fast method for bringing remote files into sync. It does this by sending just the differences in the files across the link, without requiring that both sets of files a...

6.9CVSS5.5AI score0.00503EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/20 7:31 p.m.9 views

CVE-2026-35007

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in singleunit.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the id GET parameter directly into an HTML attribute. Attackers can craft a maliciou...

5.1CVSS5.8AI score0.00221EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Wireshark

An infinite loop in the BitTorrent DHT dissector in Wireshark versions 3.6.0, 3.4.0, and 3.4.10 allows for denial of service through packet injection or malicious capture files...

7.5CVSS7.1AI score0.03879EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.8 views

Rsync 安全漏洞

Rsync is a fast and versatile file copying tool developed by RsyncProject. It is used for both remote and local files. Versions of Rsync prior to 3.4.3 contained security vulnerabilities. These vulnerabilities stemmed from a stack write issue in the establishproxyconnection function. Network...

3.7CVSS5.8AI score0.00337EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.13 views

PT-2026-38333

Name of the Vulnerable Software and Affected Versions OpenEXR versions 3.0.0 through 3.2.8 OpenEXR versions 3.3.0 through 3.3.10 OpenEXR versions 3.4.0 through 3.4.10 Description An integer overflow exists in the ImageChannel::resize function, which can lead to a heap out-of-bounds OOB write—a...

8.8CVSS5.9AI score0.00372EPSS
Exploits1References34
Tenable Nessus
Tenable Nessus
added 2026/05/04 12:0 a.m.11 views

RHCOS 3 : OpenShift Container Platform 3.4 (RHSA-2018:1237)

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:1237 advisory. - source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go CVE-2018-1102 Note that Nessus has not tested fo...

8.8CVSS7.3AI score0.02418EPSS
Exploits0References6
OSV
OSV
added 2026/04/28 7:0 p.m.3 views

CVE-2026-7303 Xuxueli xxl-job Execution Log JobLogController.java logDetailCat resource injection

A security flaw has been discovered in Xuxueli xxl-job up to 3.3.2. Impacted is the function logDetailCat of the file xxl-job-admin/src/main/java/com/xxl/job/admin/controller/biz/JobLogController.java of the component Execution Log Handler. The manipulation of the argument logId results in improp...

6.3CVSS5.1AI score0.00418EPSS
Exploits0References9
CVE
CVE
added 2026/04/23 2:54 p.m.94 views

CVE-2026-41240

Summary of technical details (CVE-2026-41240) : DOMPurify prior to 3.4.0 has an inconsistency between FORBID_TAGS and FORBID_ATTR when function-based ADD_TAGS is used. The fix added an early exit for FORBID_ATTR but the FORBID_TAGS path remained unpatched, causing short-circuiting that allows for...

6.1CVSS5.6AI score0.00313EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/04/16 11:44 p.m.4 views

BIT-MLFLOW-2025-10279 Privilege Escalation in mlflow/mlflow

In mlflow version 2.20.3, the temporary directory used for creating Python virtual environments is assigned insecure world-writable permissions 0o777. This vulnerability allows an attacker with write access to the /tmp directory to exploit a race condition and overwrite .py files in the virtual...

7CVSS7.3AI score0.00215EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/04/06 7:0 a.m.36 views

CVE-2026-5633 assafelovic gpt-researcher ws Endpoint server-side request forgery

A vulnerability was determined in assafelovic gpt-researcher up to 3.4.3. Affected is an unknown function of the component ws Endpoint. Executing a manipulation of the argument sourceurls can lead to server-side request forgery. It is possible to launch the attack remotely. The exploit has been...

7.5CVSS0.00284EPSS
Exploits0References5
OSV
OSV
added 2026/04/06 6:15 a.m.3 views

CVE-2026-5630 assafelovic gpt-researcher Report API app.py cross site scripting

A flaw has been found in assafelovic gpt-researcher up to 3.4.3. The impacted element is an unknown function of the file backend/server/app.py of the component Report API. This manipulation causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been...

5.3CVSS4.2AI score0.00337EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/04/06 12:0 a.m.12 views

PT-2026-30570

A vulnerability has been found in assafelovic gpt-researcher up to 3.4.3. This affects the function extract command data of the file backend/server/server utils.py of the component ws Endpoint. Such manipulation of the argument args leads to code injection. The attack may be performed from remote...

7.5CVSS6.7AI score0.00311EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/04/02 11:26 p.m.6 views

SUSE CVE-2026-34543

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.8, sensitive information from heap memory may be leaked through the decoded pixel data information disclosure...

5.5CVSS5.7AI score0.00482EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/27 12:30 a.m.6 views

EUVD-2026-16509

Open Source Point of Sale opensourcepos is a web based point of sale application written in PHP using CodeIgniter framework. Prior to version 3.4.2, an Insecure Direct Object Reference IDOR vulnerability allows an authenticated low-privileged user to access the password change functionality of...

6.5CVSS5.8AI score0.00277EPSS
Exploits1References2
Rows per page
Query Builder