Lucene search
K

91 matches found

Cvelist
Cvelist
added 2026/06/19 1:48 p.m.28 views

CVE-2026-9143 Incorrect Conversion between Numeric Types in NI grpc-device due to missing range checks in CodeGen

There is an incorrect conversion between numeric types vulnerability in NI grpc-device due to missing range checks in CodeGen. This may silently discard high bits if a size value exceeded the target type's range. This affects NI grpc-device 2.17.0 and prior versions...

6.3CVSS0.0018EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.19 views

PT-2026-50890

Name of the Vulnerable Software and Affected Versions NI grpc-device versions prior to 2.17.0 Description A NULL pointer dereference occurs in the data moniker service of NI grpc-device. A NULL pointer dereference is a condition where a program attempts to read or write to a memory address that i...

8.7CVSS5.9AI score0.00343EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/12 8:50 p.m.10 views

EUVD-2026-36574

ApostropheCMS is an open-source Node.js content management system, and sanitize-html provides a simple HTML sanitizer with a clear API. Versions of sanitize-html prior to 2.17.5 use allowedSchemesAppliedToAttributes default: 'href', 'src', 'cite' to gate the naughtyHref function that blocks...

5.4CVSS5.3AI score0.00136EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/12 8:39 p.m.33 views

CVE-2026-44990 Apostrophe has default XSS via `xmp` raw-text passthrough in `sanitize-html`

ApostropheCMS is an open-source Node.js content management system, and sanitize-html provides a simple HTML sanitizer with a clear API. Under the default configuration, versions of sanitize-html prior to 2.17.4 can turn attacker-controlled content inside a disallowed xmp element into live HTML or...

9.3CVSS0.0037EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.29 views

PT-2026-48990

Name of the Vulnerable Software and Affected Versions sanitize-html versions prior to 2.17.5 Description The software uses the allowedSchemesAppliedToAttributes variable to control the naughtyHref function, which is designed to block dangerous URI schemes such as javascript: and vbscript:. Howeve...

5.4CVSS5.2AI score0.00136EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/04 12:50 p.m.8 views

CVE-2026-40605

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.1, a path traversal vulnerability in the cache deletion endpoint allows authenticated API access to delete directories outside the configured cache path. This can cause arbitrary data loss and...

7.1CVSS5.9AI score0.00303EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/02 9:11 a.m.12 views

CVE-2026-5422

A path traversal vulnerability exists in jupyter-server version 2.17.0 due to an incorrect root directory boundary check in the getospath function within jupyterserver/services/contents/fileio.py. The check uses startswithroot without appending a trailing path separator, allowing sibling...

6.8CVSS6.7AI score0.00437EPSS
Exploits1References2
CVE
CVE
added 2026/05/09 7:16 p.m.20 views

CVE-2026-42333

CVE-2026-42333 affects Quarkus OpenAPI Generator. The issue: the generated authentication filter can match OpenAPI path templates too broadly, causing a security scheme for one operation to be applied to a different, similarly-named operation. This can cause bearer tokens, API keys, or basic cred...

6.3CVSS5.7AI score0.004EPSS
Exploits0References5
NVD
NVD
added 2026/05/07 8:16 p.m.15 views

CVE-2026-42225

PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, on GnuTLS builds, the SIP TLS transport siptransporttls can accept connections with invalid or untrusted certificates even when the application explicitly enables certificate verification via...

8.2CVSS0.00161EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/05/07 8:16 p.m.9 views

CVE-2026-42225

PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, on GnuTLS builds, the SIP TLS transport siptransporttls can accept connections with invalid or untrusted certificates even when the application explicitly enables certificate verification via...

8.2CVSS5.7AI score0.00161EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/07 6:47 p.m.33 views

CVE-2026-42225 GnuTLS backend silently skips certificate chain verification when verify_peer is false

PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, on GnuTLS builds, the SIP TLS transport siptransporttls can accept connections with invalid or untrusted certificates even when the application explicitly enables certificate verification via...

8.2CVSS0.00161EPSS
Exploits0References3
CVE
CVE
added 2026/05/07 6:47 p.m.21 views

CVE-2026-42225

PJSIP’s GnuTLS-enabled SIP TLS transport (sip_transport_tls) in builds prior to version 2.17 can accept connections with invalid/untrusted certificates even when verify_server/verify_client are PJ_TRUE. The vulnerability arises from certificate verification being effectively skipped for those bui...

8.2CVSS5.7AI score0.00161EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.13 views

PT-2026-38557

PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, on GnuTLS builds, the SIP TLS transport sip transport tls can accept connections with invalid or untrusted certificates even when the application explicitly enables certificate verification via...

8.2CVSS5.7AI score0.00161EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/05 7:37 p.m.5 views

CVE-2026-35397

Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, a path traversal vulnerability in the REST API allows an authenticated user to escape the configured rootdir and access sibling directories whose names begin with the same prefix as the rootdir. For exampl...

7.6CVSS5.8AI score0.00583EPSS
Exploits2References2Affected Software1
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.10 views

Jupyter Server 代码问题漏洞

Jupyter Server is an application developed by the Jupyter organization that provides backend services for Jupyter web applications. Jupyter Server versions 2.17.0 and earlier have code vulnerabilities. These vulnerabilities stem from the persistence of the key used for signing authentication...

7.6CVSS5.8AI score0.00308EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/04/30 12:0 a.m.8 views

PT-2026-36080

Name of the Vulnerable Software and Affected Versions Little CMS lcms2 versions 2.16 through 2.18 Description An integer overflow exists in the ParseCube function within the cmscgats.c file. An integer overflow occurs when a program attempts to store a numeric value that is too large for the...

4CVSS5.9AI score0.00128EPSS
Exploits0References28
Cvelist
Cvelist
added 2026/04/24 6:40 p.m.36 views

CVE-2026-41416 PJSIP: Asymmetric ptime integer overflow in Media Stream

PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, there is an integer overflow in media stream buffer size calculation when processing SDP with asymmetric ptime configuration. The overflow may result in an undersized buffer allocation, which can...

9.3CVSS0.00279EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/24 6:40 p.m.6 views

EUVD-2026-25598

PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, there is an integer overflow in media stream buffer size calculation when processing SDP with asymmetric ptime configuration. The overflow may result in an undersized buffer allocation, which can...

9.3CVSS5.7AI score0.00279EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/24 6:40 p.m.6 views

CVE-2026-41416 PJSIP: Asymmetric ptime integer overflow in Media Stream

PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, there is an integer overflow in media stream buffer size calculation when processing SDP with asymmetric ptime configuration. The overflow may result in an undersized buffer allocation, which can...

9.3CVSS5.7AI score0.00279EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/24 6:38 p.m.4 views

CVE-2026-41415 PJSIP: SIP Multipart CID URI Length Underflow

PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, there is an out-of-bounds read when parsing a malformed Content-ID URI in SIP multipart message body. Insufficient length validation can cause reads beyond the intended buffer bounds. This...

8.8CVSS5.4AI score0.00308EPSS
Exploits0References2
Rows per page
Query Builder