Lucene search
K

49 matches found

Github Security Blog
Github Security Blog
added 2026/06/08 11:43 p.m.13 views

Dulwich has unbounded memory allocation in receive-pack from crafted thin packs

Impact An uncontrolled-resource-consumption memory exhaustion denial-of-service vulnerability CWE-400 / CWE-789. A client with push access could push a tiny crafted thin pack 174 bytes whose delta header declares a huge destsize. When dulwich ingested it via addthinpack / applydelta, it would...

5.7CVSS5.5AI score0.00188EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.9 views

CVE-2026-9558

A Server-Side Template Injection SSTI vulnerability exists in Mautic's theme engine. The platform renders uploaded Twig templates without a sandbox or strict function restrictions. Authenticated users with permissions to create or upload themes can abuse this to execute arbitrary code on the...

9.9CVSS6.1AI score0.00439EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:35 a.m.11 views

CVE-2017-18385

cPanel before 68.0.15 allows unprivileged users to access restricted directories during account restores SEC-311...

5.5CVSS6.9AI score0.00338EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/09 6:13 p.m.7 views

CVE-2025-4614 PAN-OS: Session Token Disclosure Vulnerability

An information disclosure vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to view session tokens of users authenticated to the firewall web UI. This may allow impersonation of users whose session tokens are leaked. The security risk posed by this issue...

4.8CVSS0.0022EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2001-1441

Malware in sbrugna...

7.5CVSS6.4AI score0.01818EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2007-3674

Malware in sbrugna...

7.8CVSS6.4AI score0.01784EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-13506

Malicious code in bioql PyPI...

7.5CVSS6.5AI score0.0037EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-39172

Malicious code in bioql PyPI...

4.3CVSS5.1AI score0.00262EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-58745

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.0031EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-41580

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.01174EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-19741

Malicious code in bioql PyPI...

3.8CVSS6.6AI score0.00137EPSS
Exploits0References4
NVD
NVD
added 2025/07/09 9:15 a.m.7 views

CVE-2025-27028

The Linux deprivileged user vpuser in Radiflow iSAP Smart Collector CentOS 7 - VSAP 1.20 can read the entire file system content, including files belonging to other users and having restricted access like, for example, the root password hash...

6.8CVSS0.00267EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/07/02 3:45 p.m.4 views

CVE-2025-6943

Secret Server version 11.7 and earlier is vulnerable to a SQL report creation vulnerability that allows an administrator to gain access to restricted tables...

3.8CVSS7.8AI score0.00137EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 4:8 a.m.8 views

CVE-2023-38685

Discourse is an open source discussion platform. Prior to version 3.0.6 of the stable branch and version 3.1.0.beta7 of the beta and tests-passed branches, information about restricted-visibility topic tags could be obtained by unauthorized users. The issue is patched in version 3.0.6 of the stab...

4.3CVSS6.3AI score0.0039EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 9:43 a.m.8 views

CVE-2019-0318

Under certain conditions SAP NetWeaver Application Server for Java Startup Framework, versions 7.21, 7.22, 7.45, 7.49, and 7.53, allows an attacker to access information which would otherwise be restricted...

5.3CVSS6.7AI score0.0136EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:37 a.m.20 views

CVE-2019-0391

Under certain conditions SAP NetWeaver AS Java corrected in 7.10, 7.20, 7.30, 7.31, 7.40, 7.50 allows an attacker to access information which would otherwise be restricted...

4.3CVSS6.6AI score0.00889EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 6:14 p.m.7 views

CVE-1999-0753

The w3-msql CGI script provided with Mini SQL allows remote attackers to view restricted directories...

7.5CVSS7.6AI score0.05332EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/05/13 12:0 a.m.4 views

PT-2025-20813 · Unknown · Promotion Management Wizard

Name of the Vulnerable Software and Affected Versions: Promotion Management Wizard PMW affected versions not specified Description: The issue allows an attacker to access restricted information under certain conditions. This has a high impact on confidentiality, with a low impact on the integrity...

7.9CVSS6AI score0.00142EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/04/15 12:0 a.m.4 views

PT-2025-16489

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. Description Unauthenticated attackers can obtain restricted information about a user's smart device collections, also known as "rooms". Recommendations At the moment, there is no information about a newer...

6.9CVSS6.4AI score0.00398EPSS
Exploits0References5
Amazon
Amazon
added 2025/01/09 12:0 a.m.4 views

Medium: haproxy

Issue Overview: Inconsistent interpretation of HTTP requests 'HTTP Request/Response Smuggling' issue exists in HAProxy. If this vulnerability is exploited, a remote attacker may access a path that is restricted by ACL Access Control List set on the product. As a result, the attacker may obtain...

5.3CVSS6.7AI score0.01043EPSS
Exploits0
Rows per page
Query Builder