Lucene search
K

57390 matches found

RedHat Linux
RedHat Linux
added 2026/02/03 7:28 a.m.6 views

Important: Red Hat Security Advisory: resource-agents security update

An update for resource-agents is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

8.9CVSS6.7AI score0.00622EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/02/03 7:25 a.m.5 views

Important: Red Hat Security Advisory: fence-agents security update

An update for fence-agents is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this update...

8.9CVSS6.7AI score0.02667EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/02/03 7:25 a.m.4 views

urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)

urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP...

8.9CVSS5.8AI score0.02667EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/02/03 7:21 a.m.3 views

urllib3: urllib3 Streaming API improperly handles highly compressed data

A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header e.g., gzip, deflate, br, or zstd. The library must read compressed data from the network and decompress it...

8.9CVSS5.9AI score0.00622EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/02/03 7:18 a.m.6 views

urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)

urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP...

8.9CVSS5.8AI score0.02667EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/02/03 7:17 a.m.5 views

Important: Red Hat Security Advisory: resource-agents security update

An update for resource-agents is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this...

8.9CVSS6.7AI score0.02667EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/02/03 7:17 a.m.4 views

urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)

urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP...

8.9CVSS5.8AI score0.02667EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/02/03 3:46 a.m.6 views

CVE-2025-67484

A flaw was found in MediaWiki. This vulnerability is associated with the includes/Api/ApiFormatXml.Php file. An attacker with high privileges could potentially interact with this flaw. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the...

4.7CVSS5.1AI score0.00395EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/02/03 3:24 a.m.3 views

CVE-2026-0909

The WP ULike plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.8.3.1. This is due to the wpulikedeletehistoryapi AJAX action not verifying that the log entry being deleted belongs to the current user. This makes it possible for...

5.3CVSS5.5AI score0.00338EPSS
Exploits0References5
OSV
OSV
added 2026/02/03 3:15 a.m.4 views

CVE-2026-24933

The API communication component fails to validate the SSL/TLS certificate when sending HTTPS requests to the server. An improper certificates validation vulnerability allows an unauthenticated remote attacker can perform a Man-in-the-Middle MitM attack to intercept the cleartext communication,...

5.9CVSS5.8AI score0.00204EPSS
Exploits0References1
NVD
NVD
added 2026/02/03 2:16 a.m.7 views

CVE-2025-67484

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiFormatXml.Php. This issue affects MediaWiki: from before 1.39.16, 1.43.6, 1.44.3, 1.45.1...

9.8CVSS0.00395EPSS
Exploits0References1
NVD
NVD
added 2026/02/03 2:16 a.m.7 views

CVE-2025-61653

Vulnerability in Wikimedia Foundation TextExtracts. This vulnerability is associated with program files includes/ApiQueryExtracts.Php. This issue affects TextExtracts: from before 1.39.14, 1.43.4, 1.44.1...

6.9CVSS0.00332EPSS
Exploits0References1
OSV
OSV
added 2026/02/03 2:16 a.m.1 views

UBUNTU-CVE-2025-67477

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Special.Apisandbox/ApiSandboxLayout.Js. This issue affects MediaWiki: from before...

6.1CVSS5.8AI score0.00234EPSS
Exploits0References3
OSV
OSV
added 2026/02/03 2:16 a.m.3 views

UBUNTU-CVE-2025-61653

Vulnerability in Wikimedia Foundation TextExtracts. This vulnerability is associated with program files includes/ApiQueryExtracts.Php. This issue affects TextExtracts: from before 1.39.14, 1.43.4, 1.44.1...

6.9CVSS5.8AI score0.00332EPSS
Exploits0References4
Snyk
Snyk
added 2026/02/03 1:24 a.m.3 views

Cross-site Scripting (XSS)

Overview mediawiki/core is a Free software wiki application developed by the Wikimedia Foundation and others. Note: This package is not maintained on Packagist anymore, but newer releases exist. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the XSLT option of th...

9.8CVSS5.6AI score0.00395EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/03 1:24 a.m.25 views

CVE-2025-67484 Action API xslt option allows JavaScript execution by administrators who are not interface administrators

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiFormatXml.Php. This issue affects MediaWiki: from before 1.39.16, 1.43.6, 1.44.3, 1.45.1...

0.00395EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/03 1:24 a.m.5 views

CVE-2025-67484 Action API xslt option allows JavaScript execution by administrators who are not interface administrators

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiFormatXml.Php. This issue affects MediaWiki: from before 1.39.16, 1.43.6, 1.44.3, 1.45.1...

5.3AI score0.00395EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/03 1:23 a.m.27 views

CVE-2025-67480 list=allrevisions can be used to bypass Extension:Lockdown

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiQueryRevisionsBase.Php. This issue affects MediaWiki: from before 1.39.16, 1.43.6, 1.44.3, 1.45.1...

0.00211EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/03 1:23 a.m.5 views

CVE-2025-67480 list=allrevisions can be used to bypass Extension:Lockdown

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiQueryRevisionsBase.Php. This issue affects MediaWiki: from before 1.39.16, 1.43.6, 1.44.3, 1.45.1...

5.3AI score0.00211EPSS
Exploits0References1
Snyk
Snyk
added 2026/02/03 1:16 a.m.3 views

Cross-site Scripting (XSS)

Overview mediawiki/core is a Free software wiki application developed by the Wikimedia Foundation and others. Note: This package is not maintained on Packagist anymore, but newer releases exist. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Special:ApiSandbo...

6.1CVSS5.5AI score0.00234EPSS
Exploits0References2
Rows per page
Query Builder