Lucene search
K

1011 matches found

Nuclei
Nuclei
added 16 hours ago102 views

VMware Aria Operations for Logs - Unauthenticated Remote Code Execution

VMware Aria Operations for Logs contains a deserialization vulnerability. An unauthenticated, malicious actor with network access to VMware Aria Operations for Logs may be able to execute arbitrary code as root. id: CVE-2023-20864 info: name: VMware Aria Operations for Logs - Unauthenticated Remo...

9.8CVSS7.4AI score0.70423EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday63 views

VMware Aria Operations for Networks - Code Injection Information Disclosure Vulnerability

Aria Operations for Networks contains an information disclosure vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in information disclosure. id: CVE-2023-20889 info: name: VMware Aria Operations...

7.5CVSS6.9AI score0.79258EPSS
Exploits0References3
Nuclei
Nuclei
added 3 days ago95 views

VMware Aria Operations for Networks - Remote Code Execution

Aria Operations for Networks contains an authenticated deserialization vulnerability. A malicious actor with network access to VMware Aria Operations for Networks and valid 'member' role credentials may be able to perform a deserialization attack resulting in remote code execution. id:...

8.8CVSS7.3AI score0.82282EPSS
Exploits0References2
OSV
OSV
added 2026/06/23 5:17 p.m.5 views

DEBIAN-CVE-2026-50574

yt-dlp is a command-line audio/video downloader. Prior to 2026.06.09, if aria2c is used as an external downloader for a fragmented manifest format such as an HLS/DASH stream, yt-dlp passes insufficiently sanitized input to aria2c that allows an attacker to perform an arbitrary file write. On...

9.6CVSS6.5AI score0.00406EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/06 12:0 a.m.20 views

PT-2026-47451

CVE-2026-36229 - VMware Aria Operations For Logs Directory Traversal CVE ID :CVE-2026-36229 Published : June 6, 2026, 9:16 p.m. | 2 hours, 14 minutes ago Description :Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further...

5.4AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:35 p.m.14 views

CVE-2026-5446

In wolfSSL, ARIA-GCM cipher suites used in TLS 1.2 and DTLS 1.2 reuse an identical 12-byte GCM nonce for every application-data record. Because wcAriaEncrypt is stateless and passes the caller-supplied IV verbatim to the MagicCrypto SDK with no internal counter, and because the explicit IV is...

7.1CVSS5.4AI score0.00264EPSS
Exploits0References1
OSV
OSV
added 2026/05/20 7:7 p.m.11 views

GO-2026-4993 SiYuan: Electron Renderer RCE via decodeURIComponent-driven tooltip XSS in aria-label sink (incomplete fix for CVE-2026-34585) in github.com/siyuan-note/siyuan/kernel

SiYuan: Electron Renderer RCE via decodeURIComponent-driven tooltip XSS in aria-label sink incomplete fix for CVE-2026-34585 in github.com/siyuan-note/siyuan/kernel...

9.4CVSS5.8AI score0.00509EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/14 6:23 p.m.7 views

CVE-2026-44588 SiYuan: URL-encoded title bypasses `escapeAriaLabel`, decoded by `decodeURIComponent` into a tooltip-XSS

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, he tooltip mouseover handler in app/src/block/popover.ts reads aria-label via getAttribute and passes it through decodeURIComponent before assigning to messageElement.innerHTML in app/src/dialog/tooltip.ts:41. The...

9.4CVSS6.1AI score0.00509EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/14 6:23 p.m.47 views

CVE-2026-44588 SiYuan: URL-encoded title bypasses `escapeAriaLabel`, decoded by `decodeURIComponent` into a tooltip-XSS

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, he tooltip mouseover handler in app/src/block/popover.ts reads aria-label via getAttribute and passes it through decodeURIComponent before assigning to messageElement.innerHTML in app/src/dialog/tooltip.ts:41. The...

9.4CVSS0.00509EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.12 views

SiYuan 跨站脚本漏洞

SiYuan is an open-source personal knowledge management system developed by SiYuan. Versions of SiYuan prior to 3.7.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from the tooltip handler not properly escaping the aria-label attribute, which could lead to cross-site...

9.4CVSS5.9AI score0.00509EPSS
Exploits0References2
OSV
OSV
added 2026/05/08 7:8 p.m.5 views

GHSA-25RP-H46X-2HJM SiYuan: Electron Renderer RCE via decodeURIComponent-driven tooltip XSS in aria-label sink (incomplete fix for CVE-2026-34585)

Summary The tooltip mouseover handler in app/src/block/popover.ts reads aria-label via getAttribute and passes it through decodeURIComponent before assigning to messageElement.innerHTML in app/src/dialog/tooltip.ts:41. The encoder used at the producer side, escapeAriaLabel in...

9.4CVSS6.1AI score0.00509EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/08 7:8 p.m.10 views

SiYuan: Electron Renderer RCE via decodeURIComponent-driven tooltip XSS in aria-label sink (incomplete fix for CVE-2026-34585)

Summary The tooltip mouseover handler in app/src/block/popover.ts reads aria-label via getAttribute and passes it through decodeURIComponent before assigning to messageElement.innerHTML in app/src/dialog/tooltip.ts:41. The encoder used at the producer side, escapeAriaLabel in...

9.4CVSS6.1AI score0.00509EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.15 views

PT-2026-39285

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.7.0 Description An issue exists in the tooltip mouseover handler where the software reads the aria-label attribute and processes it using decodeURIComponent before assigning the result to messageElement.innerHTML. Th...

9.4CVSS6.3AI score0.00509EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/04/10 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-5446

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In wolfSSL, ARIA-GCM cipher suites used in TLS 1.2 and DTLS 1.2 reuse an identical 12-byte GCM nonce for every application-data record. Because wcAriaEncrypt is...

7.1CVSS5.5AI score0.00264EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/09 10:10 p.m.8 views

Reusing a Nonce, Key Pair in Encryption

Overview Affected versions of this package are vulnerable to Reusing a Nonce, Key Pair in Encryption in the wcAriaEncrypt process when ARIA-GCM cipher suites are used in TLS 1.2 or DTLS 1.2 sessions with the MagicCrypto SDK, due to the reuse of an identical 12-byte GCM nonce for every...

7.1CVSS5.8AI score0.00264EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/09 9:31 p.m.6 views

EUVD-2026-21180

In wolfSSL, ARIA-GCM cipher suites used in TLS 1.2 and DTLS 1.2 reuse an identical 12-byte GCM nonce for every application-data record. Because wcAriaEncrypt is stateless and passes the caller-supplied IV verbatim to the MagicCrypto SDK with no internal counter, and because the explicit IV is...

6CVSS5.9AI score0.00264EPSS
Exploits0References2
NVD
NVD
added 2026/04/09 9:16 p.m.3 views

CVE-2026-5446

In wolfSSL, ARIA-GCM cipher suites used in TLS 1.2 and DTLS 1.2 reuse an identical 12-byte GCM nonce for every application-data record. Because wcAriaEncrypt is stateless and passes the caller-supplied IV verbatim to the MagicCrypto SDK with no internal counter, and because the explicit IV is...

7.1CVSS0.00264EPSS
Exploits0References1
OSV
OSV
added 2026/04/09 9:16 p.m.2 views

DEBIAN-CVE-2026-5446

In wolfSSL, ARIA-GCM cipher suites used in TLS 1.2 and DTLS 1.2 reuse an identical 12-byte GCM nonce for every application-data record. Because wcAriaEncrypt is stateless and passes the caller-supplied IV verbatim to the MagicCrypto SDK with no internal counter, and because the explicit IV is...

7.1CVSS5.3AI score0.00264EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/04/09 9:16 p.m.6 views

CVE-2026-5446

In wolfSSL, ARIA-GCM cipher suites used in TLS 1.2 and DTLS 1.2 reuse an identical 12-byte GCM nonce for every application-data record. Because wcAriaEncrypt is stateless and passes the caller-supplied IV verbatim to the MagicCrypto SDK with no internal counter, and because the explicit IV is...

7.1CVSS5.8AI score0.00264EPSS
Exploits0References2
OSV
OSV
added 2026/04/09 9:16 p.m.20 views

UBUNTU-CVE-2026-5446

In wolfSSL, ARIA-GCM cipher suites used in TLS 1.2 and DTLS 1.2 reuse an identical 12-byte GCM nonce for every application-data record. Because wcAriaEncrypt is stateless and passes the caller-supplied IV verbatim to the MagicCrypto SDK with no internal counter, and because the explicit IV is...

7.1CVSS5.8AI score0.00264EPSS
Exploits0References3
Rows per page
Query Builder