Lucene search
+L

1893 matches found

AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Firefox and Thunderbird

In the nsTArrayImpl::ReplaceElementsAt function, an integer overflow could occur when the number of elements to be replaced is too large for the container. This vulnerability affects Firefox 102, Firefox ESR 91.11, Thunderbird 102, and Thunderbird 91.11...

8.8CVSS6.8AI score0.00776EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability in Pypy

A issue was discovered in Python versions 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module incorrectly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of check on the From/To...

7.5CVSS7.2AI score0.05418EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: kunit: fixed the reference count leak in kfreeatend The reference counting issue occurs during the normal execution of kfreeatend. When kunitallocandgetresource is called, the function fails to properly handle the returned resour...

5.3CVSS6.3AI score0.00489EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in ofono

oFono CUSD AT Command Stack-based Buffer Overflow Code Execution Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this...

7.8CVSS7.7AI score0.00292EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.1 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: binfmtflat: Fixed an integer overflow bug on 32-bit systems. Most of these sizes and counts are capped at 256MB, so the calculations do not result in integer overflows. The “relocs” count also needs to be checked. Otherwise, o...

5.5CVSS6.5AI score0.00216EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/19 2:35 p.m.20 views

Allocation of Resources Without Limits or Throttling

Overview Scriban.Signed is a fast, powerful, safe and lightweight scripting language and engine for .NET, which was primarily developed for text templating with a compatibility mode for parsing liquid templates. Affected versions of this package are vulnerable to Allocation of Resources Without...

9.2CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/19 2:35 p.m.14 views

Allocation of Resources Without Limits or Throttling

Overview Scriban is a Scriban is a fast, powerful, safe and lightweight scripting language and engine for .NET, which was primarily developed for text templating with a compatibility mode for parsing liquid templates. Today, not only Scriban can be used in text templating scenarios, but also can ...

9.2CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2026/05/19 2:35 p.m.49 views

GHSA-24C8-4792-22HX Scriban: array.insert_at index parameter DoS bypasses LoopLimit and LimitToString

Summary ArrayFunctions.InsertAt in Scriban allocates index - list.Count null entries in a tight C for loop with no bound on index. The function is exposed to template authors as array.insertat, and the fill loop ignores every existing safety control: LoopLimit, LimitToString, ObjectRecursionLimit...

8.7CVSS5.8AI score
Exploits0References2
NVD
NVD
added 2026/05/19 12:16 p.m.33 views

CVE-2026-7504

A flaw was found in Keycloak's URL validation logic during redirect operations. By crafting a malicious request, an attacker could bypass validation to redirect users to unauthorized URLs, potentially leading to the exposure of sensitive information within the domain or facilitating further...

8.1CVSS0.005EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.16 views

PT-2026-41879

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw in the URL validation logic during redirect operations allows an attacker to bypass validation and redirect users to unauthorized URLs. This occurs when Keycloak clients are configure...

9.4CVSS5.8AI score0.005EPSS
Exploits0References22
Snyk
Snyk
added 2026/05/15 10:40 a.m.12 views

Malicious Package

Overview frank-at-alibaba-internal is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2026/05/15 10:40 a.m.13 views

MAL-2026-3787 Malicious code in frank-at-alibaba-internal (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 886c65e3dc3df0890c4de06cdd9d3973fd8a5844b0db2010a08e1160d2b6dce5 The package frank-at-alibaba-internal was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References1
Snyk
Snyk
added 2026/05/14 8:25 p.m.9 views

Authorization Bypass Through User-Controlled Key

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the pinchannelmessage process. An attacker can modify the ispinned, pinnedby, and pinnedat fields of messages by sending API requests with only read-level...

5.3CVSS5.8AI score0.00204EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/05/13 3:2 p.m.11 views

CVE-2026-44459

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, improper validation of the JWT NumericDate claims exp, nbf, and iat in hono/utils/jwt allows tokens with non-spec-compliant claim values to silently bypass time-based checks. This issue is not...

3.8CVSS5.8AI score0.00216EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/13 3:2 p.m.35 views

CVE-2026-44459

CVE-2026-44459 (Hono) concerns improper validation of JWT NumericDate claims (exp, nbf, iat) in hono/utils/jwt prior to 4.12.18. The vulnerability allows tokens with non-spec-compliant claim values to silently bypass time-based checks when verify() processes malformed claims (not exploitable by a...

3.8CVSS5.8AI score0.00216EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/11 7:40 p.m.13 views

NPM: Kysely: JSON-path traversal injection via unsanitized path-leg metacharacters in `JSONPathBuilder.key()` / `.at()`

NPM: Kysely: JSON-path traversal injection via unsanitized path-leg metacharacters in JSONPathBuilder.key / .at vulnerability discovered by ? in WordPress Npm kysely versions = 0.26.0, 0.28.17...

5.8AI score0.00362EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/05/10 3:31 p.m.21 views

EUVD-2022-55990

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the backend/mailingLog/manage module. The datecreated, datefrom, dateto, and createdat parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted...

6.1CVSS5.7AI score0.00252EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/10 3:31 p.m.23 views

EUVD-2022-55989

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the auctions/manage module. The datecreated, datefrom, dateto, and createdat parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET reques...

6.1CVSS5.7AI score0.00252EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/10 3:31 p.m.19 views

EUVD-2022-55988

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the tickets/manage module. The datecreated, datefrom, dateto, and createdat parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET request...

6.1CVSS5.7AI score0.00252EPSS
Exploits0References5
NVD
NVD
added 2026/05/10 1:16 p.m.42 views

CVE-2022-50966

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the news/manage module. The datecreated, datefrom, dateto, and createdat parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET requests...

6.1CVSS0.00252EPSS
Exploits0References4
Rows per page
Query Builder