Lucene search
K

434 matches found

AlpineLinux
AlpineLinux
added 2026/04/09 10:35 p.m.12 views

CVE-2026-5503

In TLSXEchChangeSNI, the ctx-extensions branch set extensions unconditionally even when TLSXFind returned NULL. This caused TLSXUseSNI to attach the attacker-controlled publicName to the shared WOLFSSLCTX when no inner SNI was configured. TLSXEchRestoreSNI then failed to clean it up because its...

9.1CVSS5.2AI score0.00393EPSS
Exploits0
EUVD
EUVD
added 2026/04/07 6:30 a.m.8 views

EUVD-2026-19564

In Modem, there is a possible system crash due to a logic error. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID:...

6.5CVSS6.1AI score0.00309EPSS
Exploits0References2
ICS
ICS
added 2026/04/02 1:54 p.m.11 views

Zscaler Client Connector hard-coded proxy configuration domain

RISK EVALUATION ZScaler Client Connector 4.7 and 4.8 on Microsoft Windows hard codes a domain used to retrieve proxy configuration information. An attacker with control of this domain could provide arbitrary proxy configurations and intercept, redirect or disrupt traffic. 2. RECOMMENDED...

5.4CVSS6AI score0.00178EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.10 views

OpenClaw 安全漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that can be exploited by an attacker to write bytes under the attacker's control outside of the expected verification path before the final protected replacement step is...

7.5CVSS5.8AI score0.0008EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/03/28 12:26 a.m.6 views

SUSE CVE-2026-32694

In Juju from version 3.0.0 through 3.6.18, when a secret owner grants permissions to a secret to a grantee, the secret owner relies exclusively on a predictable XID of the secret to verify ownership. This allows a malicious grantee which can request secrets to predict past secrets granted by the...

6.6CVSS5.9AI score0.00269EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/03/17 7:46 p.m.9 views

AVideo affected by unauthenticated application takeover via exposed web installer on uninitialized deployments

Summary The install/checkConfiguration.php endpoint performs full application initialization — database setup, admin account creation, and configuration file write — from unauthenticated POST input. The only guard is checking whether videos/configuration.php already exists. On uninitialized...

8.1CVSS6.3AI score0.00489EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2026/02/04 3:2 p.m.27 views

CVE-2026-22548

CVE-2026-22548 affects BIG-IP Advanced WAF/ASM when a security policy is configured on a virtual server. Undisclosed requests can cause the bd process to terminate, resulting in a DoS on the BIG-IP system. The issue is addressed in BIG-IP version 17.1.3 for the 17.x branch (previous 17.1.0–17.1.2...

8.2CVSS5.4AI score0.00185EPSS
Exploits0References1Affected Software2
OSV
OSV
added 2026/01/14 9:15 p.m.7 views

AZL-74547 CVE-2026-0861 affecting package glibc for versions less than 2.38-18

Passing too large an alignment to the memalign suite of functions memalign, posixmemalign, alignedalloc in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption. Note that the attacker must have control over both, the size a...

8.4CVSS6AI score0.00352EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:35 a.m.8 views

CVE-2024-34490

In Maxima through 5.47.0 before 51704c, the plotting facilities make use of predictable names under /tmp. Thus, the contents may be controlled by a local attacker who can create files in advance with these names. This affects, for example, plot2d...

5.1CVSS6.5AI score0.00182EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/24 2:12 p.m.8 views

Malicious code in @asyncapi/java-spring-cloud-stream-template (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4b7ee33a69d9005442fb0347dfb87c303e2acd8cd146d8a85d0cecdc90f94bc3 The package @asyncapi/java-spring-cloud-stream-template was found to contain malicious code. Source: ghsa-malware...

6.9AI score
Exploits0References4
CNVD
CNVD
added 2025/11/11 12:0 a.m.5 views

CMSimple_XH Cross-Site Scripting Vulnerability

CMSimpleXH is a PHP-based content management system derived from the original CMSimple project and belongs to its offshoot version. CMSimpleXH suffers from a cross-site scripting vulnerability that stems from not cleaning or coding path segments under the control of an attacker, no details of the...

7.1CVSS6.3AI score0.00323EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/11/11 12:0 a.m.5 views

SAP S/4HANA 输入验证错误漏洞

SAP S/4HANA is an enterprise resource management software based on the SAP HANA in-memory database system from SAP, Germany. An input validation error vulnerability exists in SAP S/4HANA, which originates from an attacker being able to craft a malicious link that could result in the victim being...

6.1CVSS6.5AI score0.00205EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/05 1:41 a.m.7 views

Malicious code in react-notifications-alert (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1fbe66f8e85ad0ad7c2682e9640e0f2a48344bcef9beeaa8de12e5e687744acf The package react-notifications-alert was found to contain malicious code. Source: ghsa-malware...

6.9AI score
Exploits0References1
GithubExploit
GithubExploit
added 2025/10/25 3:35 a.m.244 views

Exploit for Authorization Bypass Through User-Controlled Key in Themewinter Eventin

CVE-2025-4796 Eventin = 4.0.34 - Authenticated Contributo...

8.8CVSS7.4AI score0.00564EPSS
Exploits3
EUVD
EUVD
added 2025/10/15 3:30 p.m.6 views

EUVD-2025-34650

When a TCP profile with Multipath TCP MPTCP enabled is configured on a virtual server, undisclosed traffic along with conditions beyond the attacker's control can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS ar...

8.7CVSS6.3AI score0.00418EPSS
Exploits0References2
CVE
CVE
added 2025/10/15 1:55 p.m.24 views

CVE-2025-58153

CVE-2025-58153 describes a vulnerability in BIG-IP High-Speed Bridge (HSB) devices where, under undisclosed traffic conditions and conditions outside attacker control, the HSB may lock up. The issue affects BIG-IP platforms with an embedded ePVA chip (data plane issue; no control plane exposure)....

8.2CVSS6.5AI score0.00215EPSS
Exploits0References1Affected Software21
Vulnrichment
Vulnrichment
added 2025/10/15 1:55 p.m.4 views

CVE-2025-48008 BIG-IP MPTCP vulnerability

When a TCP profile with Multipath TCP MPTCP enabled is configured on a virtual server, undisclosed traffic along with conditions beyond the attacker's control can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS ar...

8.7CVSS6.4AI score0.00418EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2019-9741

Malware in sbrugna...

8.8CVSS8AI score0.02433EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-14206

Malware in sbrugna...

7.8CVSS7.6AI score0.00263EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-6481

Malware in sbrugna...

8.8CVSS8.6AI score0.00315EPSS
Exploits0References4
Rows per page
Query Builder