Lucene search
K

47 matches found

Vulnrichment
Vulnrichment
added 2026/07/01 3:33 a.m.7 views

CVE-2026-44042 UltraVNC repeater wi_uudecode off-by-one in base64 decode boundary check

UltraVNC repeater through 1.8.2.2 contains an off-by-one error in the Base64 decode helper used for HTTP Basic authentication. In repeater/webgui/webutils.c:817, the wiuudecode function checks whether the input length exceeds the output buffer with a strict greater-than comparison , while the...

3.7CVSS6AI score0.00388EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/26 10:59 p.m.6 views

EUVD-2026-39495

pnpm binds unscoped user-level npm auth credentials to a repository-selected registry...

6.9CVSS5.8AI score0.00254EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/06/26 10:59 p.m.8 views

pnpm binds unscoped user-level npm auth credentials to a repository-selected registry

Summary pnpm can send user-level unscoped npm authentication credentials to a registry chosen by a repository-local .npmrc file. In the reproduced case, the user's npm config contains a default registry and an unscoped authToken. The repository does not provide a token-bearing auth line. It only...

6.9CVSS6AI score0.00254EPSS
Exploits1References3Affected Software1
Debian CVE
Debian CVE
added 2026/05/28 9:36 a.m.16 views

CVE-2026-46193

In the Linux kernel, the following vulnerability has been resolved: xfrm: ah: account for ESN high bits in async callbacks AH allocates its temporary auth/ICV layout differently when ESN is enabled: the async ahash setup appends a 4-byte seqhi slot before the ICV or authdata area, but the async...

5.5CVSS5.7AI score0.00128EPSS
Exploits0
Snyk
Snyk
added 2026/05/05 12:18 a.m.11 views

Prototype Pollution

Overview axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Prototype Pollution when the Object.prototype has been polluted via a different exploit. The following properties in the HTTP adapter configuration may be manipulated, as...

9.1CVSS6.3AI score0.00715EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.12 views

Dgraph 信息泄露漏洞

Dgraph is an open-source, horizontally scalable distributed GraphQL database with a graphical backend. Versions of Dgraph prior to 25.3.3 had an information leakage vulnerability. This vulnerability stemmed from Dgraph exposing the process command line through unvalidated/debug/vars endpoints,...

9.8CVSS5.8AI score0.02187EPSS
Exploits1References1
CVE
CVE
added 2026/04/15 8:40 p.m.18 views

CVE-2026-40173

Dgraph (Open Source GraphQL DB) versions

9.4CVSS5.8AI score0.00509EPSS
Exploits1References2Affected Software1
Snyk
Snyk
added 2026/04/08 3:4 p.m.8 views

User Impersonation

Overview @lobehub/cli is a LobeHub command-line interface. Affected versions of this package are vulnerable to User Impersonation via the X-lobe-chat-auth header on webapi routes. An attacker can gain unauthorized access to protected API endpoints and perform actions as an authenticated user by...

7.1CVSS5.8AI score0.00126EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/02/10 8:28 p.m.5 views

php: Stream HTTP wrapper header check might omit basic auth header

A flaw was found in PHP. This vulnerability allows certain headers to be either not sent or misinterpreted due to insufficient validation of the end-of-line characters via user-supplied headers...

7.3CVSS5.7AI score0.00531EPSS
Exploits0References5
OSV
OSV
added 2026/02/10 12:0 a.m.7 views

ALSA-2026:2470 Moderate: php:7.4 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: Leak partial content of the heap through heap buffer over-read in mysqlnd CVE-2024-8929 php: Single byte overread with convert.quoted-printable-decode filter CVE-2024-11233 php: Configuring ...

9.8CVSS6AI score0.02286EPSS
Exploits10References28
Vulnrichment
Vulnrichment
added 2026/01/29 11:4 p.m.4 views

CVE-2026-1665 Command Injection in nvm via NVM_AUTH_HEADER in wget code path

A command injection vulnerability exists in nvm Node Version Manager versions 0.40.3 and below. The nvmdownload function uses eval to execute wget commands, and the NVMAUTHHEADER environment variable was not sanitized in the wget code path though it was sanitized in the curl code path. An attacke...

5.4CVSS6.2AI score0.00767EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.12 views

MiracleLinux 9 : php:8.3 (AXSA:2025-10557:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10557:01 advisory. php: Header parser of http stream wrapper does not handle folded headers CVE-2025-1217 php: Stream HTTP wrapper header check might omit basic auth...

9.8CVSS6.3AI score0.01357EPSS
Exploits3References7
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.8 views

MiracleLinux 9 : php:8.1 (AXSA:2025-9901:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-9901:01 advisory. php: Leak partial content of the heap through heap buffer over-read in mysqlnd CVE-2024-8929 php: Single byte overread with...

9.8CVSS7.5AI score0.02286EPSS
Exploits5References9
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.5 views

MiracleLinux 9 : php:8.2 (AXSA:2025-10480:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10480:01 advisory. php: Leak partial content of the heap through heap buffer over-read in mysqlnd CVE-2024-8929 php: Single byte overread with...

9.8CVSS7.6AI score0.02286EPSS
Exploits5References9
EUVD
EUVD
added 2025/11/18 10:32 p.m.8 views

EUVD-2025-198099

Emby Server is a personal media server. Prior to version 4.8.1.0 and prior to Beta version 4.9.0.0-beta, a malicious user can send an authentication request with a manipulated X-Emby-Client value, which gets added to the devices section of the admin dashboard without sanitization. This issue has...

8.4CVSS6.4AI score0.00377EPSS
Exploits1References1
Rockylinux
Rockylinux
added 2025/10/04 12:11 a.m.8 views

php security update

An update is available for php. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list PHP is an HTML-embedded scripting language commonly used with the Apache HTTP...

9.8CVSS5.7AI score0.00821EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2025/10/04 12:0 a.m.10 views

RockyLinux 9 : php (RLSA-2025:7431)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:7431 advisory. php: Header parser of http stream wrapper does not handle folded headers CVE-2025-1217 php: Stream HTTP wrapper header check might omit basic auth header...

9.8CVSS6.3AI score0.00821EPSS
Exploits2References11
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2021-29721

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.00588EPSS
Exploits0References2
Rockylinux
Rockylinux
added 2025/10/03 7:56 p.m.8 views

php security update

An update is available for php. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list PHP is an HTML-embedded scripting language commonly used with the Apache HTTP...

9.8CVSS6.6AI score0.01357EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2025/09/29 12:0 a.m.9 views

AlmaLinux 8 : php:8.2 (ALSA-2025:15687)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:15687 advisory. php: Leak partial content of the heap through heap buffer over-read in mysqlnd CVE-2024-8929 php: Single byte overread with convert.quoted-printable-deco...

9.8CVSS7.6AI score0.02286EPSS
Exploits5References10
Rows per page
Query Builder