Lucene search
K

699 matches found

OSV
OSV
added 2 days ago5 views

RLSA-2026:35891 Important: nodejs:24 security, bug fix, and enhancement update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input CVE-2026-42338 undici: undici: Denial of Service due to...

8.1CVSS6.5AI score0.02806EPSS
Exploits1References16
EUVD
EUVD
added 2026/07/02 12:31 a.m.7 views

EUVD-2026-41218

A division-by-zero vulnerability in the CStreamSwitcherOutputPin::DecideBufferSize function of Aleksoid1978 MPC-BE before commit 4341cb3 allows attackers to cause a Denial of Service DoS via a crafted MP4 file...

5.5CVSS5.8AI score0.00111EPSS
Exploits0References2
NVD
NVD
added 2026/07/01 10:16 p.m.6 views

CVE-2026-36909

A NULL pointer dereference in the AP4TkhdAtom::GetTrackId function of Aleksoid1978 MPC-BE before commit 4341cb3 allows attackers to cause a Denial of Service DoS via a crafted MP4 file...

6.2CVSS0.0012EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 12:0 a.m.12 views

CVE-2026-36911

Summary of CVE-2026-36911 (MPC-BE) : A division-by-zero vulnerability exists in the file parsing/processing path: the function CStreamSwitcherOutputPin::DecideBufferSize in MPC-BE (before commit 4341cb3). This can be triggered by a crafted MP4 file, leading to a Denial of Service . Affected softw...

5.5CVSS5.8AI score0.00111EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/01 12:0 a.m.32 views

CVE-2026-36910

An access violation in the BaseSplitterFile::Read function of Aleksoid1978 MPC-BE before commit 4341cb3 allows attackers to cause a Denial of Service DoS via a crafted MP4 file...

0.00113EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/07/01 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-58374

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In hostapd before 2.12, a missing bounds check in AP-mode Wi-Fi 7 IEEE 802.11be Multi-Link Operation MLO association request processing allows an unauthenticate...

7.1CVSS6AI score0.00282EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/12 6:7 p.m.31 views

CVE-2026-50101 Naxclow IoT Platform Not using password aging

Naxclow devices use a server-side, per-device relay credential that never rotates and is re-issued to the device on each boot. Because this credential remains valid indefinitely and cannot be reset or revoked by the legitimate owner, any party that obtains it through any exposure path can maintai...

9.2CVSS0.00281EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.14 views

PT-2026-48639

Missing Authorization vulnerability in BeRocket Advanced AJAX Product Filters allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Advanced AJAX Product Filters: from n/a through 1.6.3.3...

5.4CVSS5.4AI score0.00227EPSS
Exploits0References2
OSV
OSV
added 2026/05/21 12:21 a.m.11 views

OSV-2026-787 Heap-buffer-overflow in N_BELE_RTP::BEPolicy::get32

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=514739401 Crash type: Heap-buffer-overflow READ 4 Crash state: NBELERTP::BEPolicy::get32 PackLinuxElf32::elflookup PackLinuxElf32::PackLinuxElf32help1...

5.4AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/20 7:36 p.m.6 views

CVE-2026-35009 Open ISES Tickets < 3.44.2 Reflected XSS via add_note.php ticket_id Parameter

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in addnote.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticketid GET parameter directly into a hidden input field VALUE attribute. Attacker...

5.1CVSS5.8AI score0.00221EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fixed a potential data race in rxrpcwaittobeconnected. Inside the loop in rxrpcwaittobeconnected, it checks call-error to determine whether to exit the loop without first checking the call state. This is probably safe, as...

4.7CVSS6.5AI score0.00126EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerability has been resolved: ASoC: soc-pcm: Added a NULL check in BE reparenting. A NULL check was also added to the dpcmbereparent API, to handle kernel NULL pointer dereferencing errors. This issue occurred during fuzzing tests...

5.5CVSS6.2AI score0.00235EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: be2net: fixed a potential memory leak in bexmit. bexmit returns NETDEVTXOK without freeing the skb variable, in case bexmitenqueue fails. To address this issue, add devkfreeskbany to properly handle the situation...

5.5CVSS6.2AI score0.00253EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ASoC: DPCM: Do not pick up BE without a substream When DPCM attempts to establish valid BE connections using dpcmaddpaths, it does not check whether the selected BE actually supports the given stream direction. As a result, when ...

5.5CVSS6.1AI score0.00157EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/05/14 4:36 p.m.6 views

be.vlaanderen.informatievlaanderen.ldes.ldio:ldio-application (=2.12.0), be.vlaanderen.informatievlaanderen.vsds:ldes-server-admin (>=2.10.0 <=3.4.0) +556 more potentially affected by CVE-2026-45292 via io.opentelemetry:opentelemetry-extension-trace-propagators (>=0.7.0 <=1.61.0)

io.opentelemetry:opentelemetry-extension-trace-propagators MAVEN version =0.7.0, =2.10.0, =3.6.0, =1.1.0, =2.10.0, =2.10.0, =2.10.0, =3.0.0, =3.3.0, =3.3.0, =3.3.0, =3.3.0, =3.4.0 - br.com.sawcunhaos:scos-foundation-security =1.1.0 - ch.admin.bit.jeap:jeap-archrepo-dbsc...

7.5CVSS5.7AI score0.00686EPSS
Exploits0
OSV
OSV
added 2026/05/08 2:16 p.m.14 views

UBUNTU-CVE-2026-43333

In the Linux kernel, the following vulnerability has been resolved: bpf: reject direct access to nullable PTRTOBUF pointers checkmemaccess matches PTRTOBUF via basetype which strips PTRMAYBENULL, allowing direct dereference without a null check. Map iterator ctx-key and ctx-value are PTRTOBUF |...

5.5CVSS5.7AI score0.00123EPSS
Exploits0References10
Snyk
Snyk
added 2026/04/21 11:15 a.m.6 views

Cleartext Storage of Sensitive Information

Overview typo3/cms-core is a free open source enterprise content management system. Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information due to the SetupModuleController module merging entity data with user-interface settings before storing them in DB. An...

8.3CVSS5.7AI score0.00167EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/21 10:4 a.m.4 views

EUVD-2026-24081

Changing backend users' passwords via the user settings module results in storing the cleartext password in the uc and usersettings fields of the beusers database table. This issue affects TYPO3 CMS version 14.2.0...

7.3CVSS5.8AI score0.00167EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.7 views

PT-2026-33927

Name of the Vulnerable Software and Affected Versions TYPO3 CMS version 14.2.0 Description Changing backend users passwords through the user settings module causes the cleartext password to be stored in the uc and user settings fields of the be users database table. Recommendations At the moment,...

7.5CVSS5.1AI score0.00167EPSS
Exploits0References12
vulnersOsv
vulnersOsv
added 2026/04/20 3:31 p.m.8 views

ai.pipestream:account-service (>=0.0.10 <=0.0.18), ai.pipestream:connector-admin-service (>=0.1.10 <=0.1.18) +537 more potentially affected by CVE-2026-33557 via org.apache.kafka:kafka-clients (>=4.1.0 <=4.1.1)

org.apache.kafka:kafka-clients MAVEN version =4.1.0, =0.0.10, =0.1.10, =0.1.3, =0.7.21, =0.7.21, =0.7.21, =0.1.21, =0.7.2, =0.7.2, =0.2.0, =0.2.0, =0.7.5 and more Source cves: CVE-2026-33557 Source advisory: SNYK:JAVA-ORGAPACHEKAFKA-16207346...

9.1CVSS5.7AI score0.00581EPSS
Exploits0
Rows per page
Query Builder