Lucene search
K

9 matches found

Vulnrichment
Vulnrichment
added 2026/06/10 8:27 p.m.8 views

CVE-2026-50131 Fedify has an incomplete SSRF mitigation after GHSA-p9cg-vqcc-grcx: validatePublicUrl allows special-use IPv4 ranges

Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Fedify previously addressed SSRF/internal network access in GHSA-p9cg-vqcc-grcx by adding public URL validation before runtime document and media fetching. However, the IPv4 validation logic present starting...

8.6CVSS5.4AI score0.00269EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 2:35 p.m.12 views

EUVD-2026-36052

Stack-based Buffer Overflow vulnerability in Erlang OTP erlinterface allows Stack-based Buffer Overflow. This vulnerability is associated with program file lib/erlinterface/src/misc/eiprintterm.c and program routine eisprintterm. The C function eisprintterm uses an internal 2000-character stack...

6.9CVSS5.7AI score0.00136EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/23 11:31 p.m.30 views

CVE-2026-33195 Rails Active Storage has possible Path Traversal in DiskService

Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, Active Storage's DiskServicepathfor does not validate that the resolved filesystem path remains within the storage root directory. If a blob key containing path...

9.3CVSS0.00567EPSS
Exploits0References7
EUVD
EUVD
added 2026/03/19 10:6 p.m.6 views

EUVD-2026-13340

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the Post Edits admin report /admin/reports/postedits leaked the first 40 characters of raw post content from private messages and secure categories to moderators who shouldn't have access...

2.7CVSS5.8AI score0.00293EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/03/01 12:0 a.m.7 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: php (UTSA-2026-005379)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005379 advisory. In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14, a hostile MySQL server can cause the client to disclose the content of its heap containin...

5.8CVSS6AI score0.02286EPSS
Exploits1References3
NVD
NVD
added 2025/10/09 3:16 p.m.4 views

CVE-2025-32916

Potential use of sensitive information in GET requests in Checkmk GmbH's Checkmk versions 2.4.0p13, 2.3.0p38, 2.2.0p46, and 2.1.0 EOL may cause sensitive form data to be included in URL query parameters, which may be logged in various places such as browser history or web server logs...

4.3CVSS0.00175EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-3082

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A user authorized to access a view may be able to alter the intended collation, allowing them to access to a different or unintended view of underlying data. Th...

5.4CVSS5.5AI score0.0017EPSS
Exploits0References2
OSV
OSV
added 2021/10/19 3:15 p.m.3 views

CVE-2021-27001

Clustered Data ONTAP versions 9.x prior to 9.5P18, 9.6P16, 9.7P16, 9.8P7 and 9.9.1P2 are susceptible to a vulnerability which could allow an authenticated privileged local attacker to arbitrarily modify Compliance-mode WORM data prior to the end of the retention period...

5.5CVSS5.8AI score0.00247EPSS
Exploits0References1
OSV
OSV
added 2016/04/18 12:59 a.m.4 views

UBUNTU-CVE-2016-0843

The Qualcomm ARM processor performance-event manager in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows attackers to gain privileges via a crafted application, aka internal bug 25801197...

8.4CVSS7.3AI score0.00207EPSS
Exploits0References3
Rows per page
Query Builder