Lucene search
K

453 matches found

Vulnrichment
Vulnrichment
added 2026/05/13 5:32 a.m.7 views

CVE-2026-2725 Improper Authorization in Gerrit allowing Code Review Bypass via "Submitted Together"

Incorrect authorization in the "submitted together" feature in Gerrit versions 2.12 and later allows an authenticated attacker with force push permissions on a secondary branch to bypass code review and forcefully submit code to restricted branches via a crafted submission matching the "topic" ta...

6CVSS5.9AI score0.00116EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.16 views

PT-2026-40576

Name of the Vulnerable Software and Affected Versions Gerrit versions 2.12 and later Description Incorrect authorization in the "submitted together" feature allows an authenticated attacker with force push permissions on a secondary branch to bypass code review. This is achieved by using a crafte...

6CVSS6AI score0.00116EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/04/27 9:16 a.m.7 views

CVE-2026-41635

Apache MINA's AbstractIoBuffer.resolveClass contains two branches, one of them for static classes or primitive types does not check the class at all, bypassing the classname allowlist and allowing arbitrary code to be executed. The fix checks if the class is present in the accepted class...

9.8CVSS6.1AI score0.0064EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/22 6:31 p.m.10 views

EUVD-2026-25032

A logic error in the expr utility of uutils coreutils causes the program to evaluate parenthesized subexpressions during the parsing phase rather than at the execution phase. This implementation flaw prevents the utility from performing proper short-circuiting for logical OR | and AND & operation...

3.3CVSS5.9AI score0.00156EPSS
Exploits1References3
OSV
OSV
added 2026/04/22 6:31 p.m.13 views

GHSA-5PV5-XH52-HVRP uutils coreutils has an Incorrect Short Circuit Evaluation Issue

A logic error in the expr utility of uutils coreutils causes the program to evaluate parenthesized subexpressions during the parsing phase rather than at the execution phase. This implementation flaw prevents the utility from performing proper short-circuiting for logical OR | and AND & operation...

3.3CVSS5.9AI score0.00156EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/04/22 6:31 p.m.11 views

uutils coreutils has an Incorrect Short Circuit Evaluation Issue

A logic error in the expr utility of uutils coreutils causes the program to evaluate parenthesized subexpressions during the parsing phase rather than at the execution phase. This implementation flaw prevents the utility from performing proper short-circuiting for logical OR | and AND & operation...

3.3CVSS5.5AI score0.00156EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2026/04/22 5:16 p.m.9 views

CVE-2026-35378

A logic error in the expr utility of uutils coreutils causes the program to evaluate parenthesized subexpressions during the parsing phase rather than at the execution phase. This implementation flaw prevents the utility from performing proper short-circuiting for logical OR | and AND & operation...

3.3CVSS0.00156EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/22 4:9 p.m.4 views

CVE-2026-35378

A logic error in the expr utility of uutils coreutils causes the program to evaluate parenthesized subexpressions during the parsing phase rather than at the execution phase. This implementation flaw prevents the utility from performing proper short-circuiting for logical OR | and AND & operation...

3.3CVSS5.9AI score0.00156EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/04/22 4:9 p.m.33 views

CVE-2026-35378 uutils coreutils expr Local Denial of Service via Eager Evaluation of Parenthesized Subexpressions

A logic error in the expr utility of uutils coreutils causes the program to evaluate parenthesized subexpressions during the parsing phase rather than at the execution phase. This implementation flaw prevents the utility from performing proper short-circuiting for logical OR | and AND & operation...

3.3CVSS0.00156EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/04/22 4:9 p.m.4 views

CVE-2026-35378 uutils coreutils expr Local Denial of Service via Eager Evaluation of Parenthesized Subexpressions

A logic error in the expr utility of uutils coreutils causes the program to evaluate parenthesized subexpressions during the parsing phase rather than at the execution phase. This implementation flaw prevents the utility from performing proper short-circuiting for logical OR | and AND & operation...

3.3CVSS5.9AI score0.00156EPSS
Exploits1References2
CVE
CVE
added 2026/04/22 4:9 p.m.22 views

CVE-2026-35378

CVE-2026-35378 affects the expr utility in uutils coreutils. A logic error causes evaluation of parenthesized subexpressions during parsing instead of execution, preventing proper short-circuiting for OR/AND. Consequently, arithmetic errors (e.g., division by zero) in dead branches are raised as ...

3.3CVSS5.9AI score0.00156EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.7 views

PT-2026-34514

A logic error in the expr utility of uutils coreutils causes the program to evaluate parenthesized subexpressions during the parsing phase rather than at the execution phase. This implementation flaw prevents the utility from performing proper short-circuiting for logical OR | and AND & operation...

3.3CVSS5.9AI score0.00156EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-35378

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A logic error in the expr utility of uutils coreutils causes the program to evaluate parenthesized subexpressions during the parsing phase rather than at the...

3.3CVSS5.9AI score0.00156EPSS
Exploits1References3
Microsoft CVE
Microsoft CVE
added 2026/04/14 2:0 p.m.14 views

GitHub: CVE-2026-32631 'git clone' from manipulated repositories can leak NTLM hashes

CVE-2026-32631 is regarding a vulnerability where it is possible to obtain a user's NTLM hash by tricking them into cloning a malicious repository, or checking out a malicious branch that accesses an attacker-controlled server. By default, NTLM authentication does not need any user interaction...

7.4CVSS6.3AI score0.00316EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.6 views

PT-2026-32424

Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being...

6.1CVSS5.7AI score0.0029EPSS
Exploits0References6
NVD
NVD
added 2026/04/08 2:16 a.m.3 views

CVE-2026-32289

Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being...

6.1CVSS0.0029EPSS
Exploits0References4
OSV
OSV
added 2026/04/08 2:16 a.m.6 views

UBUNTU-CVE-2026-32289

Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being...

6.1CVSS5.8AI score0.0029EPSS
Exploits0References6
EUVD
EUVD
added 2026/04/08 1:6 a.m.5 views

EUVD-2026-20018

Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being...

5.9AI score0.0029EPSS
Exploits0References4
CVE
CVE
added 2026/04/08 1:6 a.m.29 views

CVE-2026-32289

CVE-2026-32289 is a documented issue where html/template failed to correctly track JS template literal context, risking improper escaping and potential XSS. Portable across Go toolchains, it was addressed by the Go project in updates to go1.25.9 and go1.26.2, and these fixes are reflected in SUSE...

6.1CVSS5.9AI score0.0029EPSS
Exploits0References4Affected Software1
AlpineLinux
AlpineLinux
added 2026/04/08 1:6 a.m.2 views

CVE-2026-32289

Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being...

6.1CVSS5.7AI score0.0029EPSS
Exploits0
Rows per page
Query Builder