Lucene search
K

207 matches found

CVE
CVE
added 2026/06/15 6:45 p.m.32 views

CVE-2026-49953

Discuz! X5.0 (builds 20260320–20260610) contains a CAPTCHA bypass vulnerability where limited complexity and predictable character sets in generated CAPTCHA images enable unauthenticated remote attackers to reliably predict challenge text via OCR, bypassing protections on login, registration and ...

6.9CVSS5.3AI score0.00359EPSS
Exploits0References4
Snyk
Snyk
added 2026/06/12 6:16 p.m.7 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via mysqlrealescapestring when used with the text protocol and the Big5 character set. An attacker can execute arbitrary SQL queries by supplying specially crafted input that bypasses escaping performed by...

9.8CVSS6.2AI score0.00419EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2026/06/12 5:34 p.m.11 views

CVE-2026-44172

MariaDB server is a community developed fork of MySQL server. In versions 3.3.18 and 3.4.8, an application that was taking non-validated user input, escaping it with mysqlrealescapestring and sending it to the database using text protocol and big5 character set was vulnerable to SQL injections,...

9.8CVSS5.5AI score0.00419EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.7 views

Unity Linux 20.1060e / 20.1070e Security Update: aspell (UTSA-2026-017600)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017600 advisory. libaspell.a in GNU Aspell before 0.60.8 has a buffer over-read for a string ending with a single '\0' byte, if the encoding is set to ucs-2 or ucs-4 outside of the...

9.1CVSS6AI score0.01739EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/03/31 11:29 p.m.6 views

SUSE CVE-2026-4046

The iconv function in the GNU C Library versions 2.43 and earlier may crash due to an assertion failure when converting inputs from the IBM1390 or IBM1399 character sets, which may be used to remotely crash an application. This vulnerability can be trivially mitigated by removing the IBM1390 and...

7.5CVSS5.8AI score0.00357EPSS
Exploits1References22
OSV
OSV
added 2026/03/11 12:0 p.m.14 views

RUSTSEC-2026-0174 `Authorization::value` and `WwwAuthenticate::value` can violate ASCII invariants

Authorization::value uses HeaderValue::value with the claim that the internal string is ASCII, but Authorization::new and Authorization::setcredentials accept arbitrary String credentials without validation. As a result, safe code can construct a header value containing non-ASCII UTF-8 while the...

5.7AI score
Exploits0References3
NVD
NVD
added 2026/02/06 9:16 p.m.9 views

CVE-2026-25581

SCEditor is a lightweight WYSIWYG BBCode and XHTML editor. Prior to 3.2.1, if an attacker has the ability control configuration options passed to sceditor.create, like emoticons, charset, etc. then it's possible for them to trigger an XSS attack due to lack of sanitisation of configuration option...

5.4CVSS0.00216EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.9 views

PT-2026-6845

If an attacker has the ability control configuration options passed to sceditor.create, like emoticons, charset, etc. then it's possible for them to trigger an XSS attack due to lack of sanitisation of configuration options. Proof of concept: js sceditor.createtextarea, emoticons: dropdown: ':':...

5.4CVSS5.4AI score0.00216EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.3 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003478)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003478 advisory. Race condition in the auditlogsingleexecvearg function in kernel/auditsc.c in the Linux kernel through 4.7 allows local users to bypass intended character-set...

4.7CVSS6.8AI score0.00269EPSS
Exploits0References14
RedhatCVE
RedhatCVE
added 2026/01/09 9:51 a.m.10 views

CVE-2020-10113

cPanel before 84.0.20 allows self XSS via a temporary character-set specification SEC-515...

6.1CVSS5.8AI score0.00641EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/11/20 12:0 a.m.5 views

TencentOS Server 4: xterm (TSSA-2025:0133)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0133 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

9.8CVSS7AI score0.00734EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/10/30 12:0 a.m.5 views

FreeBSD : ISC KEA -- Invalid characters cause assert (55c4e822-b4e4-11f0-8438-001b217e4ee5)

"The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 55c4e822-b4e4-11f0-8438-001b217e4ee5 advisory. Internet Systems Consortium, Inc. reports: To trigger the issue, three configuration parameters must...

7.5CVSS5.5AI score0.00387EPSS
Exploits0References3
CVE
CVE
added 2025/10/29 6:2 p.m.27 views

CVE-2025-11232

Kea DHCP (ISC) vulnerability CVE-2025-11232 affects Kea 3.0.1 and 3.1.1–3.1.2. The root cause is an assertion triggered by three specific default config values: hostname-char-set uses the default [^A-Za-z0-9.-], hostname-char-replacement is empty, and ddns-qualifying-suffix is non-empty. When a c...

7.5CVSS6.6AI score0.00387EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/10/29 12:0 a.m.6 views

PT-2025-44333

Name of the Vulnerable Software and Affected Versions Kea versions 3.0.1 through 3.0.1 Kea versions 3.1.1 through 3.1.2 Description The software can exit unexpectedly when receiving certain option content from a client if three configuration parameters are set to specific values. Specifically, th...

7.8CVSS6.5AI score0.01361EPSS
Exploits0References27
FreeBSD
FreeBSD
added 2025/10/29 12:0 a.m.6 views

ISC KEA -- Invalid characters cause assert

Internet Systems Consortium, Inc. reports: To trigger the issue, three configuration parameters must have specific settings: "hostname-char-set" must be left at the default setting, which is "^A-Za-z0-9.-"; "hostname-char-replacement" must be empty the default; and "ddns-qualifying-suffix" must N...

7.5CVSS7AI score0.00387EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2008-2662

Malware in sbrugna...

5.1CVSS6.1AI score0.01529EPSS
Exploits0References12
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2007-6285

Malware in sbrugna...

6.8CVSS6.1AI score0.09156EPSS
Exploits2References13
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-3367

Malware in sbrugna...

4.8CVSS5.1AI score0.00653EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2014-3498

Malware in sbrugna...

2.7CVSS7.8AI score0.07269EPSS
Exploits0References32
EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2008-3187

Malware in sbrugna...

3.5CVSS6AI score0.00984EPSS
Exploits1References19
Rows per page
Query Builder