Lucene search
+L

4072 matches found

RedHat Linux
RedHat Linux
added 2026/05/19 6:30 p.m.14 views

cpython: Incomplete control character validation in http.cookies

A control character validation flaw has been discovered in the Python http.cookie module. The Morsel.update, |= operator, and unpickling paths were not patched to resolve CVE-2026-0672, allowing control characters to bypass input validation. Additionally, BaseCookie.jsoutput lacked the output...

7.5CVSS7.2AI score0.00419EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/05/19 6:30 p.m.25 views

Important: Red Hat Security Advisory: python3.14 security update

An update for python3.14 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

9.1CVSS7.5AI score0.00621EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2026/05/19 12:0 a.m.17 views

RHEL 10 : python3.12 (RHSA-2026:19064)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:19064 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

9.1CVSS7.2AI score0.01279EPSS
Exploits1References26
Circl
Circl
added 2026/05/18 4:10 p.m.11 views

GHSA-5R97-79VW-QVM4

creationtimestamp| type| source ---|---|--- 2026-05-18 16:10:50+00:00| seen| https://gist.github.com/alon710/437f2e5c2f0622a4f1f7e66c52bc342f...

5.8AI score
Exploits0References1
Cvelist
Cvelist
added 2026/05/16 3:26 p.m.38 views

CVE-2021-47969 Color Notes 1.4 Denial of Service via Long Character String

Color Notes 1.4 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character strings into note fields. Attackers can generate a payload containing 350,000 repeated characters and paste it twice into a new note to cause the...

8.7CVSS0.00284EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2026/05/15 8:2 a.m.14 views

Gnutls: gnutls: authentication bypass via nul character in username

...

9.8CVSS5.8AI score0.0105EPSS
Exploits0
NVD
NVD
added 2026/05/13 4:17 a.m.11 views

CVE-2026-8202

Using a densely populated chars mask and a large input string in the MongoDB aggregation operators $trim, $ltrim, and $rtrim, an authenticated user with aggregation permissions can pin CPU utilization at 100% for an extended period of time. This issue impacts MongoDB Server v7.0 versions prior to...

6.5CVSS0.00263EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/05/13 4:17 a.m.12 views

CVE-2026-8202

Using a densely populated chars mask and a large input string in the MongoDB aggregation operators $trim, $ltrim, and $rtrim, an authenticated user with aggregation permissions can pin CPU utilization at 100% for an extended period of time. This issue impacts MongoDB Server v7.0 versions prior to...

6.5CVSS5.8AI score0.00263EPSS
Exploits0References1
OSV
OSV
added 2026/05/13 4:17 a.m.6 views

UBUNTU-CVE-2026-8202

Using a densely populated chars mask and a large input string in the MongoDB aggregation operators $trim, $ltrim, and $rtrim, an authenticated user with aggregation permissions can pin CPU utilization at 100% for an extended period of time. This issue impacts MongoDB Server v7.0 versions prior to...

6.5CVSS5.8AI score0.00263EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/11 5:24 p.m.54 views

CVE-2026-43895 jq: Embedded NUL in jq import paths causes local redaction-policy bypass and preserves sensitive fields in published artifacts

jq is a command-line JSON processor. In 1.8.1 and earlier, jq accepts embedded NUL bytes in import paths at the jq-language level, but later resolves those paths through C string operations during module and data-file lookup. This creates a mismatch between the logical import string that policy o...

4.4CVSS0.00157EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2026/05/11 2:17 p.m.12 views

SUSE CVE-2026-7258

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, some functions, including urldecode, pass signed char to ctype functions like isxdigit. On the systems with default signed char and optimized table-lookup ctype functions - such as NetBSD - this can...

8.6CVSS5.8AI score0.00337EPSS
Exploits0References15
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.8 views

Unity Linux 20.1060e / 20.1070e Security Update: xterm (UTSA-2026-017637)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017637 advisory. xterm before Patch 366 allows remote attackers to execute arbitrary code or cause a denial of service segmentation fault via a crafted UTF-8 combining character...

9.8CVSS6.2AI score0.07541EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.8 views

Unity Linux 20.1060e / 20.1070e Security Update: aspell (UTSA-2026-017600)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017600 advisory. libaspell.a in GNU Aspell before 0.60.8 has a buffer over-read for a string ending with a single '\0' byte, if the encoding is set to ucs-2 or ucs-4 outside of the...

9.1CVSS6AI score0.01739EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/05/09 2:43 a.m.8 views

SUSE CVE-2026-39836

The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL 0...

7.5CVSS5.8AI score0.00588EPSS
Exploits0References15
Slackware Linux
Slackware Linux
added 2026/05/08 5:6 a.m.29 views

[slackware-security] php

New php packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: extra/php82/php82-8.2.31-i586-1slack15.0.txz: Upgraded. This update fixes security issues: FPM: Fixed XSS within status endpoint. MBString: Fixed Null...

9.8CVSS5.9AI score0.0078EPSS
Exploits1
EUVD
EUVD
added 2026/05/07 9:30 p.m.39 views

EUVD-2026-28427

The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL 0...

5.8AI score0.00588EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2026/05/07 8:16 p.m.10 views

CVE-2026-39836

The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL 0...

7.5CVSS5.8AI score0.00588EPSS
Exploits0References7
OSV
OSV
added 2026/05/07 8:16 p.m.5 views

UBUNTU-CVE-2026-39836

The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL 0...

7.5CVSS5.8AI score0.00588EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/05/07 7:41 p.m.9 views

CVE-2026-39836

The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL 0...

5.8AI score0.00588EPSS
Exploits0References5Affected Software1
AlpineLinux
AlpineLinux
added 2026/05/07 7:41 p.m.23 views

CVE-2026-39836

The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL 0...

7.5CVSS5.8AI score0.00588EPSS
Exploits0
Rows per page
Query Builder