Lucene search
K

1086287 matches found

OSV
OSV
added 2026/06/18 2:52 p.m.3 views

MINI-5V95-JF79-M8HG

Bulletin has no description...

9.1CVSS4.9AI score0.005EPSS
Exploits0
OSV
OSV
added 2026/06/18 2:51 p.m.3 views

MINI-Q7V9-CWXC-6969

Bulletin has no description...

9.8CVSS6.5AI score0.00472EPSS
Exploits0
OSV
OSV
added 2026/06/18 2:50 p.m.2 views

MINI-3PJH-MR2Q-G7VR

Bulletin has no description...

9.1CVSS4.9AI score0.00373EPSS
Exploits0
OSV
OSV
added 2026/06/18 2:50 p.m.5 views

MINI-C43J-XCX3-G4C5

Bulletin has no description...

9.1CVSS4.9AI score0.005EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/18 2:43 p.m.6 views

CVE-2026-42536

A flaw was found in Apache HTTP Server, specifically within the modxml2enc module. This heap-based buffer overflow vulnerability can be triggered when processing untrusted content through the xml2StartParse function. A remote attacker could potentially exploit this to cause a denial of service,...

7.5CVSS6AI score0.00605EPSS
Exploits0References4
OSV
OSV
added 2026/06/18 2:42 p.m.5 views

MINI-XF6J-CW8V-HG9X

Bulletin has no description...

9.1CVSS4.9AI score0.00457EPSS
Exploits0
OSV
OSV
added 2026/06/18 2:41 p.m.5 views

MINI-45G9-XV4J-7F78

Bulletin has no description...

9.1CVSS4.9AI score0.00338EPSS
Exploits0
OSV
OSV
added 2026/06/18 2:32 p.m.3 views

SUSE-SU-2026:22160-1 Security update for unbound

This update for unbound fixes the following issues - CVE-2026-32792: Packet of death with DNSCrypt bsc1265583. - CVE-2026-33278: Possible remote code execution during DNSSEC validation bsc1265587. - CVE-2026-40622: "Ghost domain name" variant bsc1265581. - CVE-2026-41292: Parsing a long list of...

10CVSS6.5AI score0.01272EPSS
Exploits0References23
OSV
OSV
added 2026/06/18 2:32 p.m.2 views

SUSE-SU-2026:22213-1 Security update for unbound

This update for unbound fixes the following issues - CVE-2026-32792: Packet of death with DNSCrypt bsc1265583. - CVE-2026-33278: Possible remote code execution during DNSSEC validation bsc1265587. - CVE-2026-40622: "Ghost domain name" variant bsc1265581. - CVE-2026-41292: Parsing a long list of...

10CVSS6.5AI score0.01272EPSS
Exploits0References23
EUVD
EUVD
added 2026/06/18 2:28 p.m.10 views

EUVD-2026-37730

python-statemachine SCXML Eval Injection...

9.8CVSS5.2AI score0.00801EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/06/18 2:28 p.m.8 views

python-statemachine SCXML <data expr> Eval Injection

Summary python-statemachine 3.1.2 evaluates attributes in SCXML documents using Python's eval. Any application that passes attacker-controlled SCXML content to SCXMLProcessor is vulnerable to arbitrary code execution in the context of the hosting process. Details SCXMLProcessor.parsescxmlfile...

9.8CVSS6.2AI score0.00801EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/06/18 2:28 p.m.4 views

GHSA-V4JC-PM6R-3VJ8 python-statemachine SCXML <data expr> Eval Injection

Summary python-statemachine 3.1.2 evaluates attributes in SCXML documents using Python's eval. Any application that passes attacker-controlled SCXML content to SCXMLProcessor is vulnerable to arbitrary code execution in the context of the hosting process. Details SCXMLProcessor.parsescxmlfile...

9.8CVSS6.2AI score0.00801EPSS
Exploits0References5
CVE
CVE
added 2026/06/18 2:23 p.m.25 views

CVE-2025-27511

CVE-2025-27511 affects the GeoServer DB2 DataStore Extension. According to the connected advisories, prior to version 2.27.0, an authenticated administrator could perform a JNDI attack via a specially crafted DB2 JDBC URL, leading to Remote Code Execution (RCE). The issue is the JNDI injection vu...

7.2CVSS5.5AI score0.00582EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/06/18 2:23 p.m.20 views

CVE-2025-27511 GeoServer DB2 DataStore Extension has a JNDI Vulnerability via Store Connection

GeoServer is an open source server that allows users to share and edit geospatial data. Prior to version 2.27.0 of the GeoServer DB2 DataStore Extension, an administrator can perform a JNDI attack through specially crafted DB2 jdbc url leading to to Remote Code Execution RCE. Version 2.27.0 fixes...

7.2CVSS0.00582EPSS
Exploits0References4
NVD
NVD
added 2026/06/18 2:17 p.m.63 views

CVE-2026-8461

An out-of-bounds write vulnerability in FFmpeg's libavcodec library, specifically in the MagicYUV decoder, allows denial-of-service and, in some cases, can be exploited for remote code execution. This vulnerability is associated with the file libavcodec/magicyuv.C. This issue affects FFmpeg befor...

8.8CVSS0.00477EPSS
Exploits3References4
NVD
NVD
added 2026/06/18 2:17 p.m.12 views

CVE-2026-54223

UBB.threads is vulnerable to Path traversal, allowing attackers with privilege to edit templates to read and write any file on the application’s server that application has privileges to, what results in Remote Code Execution. Because vendor contact attempts were unsuccessful, the vulnerability...

8.6CVSS0.00628EPSS
Exploits0References2
OSV
OSV
added 2026/06/18 1:52 p.m.4 views

GHSA-XQXV-4JC2-X56X ZITADEL: Missing client_id binding in OIDC authorization code exchange and refresh token flows (RFC 6749 Section 4.1.3 violation)

Summary Zitadel's OAuth2 / OIDC CodeExchange and RefreshToken implementations omit a critical validation step to ensure that the requesting client matches the client that originally initiated the authorization flow. This violates RFC 6749 Section 4.1.3, which mandates that the authorization serve...

7.4CVSS6AI score
Exploits0References5
OSV
OSV
added 2026/06/18 1:28 p.m.4 views

MINI-C6P5-QW5R-FM4X

Bulletin has no description...

9.8CVSS6.2AI score0.03571EPSS
Exploits1
Snyk
Snyk
added 2026/06/18 1:15 p.m.4 views

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write via the MagicYUV decoder process in the libavcodec library. An attacker can cause a denial of service or potentially execute arbitrary code by submitting a specially crafted file that triggers an odd sliceheight valu...

8.8CVSS6.2AI score0.00477EPSS
Exploits3References2
Github Security Blog
Github Security Blog
added 2026/06/18 1:5 p.m.7 views

piscina: Prototype Pollution Gadget → RCE via inherited options.filename

Summary piscina's constructor and run paths read the filename option via plain member access: js // dist/index.js line 92 constructor const filename = options.filename ? 0, common1.maybeFileURLToPathoptions.filename : null; this.options = ...kDefaultOptions, ...options, filename, maxQueue: 0 ; //...

8.1CVSS5.4AI score0.00296EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder