Lucene search
K

954 matches found

Tenable Nessus
Tenable Nessus
added 6 days ago6 views

Linux Distros Unpatched Vulnerability : CVE-2026-59930

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the toc plugin and TableOfContents directive generate heading IDs as predictable...

4.3CVSS6.1AI score0.00128EPSS
Exploits1References3
Snyk
Snyk
added last week5 views

Insufficient Verification of Data Authenticity

Overview Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity via the toc process. An attacker can interfere with same-page navigation, CSS selectors, or JavaScript handlers by creating content with predictable id attributes that collide with...

5.3CVSS6.1AI score0.00128EPSS
Exploits1References2
OSV
OSV
added 2026/07/07 4:2 p.m.6 views

PYSEC-2026-1566 LlamaIndex vulnerable to data loss through hash collisions in its DocugamiReader class

A vulnerability in the DocugamiReader class of the run-llama/llamaindex repository, up to but excluding version 0.12.41, involves the use of MD5 hashing to generate IDs for document chunks. This approach leads to hash collisions when structurally distinct chunks contain identical text, resulting ...

6.5CVSS5.9AI score0.00314EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/07/06 11:12 p.m.35 views

CVE-2026-53648 FOSSBilling: Downloadable product files can be overwritten through filename collisions

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.1, downloadable product files are stored using a deterministic filename-derived path. When an administrator uploads a file for a downloadable product, FOSSBilling stores the file as md5 under the uploads...

5.1CVSS0.00264EPSS
Exploits0References1
CVE
CVE
added 2026/07/06 11:12 p.m.13 views

CVE-2026-53648

FOSSBilling prior to v0.8.1 stores downloadable product files with a deterministic path md5(), so files with identical names between different products/orders map to the same stored path and can be overwritten by later uploads. This leads to customers/admins downloading the wrong file. Version 0....

5.1CVSS5.9AI score0.00264EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-53221

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ip6vti: fix incorrect tunnel matching in vti6tnllookup In vti6tnllookup, when an exact match for a tunnel fails, the code falls back to searching for wildcard...

9.8CVSS6.2AI score0.00559EPSS
Exploits0References3
CVE
CVE
added 2026/06/25 8:39 a.m.29 views

CVE-2026-53221

Linux kernel CVE-2026-53221 affects ip6_vti’s vti6_tnl_lookup() where, after an exact tunnel match fails, the fallback search for wildcard tunnels did not consistently verify that candidate tunnels actually have wildcard addresses. This mismatching happens because all tunnel types are stored in a...

9.8CVSS5.9AI score0.00559EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2026/06/25 8:39 a.m.29 views

CVE-2026-53221 ip6_vti: fix incorrect tunnel matching in vti6_tnl_lookup()

In the Linux kernel, the following vulnerability has been resolved: ip6vti: fix incorrect tunnel matching in vti6tnllookup In vti6tnllookup, when an exact match for a tunnel fails, the code falls back to searching for wildcard tunnels: - Tunnels matching the packet's local address, with any remot...

9.8CVSS0.00559EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/25 8:39 a.m.5 views

EUVD-2026-39312

In the Linux kernel, the following vulnerability has been resolved: ip6vti: fix incorrect tunnel matching in vti6tnllookup In vti6tnllookup, when an exact match for a tunnel fails, the code falls back to searching for wildcard tunnels: - Tunnels matching the packet's local address, with any remot...

5.9AI score0.00559EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/06/22 4:23 p.m.4 views

CVE-2026-54269

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 8.6.0 and 7.6.3, protobufjs accepted certain schema-derived names that could collide with properties used by protobufjs runtime helpers. The known affected names are fields named hasOwnProperty, field or oneof names...

5.3CVSS5.9AI score0.00238EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2026/06/22 3:28 p.m.10 views

CVE-2026-54266

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, Angular's HttpTransferCache caches HTTP requests made during Server-Side Rendering SSR so that they can be reused during...

8.8CVSS5.9AI score0.0009EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/06/22 3:13 p.m.6 views

libexpat: denial of service via crafted XML input

A flaw was found in libexpat. When processing a specially crafted XML input containing a specific pattern of attributes, the parsing time increases quadratically due to checks for attribute name collisions. This consumes excessive CPU resources and eventually results in a denial of service...

7.5CVSS5.8AI score0.00428EPSS
Exploits1References5
Snyk
Snyk
added 2026/06/15 5:24 p.m.8 views

Use of Weak Hash

Overview Affected versions of this package are vulnerable to Use of Weak Hash due to the use of a weak 32-bit hash in the HttpTransferCache. When a victim visits a crafted link containing the colliding parameter, the SSR process executes both the search request and the profile request. Due to the...

9.2CVSS5.9AI score0.0009EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/11 7:31 a.m.10 views

EUVD-2026-36216

Cerebrate before version 1.37 contains a mass-assignment vulnerability in the generic CRUD add path. The add handler attempted to remove an attacker-supplied id from $params before normalizing the request through massageInput. Because the normalized $input could still contain an id field, a user...

8.7CVSS5.5AI score0.00312EPSS
Exploits0References1
CVE
CVE
added 2026/06/11 7:31 a.m.30 views

CVE-2026-53901

CVE-2026-53901 affects Cerebrate, before v1.37, where the generic CRUD add path allowed mass assignment of attacker-controlled identifiers. The add() handler attempted to strip an id from $params prior to __massageInput() normalization, but a supplied id could still be present in the normalized i...

8.7CVSS5.5AI score0.00312EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/10 6:20 p.m.7 views

Insufficient Verification of Data Authenticity

Overview Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity in . If SharedIteratorCache and ListObjectsIteratorCache are enabled, a user can influence authorization decisions by sending malicious requests that trigger cache key collisions, causing t...

5.3CVSS5.3AI score0.00101EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.18 views

OpenFGA 数据伪造问题漏洞

OpenFGA is an open-source authorization/licensing engine built for developers, inspired by Google Zanzibar. Versions of OpenFGA prior to 1.16.0 had a data manipulation vulnerability. This vulnerability arises from the possibility that two different check requests may generate the same cache key...

5.3CVSS5.2AI score0.00101EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 7:16 p.m.12 views

CVE-2023-29146

The utility functions used by Malwarebytes EDR 1.0.11 on Linux for calculating a cryptographic hash of data bytes truncate the hashed data if it exceeds 4GB. This leads to an integer wrap-around if the data is larger than the maximum unsigned integer value 32-bit. Attackers could create a collidi...

8.2CVSS0.00123EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.10 views

PT-2026-48154

The utility functions used by Malwarebytes EDR 1.0.11 on Linux for calculating a cryptographic hash of data bytes truncate the hashed data if it exceeds 4GB. This leads to an integer wrap-around if the data is larger than the maximum unsigned integer value 32-bit. Attackers could create a collidi...

5.5AI score0.00123EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.18 views

Malwarebytes EDR 输入验证错误漏洞

Malwarebytes EDR is a terminal detection and response platform provided by the American company Malwarebytes. Version 1.0.11 of Malwarebytes EDR contains a vulnerability related to input validation. This vulnerability arises from truncating data exceeding 4GB during computing hash calculations,...

8.2CVSS5.4AI score0.00123EPSS
Exploits0References2
Rows per page
Query Builder