Lucene search
K

164 matches found

NVD
NVD
added 2026/06/23 6:18 p.m.8 views

CVE-2026-54022

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.11, the ydoc:document:join Socket.IO handler checks note ownership only when the documentid starts with note: colon. However, the YdocManager storage layer normalizes all document IDs b...

5.3CVSS0.00268EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in PHP 8.1, PHP 7.3

In PHP versions starting from 8.1. up to 8.1.32, and from 8.2. up to 8.2.28, and from 8.3. up to 8.3.19, as well as in PHP versions starting from 8.4. up to 8.4.5, headers that lack a colon : are treated as valid headers, even though they are not. This can cause applications to accept invalid...

6.3CVSS6.5AI score0.00463EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Netty

HttpObjectDecoder.java in Netty before 4.1.44 allowed an HTTP header that lacked a colon. This could be interpreted as a separate header with incorrect syntax, or it could be interpreted as an “invalid fold”...

9.1CVSS6.8AI score0.08678EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.16 views

PT-2026-50593

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.8.11 Description An authorization bypass exists in the ydoc:document:join Socket.IO handler. The handler only performs ownership checks when the document id variable starts with the prefix note: colon. However, t...

5.3CVSS5.9AI score0.00268EPSS
Exploits1References7
EUVD
EUVD
added 2026/06/10 6:32 p.m.8 views

EUVD-2026-36104

Metrics::Any::Adapter::Statsd versions before 0.04 for Perl does not protect against metric injections. The statsd protocol and extensions allow mutiple metrics,separated by newlines, to be sent per packet. The send method does not validate the contents of the metric names or values. If the names...

8.2CVSS5.4AI score0.00344EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:46 p.m.9 views

CVE-2026-46741

Etsy::StatsD versions through 1.002002 for Perl allow metric injections. The metric names and values are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. Note that the git repository contains an unreleased version with the...

7.5CVSS5.5AI score0.00262EPSS
Exploits0References1
NVD
NVD
added 2026/06/04 5:16 p.m.10 views

CVE-2026-46739

Net::Statsd versions before 0.13 for Perl allow metric injections. The metric names are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. The updatestats used for updating counters and gauge methods do not check that values...

5.3CVSS0.00258EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/26 10:48 p.m.11 views

EUVD-2026-32021

Mojolicious::Plugin::Statsd versions through 0.04 for Perl allowed metric injections. The metric names and set values were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. Version 0.06 changes the module from being a stats...

8.2CVSS5.8AI score0.00344EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/17 5:51 p.m.16 views

EUVD-2026-30706

Net::Statsd::Tiny versions before 0.3.8 for Perl allowed metric injections. The metric names and set values were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics...

5.8AI score0.00344EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/17 12:0 a.m.13 views

PT-2026-41581

Name of the Vulnerable Software and Affected Versions Net::Statsd::Tiny versions prior to 0.3.8 Description Net::Statsd::Tiny for Perl allows metric injections because metric names and set values are not validated for newlines, colons, or pipes. This allows metrics generated from untrusted source...

8.2CVSS5.8AI score0.00344EPSS
Exploits0References11
EUVD
EUVD
added 2026/05/16 1:37 p.m.11 views

EUVD-2026-30672

Net::Statsd::Lite versions before 0.9.0 for Perl allowed metric injections. The metric names were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics...

5.8AI score0.00306EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/12 6:30 p.m.9 views

EUVD-2026-29543

YAML::Syck versions before 1.38 for Perl has an out-of-bounds read. The base60 sexagesimal parsing code in perlsyck.h has a buffer underflow bug in both intbase60 and floatbase60 handlers. When processing the leftmost segment of a colon-separated value e.g., the 1 in 1:30:45, the inner while loop...

6AI score0.00333EPSS
Exploits0References5
NVD
NVD
added 2026/05/12 5:16 p.m.16 views

CVE-2026-5089

YAML::Syck versions before 1.38 for Perl has an out-of-bounds read. The base60 sexagesimal parsing code in perlsyck.h has a buffer underflow bug in both intbase60 and floatbase60 handlers. When processing the leftmost segment of a colon-separated value e.g., the 1 in 1:30:45, the inner while loop...

7.3CVSS0.00333EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/12 4:14 p.m.10 views

CVE-2026-5089

YAML::Syck versions before 1.38 for Perl has an out-of-bounds read. The base60 sexagesimal parsing code in perlsyck.h has a buffer underflow bug in both intbase60 and floatbase60 handlers. When processing the leftmost segment of a colon-separated value e.g., the 1 in 1:30:45, the inner while loop...

6AI score0.00333EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.11 views

PT-2026-40106

Name of the Vulnerable Software and Affected Versions YAML::Syck versions prior to 1.38 Description An out-of-bounds read exists in the base60 sexagesimal parsing code within perl syck.h. Specifically, the intbase60 and floatbase60 handlers contain a buffer underflow bug. When processing the...

7.3CVSS6AI score0.00333EPSS
Exploits0References21
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.9 views

Unity Linux 20.1070e Security Update: netty (UTSA-2026-017791)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017791 advisory. HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or...

9.1CVSS5.8AI score0.08678EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/04/29 12:0 a.m.7 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: ImageMagick (UTSA-2026-015458)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-015458 advisory. ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-28 and 7.1.2-2, passing a geometry string...

7.5CVSS7.3AI score0.00851EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/04/15 5:0 a.m.28 views

CVE-2026-5160

Versions of the package github.com/yuin/goldmark/renderer/html before 1.7.17 are vulnerable to Cross-site Scripting XSS due to improper ordering of URL validation and normalization. The renderer validates link destinations using a prefix-based check IsDangerousURL before resolving HTML entities...

6.1CVSS0.00287EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/02/10 8:28 p.m.4 views

php: Streams HTTP wrapper does not fail for headers with invalid name and no colon

A flaw was found in PHP. This vulnerability allows applications to accept invalid headers via malformed HTTP headers missing a colon :, which may confuse applications into processing them as valid headers...

6.3CVSS5.7AI score0.00463EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.4 views

MiracleLinux 4 : dhcp-4.1.1-63.P1.0.2.AXS4 (AXSA:2021-2027:03)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2027:03 advisory. dhcp: stack-based buffer overflow when parsing statements with colon-separated hex digits in config or lease files in dhcpd and dhclient CVE-2021-25217 Tenab...

7.4CVSS8.5AI score0.06118EPSS
Exploits1References2
Rows per page
Query Builder