Lucene search
K

6339 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/29 12:0 a.m.9 views

RHEL 7 : perl-IO-Compress (RHSA-2026:30843)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:30843 advisory. This distribution provides a Perl interface to allow reading and writing of compressed data created with the zlib and bzip2 libraries. IO-Compress...

7.8CVSS6.5AI score0.00292EPSS
Exploits3References4
OSV
OSV
added 2026/06/29 12:0 a.m.2 views

ALSA-2026:30860 Important: perl-IO-Compress security update

This distribution provides a Perl interface to allow reading and writing of compressed data created with the zlib and bzip2 libraries. IO-Compress supports reading and writing of bzip2, RFC 1950, RFC 1951, RFC 1952 i.e. gzip and zip files/buffers. The following modules used to be distributed...

7.8CVSS6.2AI score0.00292EPSS
Exploits3References4
OSV
OSV
added 2026/06/29 12:0 a.m.4 views

ALSA-2026:30859 Important: perl-IO-Compress security update

This distribution provides a Perl interface to allow reading and writing of compressed data created with the zlib and bzip2 libraries. IO-Compress supports reading and writing of bzip2, RFC 1950, RFC 1951, RFC 1952 i.e. gzip and zip files/buffers. The following modules used to be distributed...

7.8CVSS6.2AI score0.00292EPSS
Exploits3References4
Tenable Nessus
Tenable Nessus
added 2026/06/29 12:0 a.m.9 views

RHEL 9 : perl-IO-Compress (RHSA-2026:30859)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:30859 advisory. This distribution provides a Perl interface to allow reading and writing of compressed data created with the zlib and bzip2 libraries. IO-Compress...

7.8CVSS6.5AI score0.00292EPSS
Exploits3References4
NVD
NVD
added 2026/06/28 2:16 a.m.13 views

CVE-2026-58050

libssh2 through 1.11.1 reads an attacker-controlled 32-bit attribute count from a publickey-subsystem response and uses it in the allocation numattrs sizeoflibssh2publickeyattribute without bounds checking, so on 32-bit platforms the multiplication overflows to an undersized buffer. A malicious S...

8.3CVSS0.00333EPSS
Exploits0References3
NVD
NVD
added 2026/06/28 2:16 a.m.13 views

CVE-2026-58051

libssh2 through 1.11.1 grows its publickey list with SSH2REALLOC but does not zero-initialize new entries before parsing populates them, so a parse failure reaching the cleanup path leaves libssh2publickeylistfree operating on an uninitialized entry. A malicious SSH server offering the publickey...

8.3CVSS0.0028EPSS
Exploits0References3
CVE
CVE
added 2026/06/28 1:32 a.m.38 views

CVE-2026-58051

CVE-2026-58051 affects libssh2 up to version 1.11.1. The vulnerability arises because libssh2 grows its publickey list using SSH2_REALLOC but does not zero-initialize the newly allocated entries before parsing populates them. If parsing fails and the code path cleans up, libssh2_publickey_list_fr...

8.3CVSS5.8AI score0.0028EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/06/28 1:32 a.m.41 views

CVE-2026-58050 libssh2 - Integer Overflow in publickey Subsystem Attribute Allocation

libssh2 through 1.11.1 reads an attacker-controlled 32-bit attribute count from a publickey-subsystem response and uses it in the allocation numattrs sizeoflibssh2publickeyattribute without bounds checking, so on 32-bit platforms the multiplication overflows to an undersized buffer. A malicious S...

8.3CVSS0.00333EPSS
Exploits0References3
OSV
OSV
added 2026/06/27 2:32 a.m.4 views

MAL-2026-6544 Malicious code in chai-as-persisted (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5cf9c49450e0fa0d47be1b6ae27991f844868ff6c435d2082948b5feae862709 The package's postinstall script npm run smoke:pino executes index.js, which spawns a detached node lib/initializeCaller.js child. That module hides...

6AI score
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/27 1:55 a.m.8 views

SUSE CVE-2026-49839

jq is a command-line JSON processor. Prior to 1.8.2, jq --rawfile can turn a handled oversized-string error into invalid-state reuse and a real heap out-of-bounds write in assertion-disabled builds. When jvloadfileraw=1 reads an attacker-controlled file, it repeatedly appends file chunks to the...

7.1CVSS5.8AI score0.00165EPSS
Exploits1References3
Snyk
Snyk
added 2026/06/26 11:32 p.m.4 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the id parameter in playlist operations. An attacker can access or delete other users' playlists, and probe for the existence of arbitrary files by supplying a crafted base64-encoded...

7.1CVSS6.1AI score0.00262EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/26 11:32 p.m.4 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the id parameter in playlist operations. An attacker can access or delete other users' playlists, and probe for the existence of arbitrary files by supplying a crafted base64-encoded...

7.1CVSS6.1AI score0.00262EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/26 11:32 p.m.6 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the id parameter in playlist operations. An attacker can access or delete other users' playlists, and probe for the existence of arbitrary files by supplying a crafted base64-encoded...

7.1CVSS6.1AI score0.00262EPSS
Exploits0References3
OSV
OSV
added 2026/06/26 11:21 p.m.3 views

GHSA-4GXV-P5G5-J7W7 gonic has arbitrary file write in createPlaylist: any authenticated user can write playlist M3U content to attacker-controlled path on the host

Summary A logic error in ServeCreateOrUpdatePlaylist allows any authenticated Subsonic user including non-admin to write playlist M3U content to an attacker-controlled absolute filesystem path on the gonic host, and to create intermediate directories with 0o777 permissions. The bug is independent...

8.1CVSS5.8AI score0.00269EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/26 11:18 p.m.11 views

EUVD-2026-39481

pnpm: Manifest identity spoof satisfies allowBuilds and runs attacker lifecycle...

7.5CVSS5.8AI score0.00118EPSS
Exploits1References5
OSV
OSV
added 2026/06/26 10:50 p.m.3 views

GHSA-8JGF-23Q5-X7XX ex_aws_sns: Trusted-attacker `SigningCertURL` permits complete SNS signature bypass

Summary ExAws.SNS.verifymessage/1 fetches the signing certificate from the SigningCertURL field of the incoming SNS message without validating that the URL uses HTTPS or that its host is an AWS-owned SNS certificate domain. An unauthenticated attacker who can POST to any endpoint that calls...

8.7CVSS6AI score0.00226EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/26 10:0 p.m.17 views

EUVD-2026-31694

Hackney has unbounded buffer accumulation in WebSocket...

8.7CVSS5.9AI score0.00825EPSS
Exploits1References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/26 9:41 p.m.8 views

Malicious code in @osmura/treeify (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4643c1f27e4916ea6090f1e6196c980fa1d65b96899a80b1f57633eaf16a61a9 The package republishes the upstream treeify library Luke Plaster, repo notatestuser/treeify verbatim under the unrelated @osmura scope, preserving t...

5.9AI score
Exploits0References3
NVD
NVD
added 2026/06/26 9:16 p.m.8 views

CVE-2026-48800

Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, the tag text content inside in shortcuts.xml is read by NppXml::valueaNode Parameters.cpp:3658 in the feedUserCmds function and stored in UserCommand.cmd without any validation. When the user clicks the corresponding entry ...

7.8CVSS0.0036EPSS
Exploits3References2
ATTACKERKB
ATTACKERKB
added 2026/06/26 8:21 p.m.7 views

CVE-2026-48778

Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, the tag in config.xml is read by NppXml::value Parameters.cpp:6430 and stored in nppGUI.commandLineInterpreter without any validation, whitelist, or digital signature check. When the user triggers IDMFILEOPENCMD File → Open...

7.8CVSS5.8AI score0.01314EPSS
Exploits5References3Affected Software1
Rows per page
Query Builder