Lucene search
K

80 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Chromium

Type confusion in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted UI interaction. Chromium security severity: Low...

6.3CVSS6.9AI score0.0042EPSS
Exploits0References2
NVD
NVD
added 2026/06/16 12:16 p.m.10 views

CVE-2026-12225

syracom AG Secure Login 2FA for Atlassian Jira, Confluence, and Bitbucket 3.4.0.x contains an authentication bypass vulnerability. An attacker with valid credentials for a user account can bypass the two-factor authentication flow by sending HTTP requests with a crafted User-Agent header containi...

8.7CVSS0.00481EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/05 9:31 a.m.7 views

corosync: Corosync: Denial of Service and information disclosure via crafted UDP packet

A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit token sanity check by sending a specially crafted User Datagram Protocol UDP packet. This can lead to an out-of-bounds read, causing a denial of service...

8.2CVSS5.8AI score0.00867EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-33602

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A rogue backend can send a crafted UDP response with a query ID off by one related to the maximum configured value, triggering an out-of-bounds write leading to...

8.2CVSS5.8AI score0.00731EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.7 views

PT-2026-1964

Name of the Vulnerable Software and Affected Versions MediaWiki - VisualData Extension version 1.45 Description An inefficient regular expression complexity issue exists in the MediaWiki - VisualData Extension. This allows for a Regular Expression Exponential Blowup, potentially leading to a deni...

5.3CVSS6.3AI score0.0041EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2025/11/27 1:54 p.m.13 views

CVE-2025-61949

LogStare Collector contains a stored cross-site scripting vulnerability in UserManagement. If crafted user information is stored, an arbitrary script may be executed on the web browser of the user who logs in to the product's management page...

5.4CVSS5.3AI score0.00147EPSS
Exploits0References1
NVD
NVD
added 2025/11/21 7:15 a.m.8 views

CVE-2025-61949

LogStare Collector contains a stored cross-site scripting vulnerability in UserManagement. If crafted user information is stored, an arbitrary script may be executed on the web browser of the user who logs in to the product's management page...

5.4CVSS0.00147EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/21 6:17 a.m.9 views

CVE-2025-61949

LogStare Collector contains a stored cross-site scripting vulnerability in UserManagement. If crafted user information is stored, an arbitrary script may be executed on the web browser of the user who logs in to the product's management page...

5.4CVSS0.00147EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-0301

Malware in sbrugna...

7.5CVSS7.4AI score0.02205EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2010-1181

Malware in sbrugna...

6CVSS6.1AI score0.01298EPSS
Exploits1References14
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-2398

Malicious code in bioql PyPI...

8.2CVSS6.4AI score0.06762EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2025/05/23 3:19 a.m.5 views

CVE-2023-23621

Discourse is an open-source discussion platform. Prior to version 3.0.1 on the stable branch and version 3.1.0.beta2 on the beta and tests-passed branches, a malicious user can cause a regular expression denial of service using a carefully crafted user agent. This issue is patched in version 3.0....

8.6CVSS7.2AI score0.00868EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2025/04/20 11:23 p.m.5 views

SUSE CVE-2017-12844

Cross-site scripting XSS vulnerability in the admin panel in IceWarp Mail Server 10.4.4 allows remote authenticated domain administrators to inject arbitrary web script or HTML via a crafted user name...

4.8CVSS5.8AI score0.00784EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2025/03/14 2:57 a.m.4 views

SUSE CVE-2025-25294

Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. In all Envoy Gateway versions prior to 1.2.7 and 1.3.1 a default Envoy Proxy access log configuration is used. This format is vulnerable to log injection attacks. If the...

5.3CVSS7.1AI score0.00264EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/07/23 2:49 p.m.29 views

CVE-2024-41655 TF2 Item Format Regular Expression Denial of Service vulnerability

TF2 Item Format helps users format TF2 items to the community standards. Versions of tf2-item-format since at least 4.2.6 and prior to 5.9.14 are vulnerable to a Regular Expression Denial of Service ReDoS attack when parsing crafted user input. This vulnerability can be exploited by an attacker t...

7.5CVSS0.00766EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2023/11/10 12:0 a.m.6 views

The vulnerability of the system administration programs Sudo-rs lies in insufficient validation of command arguments entered by users. This allows attackers to escalate their privileges by creating a specially crafted user name.

The vulnerability of the system administration programs Sudo-rs is related to insufficient checking of command arguments entered by users. Exploiting this vulnerability allows a malicious actor to enhance their privileges by creating a specially crafted user name...

9CVSS7.4AI score0.00571EPSS
Exploits0References6Affected Software2
RedHat Linux
RedHat Linux
added 2023/11/07 8:51 a.m.6 views

curl: TELNET option IAC injection

A vulnerability in input validation exists in curl 8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform...

9.8CVSS7.5AI score0.01993EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2023/09/28 1:45 a.m.2 views

SUSE CVE-2023-5186

Use after free in Passwords in Google Chrome prior to 117.0.5938.132 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. Chromium security severity: High...

8.8CVSS9.5AI score0.00956EPSS
Exploits0References6
CNNVD
CNNVD
added 2023/09/28 12:0 a.m.4 views

Google Chrome Resource Management Error Vulnerability

Google Chrome is a web browser from Google, Inc USA. A resource management error vulnerability exists in Google Chrome prior to version 117.0.5938.132, which stems from the presence of a post-release reuse vulnerability that allows remote attackers to potentially exploit heap corruption via a...

8.8CVSS6.9AI score0.00956EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2023/07/25 12:0 a.m.18 views

Cisco Nexus 9000 Series Fabric Switches Application-Centric Infrastructure Mode Privilege Escalation (CVE-2019-1585)

A vulnerability in the controller authorization functionality of Cisco Nexus 9000 Series ACI Mode Switch Software could allow an authenticated, local attacker to escalate standard users with root privilege on an affected device. The vulnerability is due to a misconfiguration of certain sudoers...

7.8CVSS6.8AI score0.00375EPSS
Exploits0References3
Rows per page
Query Builder