Lucene search
+L

715 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/05/04 12:37 p.m.12 views

Security Bulletin:urllib3 Unbounded Decompression Chain Enables Denial of Service

Summary urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage and massiv...

8.9CVSS6.9AI score0.00633EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/05/04 12:0 a.m.5 views

RHCOS 4 : OpenShift Container Platform 4.13.41 (RHSA-2024:2049)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2049 advisory. - golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS CVE-2023-45288 - buildah: full container escape ...

8.6CVSS7AI score0.91969EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2026/05/04 12:0 a.m.7 views

RHCOS 4 : OpenShift Container Platform 4.12.57 (RHSA-2024:2784)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2784 advisory. - buildah: full container escape at build time CVE-2024-1753 - cri-o: Arbitrary command injection via pod annotation CVE-2024-3154 -...

8.6CVSS6.8AI score0.01956EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/05/01 12:0 a.m.10 views

Open5GS 安全漏洞

Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for LTE/NR networks. Versions of Open5GS 2.7.7 and earlier contain security vulnerabilities. These vulnerabilities stem from the amfnamfcallbackhandlesdmdatachangenotify function in the AMF...

5.3CVSS5.8AI score0.00364EPSS
Exploits0References1
NVD
NVD
added 2026/04/28 8:15 a.m.11 views

CVE-2024-54011

Penetration Testing engineers at Amazon have discovered a flaw where the camera system fails to properly handle data supplied in certain requests, causing a service disruption. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and...

6.5CVSS0.0024EPSS
Exploits0References1
CVE
CVE
added 2026/04/28 6:51 a.m.18 views

CVE-2024-54011

Technical details about CVE-2024-54011 are not publicly available in the provided documents. Monitor for updates.

6.5CVSS5.4AI score0.0024EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.11 views

PT-2026-35673

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A flaw exists in the camera system where it fails to properly handle data supplied in certain requests, leading to a service disruption. Recommendations At the...

6.5CVSS5.8AI score0.0024EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.16 views

PT-2026-36157

🚨 CVE-2024-54011 Penetration Testing engineers at Amazon have discovered a flaw where the camera system fails to properly handle data supplied in certain requests, causing a service disruption. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report fo...

6.5CVSS5.3AI score0.0024EPSS
Exploits0References6
OSV
OSV
added 2026/04/22 8:16 p.m.11 views

GHSA-J759-J44W-7FR8 xmldom has XML node injection through unvalidated comment serialization

Summary The package allows attacker-controlled comment content to be serialized into XML without validating or neutralizing comment breaking sequences. As a result, an attacker can terminate the comment early and inject arbitrary XML nodes into the serialized output. --- Details The issue is in t...

8.7CVSS5.8AI score0.00365EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2026/04/22 5:44 p.m.10 views

Inspektor Gadget: Command Injection via malicious buildOptions manipulation

Impacted Resources inspektor-gadget/cmd/common/image/build.go inspektor-gadget/cmd/common/image/helpers/Makefile.build Description The ig binary provides a subcommand for image building, used to generate custom gadget OCI images. A part of this functionality is implemented in the file...

7.8CVSS6AI score0.01281EPSS
Exploits1References5Affected Software1
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.8 views

WWBN AVideo 安全漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 29.0 contained security vulnerabilities. These vulnerabilities stemmed from the locale/save.php file, which directly concatenated $POSTflag to construct the file path witho...

8.7CVSS6.1AI score0.00656EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.5 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013356)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013356 advisory. In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix more uncharged while msg has moredata In tcpbpfsendverdict, if msg has more dat...

5.5CVSS6.2AI score0.00253EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.5 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011194)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011194 advisory. In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix repeated calls to sockput when msg has moredata In tcpbpfsendverdict redirectio...

7.8CVSS5.9AI score0.00158EPSS
Exploits0References4
CVE
CVE
added 2026/04/15 6:35 p.m.29 views

CVE-2026-6245

CVE-2026-6245 affects the System Security Services Daemon (SSSD) PAM passkey responder. The pam_passkey_child_read_data() function mishandles raw bytes from a pipe, treating them as a NUL-terminated C string, causing an out-of-bounds read (Crash) and local DoS. Affected: SSSD PAM responder; vecto...

5.5CVSS5.8AI score0.00141EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/12 12:0 a.m.6 views

MetaGPT 代码问题漏洞

MetaGPT is a multi-agent framework developed by MetaGPT Inc. Versions of MetaGPT 0.8.1 and earlier contained code vulnerabilities. These vulnerabilities stemmed from the improper handling of the imgurlorb64 parameter in the decodeimage function within the metagpt/utils/common.py file, which could...

6.5CVSS6.7AI score0.00263EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2026/04/11 12:12 a.m.6 views

CVE-2026-4149 Sonos Era 300 SMB Response Out-Of-Bounds Access Remote Code Execution Vulnerability

Sonos Era 300 SMB Response Out-Of-Bounds Access Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sonos Era 300. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...

10CVSS6.3AI score0.00995EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/10 6:17 p.m.16 views

Improper Validation of Syntactic Correctness of Input

Overview Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input in the base64 decoder. An attacker can cause the processing of incomplete data by supplying base64-encoded input with additional data after the first padding character, which is...

6CVSS5.7AI score0.00188EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.10 views

WordPress plugin MStore API 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

4.3CVSS5.8AI score0.00226EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/04/03 10:6 p.m.14 views

CVE-2026-35388

A flaw was found in OpenSSH. This vulnerability allows for a low integrity impact due to the omission of connection multiplexing confirmation for proxy-mode multiplexing sessions. A local user, under specific and complex conditions requiring user interaction, could potentially establish a...

2.5CVSS5.8AI score0.0013EPSS
Exploits0References6
Microsoft CVE
Microsoft CVE
added 2026/03/29 8:2 a.m.7 views

LIBPNG has use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE`

...

7.5CVSS5.8AI score0.01052EPSS
Exploits1
Rows per page
Query Builder