Lucene search
K

36 matches found

Cvelist
Cvelist
added 2026/06/02 6:32 p.m.31 views

CVE-2026-47265 AIOHTTP vulnerable to cross-origin redirect with per-request cookies

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, cookies set with the cookies parameter on requests are sent after following a cross-origin redirect. If a developer uses the cookies parameter on a per-request basis then sensitive data might ...

8.7CVSS0.0015EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/02 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-31699

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - crypto: ccp: Don't attempt to copy CSR to userspace if PSP command failed When retrieving the PEK CSR, don't attempt to copy the blob to userspace if the firmwa...

7.1CVSS7.3AI score0.00126EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/02 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-31697

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - crypto: ccp: Don't attempt to copy ID to userspace if PSP command failed When retrieving the ID for the CPU, don't attempt to copy the ID blob to userspace if t...

7.1CVSS7.3AI score0.00126EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/04/15 10:42 a.m.5 views

thunderbird: Out of bounds read in IMAP parsing

A flaw was found in Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: A malicious mail server could send malformed strings with negative lengths, causing the parser to read memory outside the buffer. If a mail server or connection to a mail server were...

8.2CVSS7.2AI score0.0036EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/03/25 4:54 p.m.5 views

SUSE CVE-2026-23919

For performance reasons Zabbix Server/Proxy reuses JavaScript Duktape contexts used in script items, JavaScript reprocessing, Webhooks. This can lead to confidentiality loss where a regular non-super Zabbix administrator leaks data for hosts they do not have access to. A fix has been released tha...

7.1CVSS5.7AI score0.00154EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/02/03 5:21 p.m.6 views

Decidim's private data exports can lead to data leaks

Impact Private data exports can lead to data leaks in cases where the UUID generation causes collisions for the generated UUIDs. The bug was introduced by 13571 and affects Decidim versions 0.30.0 or newer currently 2025-09-23. This issue was discovered by running the following spec several times...

8.2CVSS5.5AI score0.00262EPSS
Exploits0References8Affected Software2
Cvelist
Cvelist
added 2026/01/15 4:38 p.m.24 views

CVE-2026-23493 Pimcore ENV Variables and Cookie Informations are exposed in http_error_log

Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, the httperrorlog file stores the $COOKIE and $SERVER variables, which means sensitive information such as database passwords, cookie session data, and other details can be accessed or recovered through t...

8.6CVSS0.00393EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/08 3:14 p.m.6 views

Security Bulletin: IBM Datapower Operations Dashboard could allow a potential data leak CVE-2025-49574

Summary vert.x is used in KeyCloak which is used by the IBM Datapower Operations Dashboard for authentication and authorization Vulnerability Details CVEID:CVE-2025-49574 DESCRIPTION: Quarkus is a Cloud Native, Linux Container First framework for writing Java applications. In versions prior to...

6.4CVSS6.4AI score0.0025EPSS
Exploits0Affected Software1
OSV
OSV
added 2025/11/14 9:30 p.m.3 views

GHSA-JJ37-3377-M6VV Duplicate Advisory: Nodemailer: Email to an unintended domain can occur due to Interpretation Conflict

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-mm7p-fcc7-pg87. This link is maintained to preserve external references. Original Description A vulnerability was identified in the email parsing library due to improper handling of specially formatted recipient...

7.5CVSS5.8AI score0.00509EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2006-0920

Malware in sbrugna...

7.5CVSS6.2AI score0.01175EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-19776

Malware in sbrugna...

9.1CVSS8.8AI score0.04941EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.10 views

EUVD-2019-2192

Malware in sbrugna...

4.3CVSS4.6AI score0.00716EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-4782

Malicious code in bioql PyPI...

6.7CVSS6.5AI score0.00234EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-49642

Malicious code in bioql PyPI...

5.5CVSS6.6AI score0.00154EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-16308

Malicious code in bioql PyPI...

4.4CVSS4.8AI score0.00223EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2025/09/30 12:0 a.m.7 views

Amazon Linux 2023 : coreutils, coreutils-common, coreutils-single (ALAS2023-2025-1194)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1194 advisory. A flaw was found in GNU Coreutils. The sort utility's begfield function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted...

4.4CVSS5.3AI score0.00223EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/08/22 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2024-0553

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with...

7.5CVSS6.5AI score0.01614EPSS
Exploits1References2
CVE
CVE
added 2025/08/20 8:8 p.m.141 views

CVE-2025-54988

This CVE-2025-54988 vulnerability is an XXE in Apache Tika affecting tika-core/tika-pdf-module/tika-parsers, allowing XML External Entity injection via a crafted XFA PDF. The NVD entry covers Apache Tika 1.13–3.2.1 with a fix in 3.2.2; UAs may read sensitive data or trigger internal requests. Sev...

9.8CVSS7.1AI score0.02962EPSS
Exploits4References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2021-30682

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS...

5.5CVSS6.7AI score0.01593EPSS
Exploits0References2
SUSE Linux
SUSE Linux
added 2025/07/18 9:8 a.m.3 views

Security update for coreutils

This update for coreutils fixes the following issues: CVE-2025-5278: Fixed heap buffer under-read may lead to a crash or leak sensitive data bsc1243767 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

4.4CVSS5.1AI score0.00223EPSS
Exploits0References4
Rows per page
Query Builder