Lucene search
K

711 matches found

Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.7 views

PT-2026-6333

Name of the Vulnerable Software and Affected Versions Blesta versions 3.x through 5.x before 5.13.3 Description The software does not properly validate input. This could allow for potential issues related to data handling. Recommendations Update to version 5.13.3 or later...

6.1CVSS5.4AI score0.00383EPSS
Exploits1References9
Github Security Blog
Github Security Blog
added 2026/02/02 11:33 p.m.15 views

SageMaker Python SDK has Exposed HMAC

Summary SageMaker Python SDK is an open source library for training and deploying machine learning models on Amazon SageMaker. An issue where the HMAC secret key is stored in environment variables and disclosed via the DescribeTrainingJob API has been identified. Impact - Function and Payload...

8.5CVSS6.5AI score0.00455EPSS
Exploits0References8Affected Software1
RedHat Linux
RedHat Linux
added 2026/02/02 6:47 a.m.7 views

Important: Red Hat Security Advisory: python-urllib3 security update

An update for python-urllib3 is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

8.9CVSS6.6AI score0.02667EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/01/31 12:0 a.m.5 views

EulerOS Virtualization 2.10.0 : libtasn1 (EulerOS-SA-2026-1179)

According to the versions of the libtasn1 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a...

5.3CVSS5.9AI score0.0107EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/01/30 10:15 p.m.8 views

CVE-2025-36428

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic when the RPSCAN feature is enabled...

5.3CVSS5.4AI score0.003EPSS
Exploits0References2
OSV
OSV
added 2026/01/26 12:0 a.m.6 views

ALSA-2026:1088 Important: python3.12-urllib3 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

8.9CVSS5.9AI score0.02667EPSS
Exploits0References8
OSV
OSV
added 2026/01/26 12:0 a.m.8 views

ALSA-2026:1087 Important: python-urllib3 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

8.9CVSS7.1AI score0.02667EPSS
Exploits0References8
OSV
OSV
added 2026/01/26 12:0 a.m.5 views

ALSA-2026:1224 Important: python3.11-urllib3 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

8.9CVSS7.1AI score0.02667EPSS
Exploits0References8
AlmaLinux
AlmaLinux
added 2026/01/26 12:0 a.m.7 views

Important: python-urllib3 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

8.9CVSS5.9AI score0.02667EPSS
Exploits0References8
AlmaLinux
AlmaLinux
added 2026/01/26 12:0 a.m.7 views

Important: python-urllib3 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

8.9CVSS5.9AI score0.02667EPSS
Exploits0References8
AlmaLinux
AlmaLinux
added 2026/01/26 12:0 a.m.7 views

Important: python3.11-urllib3 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

8.9CVSS5.9AI score0.02667EPSS
Exploits0References8
OSV
OSV
added 2026/01/25 2:36 p.m.8 views

CVE-2026-22998 nvme-tcp: fix NULL pointer dereferences in nvmet_tcp_build_pdu_iovec

In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: fix NULL pointer dereferences in nvmettcpbuildpduiovec Commit efa56305908b "nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length" added ttag bounds checking and dataoffset validation in...

7.5CVSS5.3AI score0.0071EPSS
Exploits0References10
OSV
OSV
added 2026/01/18 12:18 a.m.9 views

OSV-2026-87 Security exception in org.apache.poi.util.IOUtils.safelyAllocate

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=476184826 Crash type: Security exception Crash state: org.apache.poi.util.IOUtils.safelyAllocate org.apache.poi.ddf.EscherComplexProperty.ensureComplexData org.apache.poi.ddf.EscherComplexProperty.getComplexData...

5.4AI score
Exploits0References1
OSV
OSV
added 2026/01/18 12:18 a.m.6 views

OSV-2026-86 Security exception in java.base/java.util.Arrays.copyOfRange

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=476431399 Crash type: Security exception Crash state: java.base/java.util.Arrays.copyOfRange org.apache.poi.util.IOUtils.safelyClone org.apache.poi.ddf.EscherBlipRecord.setPictureData...

5.4AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.7 views

MiracleLinux 4 : kernel-2.6.32-696.16.1.el6 (AXSA:2017-2479:08)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-2479:08 advisory. A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets are implemented in the Linux kernel networking...

7.8CVSS7AI score0.20797EPSS
Exploits19References4
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.5 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004351)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004351 advisory. In the Linux kernel before 5.4.16, a race condition in tty-discdata handling in the slip and slcan line discipline could lead to a use-after-free, aka...

4.7CVSS6.4AI score0.00321EPSS
Exploits0References8
OSV
OSV
added 2026/01/15 5:32 p.m.2 views

SUSE-SU-2026:20088-1 Security update for erlang

This update for erlang fixes the following issues: Update the ssh component to the latest in the maint-27 branch. Security issues fixed: - CVE-2025-48040: ssh: overly tolerant handling of data received from unauthenticated users when processing key exchange messages may lead to excessive resource...

6.9CVSS5.8AI score0.00402EPSS
Exploits0References7
EUVD
EUVD
added 2026/01/14 9:46 p.m.6 views

EUVD-2026-2423

Algolia Search & Discovery for Magento 2 Has Untrusted Data Handling...

6.4AI score
Exploits0References4
GitLab Advisory Database
GitLab Advisory Database
added 2026/01/14 12:0 a.m.10 views

Algolia Search & Discovery for Magento 2 Has Untrusted Data Handling

Versions of the Algolia Search & Discovery extension for Magento 2 prior to 3.17.2 and 3.16.2 contain a vulnerability where data read from the database was treated as a trusted source during job execution. If an attacker is able to modify records used by the extension’s indexing queue, this could...

7AI score
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 12:41 p.m.6 views

CVE-2023-25047

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in David F. Carr RSVPMaker rsvpmaker allows SQL Injection.This issue affects RSVPMaker: from n/a through 9.9.3...

7.2CVSS7.8AI score0.0068EPSS
Exploits0References1
Rows per page
Query Builder