Lucene search
K

1366 matches found

Positive Technologies
Positive Technologies
added 2026/01/25 12:0 a.m.7 views

PT-2026-4692

In loadDataAndPostValue of multiple files, there is a possible way to obscure permission usage due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

6.2AI score0.00098EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/25 12:0 a.m.3 views

PT-2026-4708

In createRequest of MediaProvider.java, there is a possible way for an app to gain read/write access to non-existing files due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

6.2AI score0.00103EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/25 12:0 a.m.7 views

PT-2026-4712

Name of the Vulnerable Software and Affected Versions Chromium affected versions not specified Description An integer overflow in multiple functions within ubsan throwing runtime.cpp can cause a UBSan failure. This issue may lead to a remote denial of service without requiring additional executio...

6AI score0.00253EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/24 3:18 p.m.8 views

CVE-2026-24632

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in jagdish1o1 Delay Redirects delay-redirects allows DOM-Based XSS.This issue affects Delay Redirects: from n/a through = 1.0.0...

5.9CVSS5.4AI score0.0014EPSS
Exploits0References1
NVD
NVD
added 2026/01/23 3:16 p.m.7 views

CVE-2026-24632

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in jagdish1o1 Delay Redirects delay-redirects allows DOM-Based XSS.This issue affects Delay Redirects: from n/a through = 1.0.0...

5.9CVSS0.0014EPSS
Exploits0References1
NVD
NVD
added 2026/01/23 3:16 p.m.6 views

CVE-2025-71156

In the Linux kernel, the following vulnerability has been resolved: gve: defer interrupt enabling until NAPI registration Currently, interrupts are automatically enabled immediately upon request. This allows interrupt to fire before the associated NAPI context is fully initialized and cause...

7.8CVSS0.00119EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/23 2:29 p.m.3 views

CVE-2026-24632

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in jagdish1o1 Delay Redirects delay-redirects allows DOM-Based XSS.This issue affects Delay Redirects: from n/a through = 1.0.0...

5.9CVSS5.9AI score0.0014EPSS
Exploits0References2
CVE
CVE
added 2026/01/23 2:29 p.m.12 views

CVE-2026-24632

CVE-2026-24632 describes a DOM-Based XSS in the WordPress plugin Delay Redirects prior to 1.0.0, caused by improper input neutralization during web-page generation. The issue affects Delay Redirects

5.9CVSS5.4AI score0.0014EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/23 2:29 p.m.28 views

CVE-2026-24632 WordPress Delay Redirects plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in jagdish1o1 Delay Redirects delay-redirects allows DOM-Based XSS.This issue affects Delay Redirects: from n/a through = 1.0.0...

5.9CVSS0.0014EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/23 2:29 p.m.5 views

CVE-2026-24632 WordPress Delay Redirects plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in jagdish1o1 Delay Redirects delay-redirects allows DOM-Based XSS.This issue affects Delay Redirects: from n/a through = 1.0.0...

5.9CVSS5.4AI score0.0014EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/23 12:0 a.m.8 views

WordPress plugin Delay Redirects has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.9CVSS5.6AI score0.0014EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/23 12:0 a.m.9 views

PT-2026-4462

Name of the Vulnerable Software and Affected Versions Delay Redirects versions through 1.0.0 Description Delay Redirects is susceptible to a DOM-Based Cross-site Scripting XSS issue due to improper neutralization of input during web page generation. This allows for potential malicious code...

5.9CVSS5.8AI score0.0014EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/22 11:24 p.m.8 views

CVE-2026-23996

FastAPI Api Key provides a backend-agnostic library that provides an API key system. Version 1.1.0 has a timing side-channel vulnerability in verifykey. The method applied a random delay only on verification failures, allowing an attacker to statistically distinguish valid from invalid API keys b...

3.7CVSS5.6AI score0.00254EPSS
Exploits0References1
OSV
OSV
added 2026/01/22 9:15 p.m.8 views

SUSE-SU-2026:0263-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP5 RT kernel was updated to fix various security issues The following security issues were fixed: - CVE-2022-50630: mm: hugetlb: fix UAF in hugetlbhandleuserfault bsc1254785. - CVE-2022-50700: wifi: ath10k: Delay the unmapping of the buffer bsc1255576. -...

7.8CVSS7.3AI score0.00465EPSS
Exploits2References832
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.6 views

Azure Linux 3.0 Security Update: hyperv-daemons (CVE-2024-27047)

The version of hyperv-daemons installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-27047 advisory. - In the Linux kernel, the following vulnerability has been resolved: net: phy: fix phygetinternaldela...

5.5CVSS5.3AI score0.00281EPSS
Exploits0References2
NVD
NVD
added 2026/01/21 11:15 p.m.7 views

CVE-2026-23996

FastAPI Api Key provides a backend-agnostic library that provides an API key system. Version 1.1.0 has a timing side-channel vulnerability in verifykey. The method applied a random delay only on verification failures, allowing an attacker to statistically distinguish valid from invalid API keys b...

3.7CVSS0.00254EPSS
Exploits0References3
OSV
OSV
added 2026/01/21 10:29 p.m.8 views

CVE-2026-23996 FastAPI Api Key has a timing side-channel in verify_key that allows statistical key validity detection

FastAPI Api Key provides a backend-agnostic library that provides an API key system. Version 1.1.0 has a timing side-channel vulnerability in verifykey. The method applied a random delay only on verification failures, allowing an attacker to statistically distinguish valid from invalid API keys b...

3.7CVSS5.7AI score0.00254EPSS
Exploits0References5
CVE
CVE
added 2026/01/21 10:29 p.m.17 views

CVE-2026-23996

CVE-2026-23996 concerns the FastAPI Api Key library. Version 1.1.0 is reported to expose a timing side-channel in verify_key(), where a random delay is applied only on verification failures. This enables an attacker to statistically distinguish valid from invalid API keys by measuring response la...

3.7CVSS5.6AI score0.00254EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/21 10:29 p.m.6 views

CVE-2026-23996 FastAPI Api Key has a timing side-channel in verify_key that allows statistical key validity detection

FastAPI Api Key provides a backend-agnostic library that provides an API key system. Version 1.1.0 has a timing side-channel vulnerability in verifykey. The method applied a random delay only on verification failures, allowing an attacker to statistically distinguish valid from invalid API keys b...

3.7CVSS5.6AI score0.00254EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/21 10:29 p.m.4 views

CVE-2026-23996

FastAPI Api Key provides a backend-agnostic library that provides an API key system. Version 1.1.0 has a timing side-channel vulnerability in verifykey. The method applied a random delay only on verification failures, allowing an attacker to statistically distinguish valid from invalid API keys b...

3.7CVSS5.4AI score0.00254EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder