Lucene search
K

56 matches found

OSV
OSV
added 2026/06/29 10:29 a.m.2 views

SUSE-SU-2026:22432-1 Security update for helm

This update for helm fixes the following issue - CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows for validation bypass and privilege escalation bsc1266598. Changes for helm: - update to 3.21.2: choredeps: bump the k8s-io group with 2 updates...

9.6CVSS6.6AI score0.00478EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.7 views

SUSE SLES15 Security Update : google-osconfig-agent (SUSE-SU-2026:2611-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2611-1 advisory. This update for google-osconfig-agent fixes the following issue - CVE-2026-33186: Update google.golang.org/grpc dependency...

10CVSS6.6AI score0.01557EPSS
Exploits1References38
OSV
OSV
added 2026/06/21 12:45 a.m.5 views

SUSE-SU-2026:22305-1 Security update for helm

This update for helm fixes the following issue - CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows for validation bypass and privilege escalation bsc1266598. Changes for helm: - Update to version 3.21.1: Fixed nil pointer panic that could happen wi...

9.6CVSS6.5AI score0.00478EPSS
Exploits0References3
OSV
OSV
added 2026/06/21 12:45 a.m.3 views

SUSE-SU-2026:22233-1 Security update for helm

This update for helm fixes the following issue - CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows for validation bypass and privilege escalation bsc1266598. Changes for helm: - Update to version 3.21.1: Fixed nil pointer panic that could happen wi...

9.6CVSS5.8AI score0.00478EPSS
Exploits0References3
OSV
OSV
added 2026/06/21 12:44 a.m.3 views

OPENSUSE-SU-2026:20994-1 Security update for helm

This update for helm fixes the following issue - CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows for validation bypass and privilege escalation bsc1266598. Changes for helm: - Update to version 3.21.1: Fixed nil pointer panic that could happen wi...

9.6CVSS6.7AI score0.00478EPSS
Exploits0References2
OSV
OSV
added 2026/06/12 7:23 a.m.6 views

OPENSUSE-SU-2026:20948-1 Security update for enc

This update for enc fixes the following issues: Changes in enc: - CVE-2026-1229: Fix incorrect value bsc1265533 Bump circl to 1.6.3 - Update to 1.1.5: Update dependencies 10 - Update to 1.1.4: Update all dependencies 9...

9.8CVSS7.7AI score0.00397EPSS
Exploits0References2
OSV
OSV
added 2026/05/22 11:50 a.m.7 views

OPENSUSE-SU-2026:20788-1 Security update for mcphost

This update for mcphost fixes the following issues - CVE-2025-30153: github.com/getkin/kin-openapi/openapi3filter: Improper Handling of Highly Compressed Data Data Amplification in github.com/getkin/kin-openapi/openapi3filter bsc1264762. - CVE-2025-47913: golang.org/x/crypto/ssh/agent: client...

9.1CVSS6.7AI score0.01557EPSS
Exploits3References12
OSV
OSV
added 2026/05/20 6:8 p.m.6 views

DRUPAL-CORE-2026-004

Drupal core includes a database abstraction API to ensure that queries executed against the database are sanitized to prevent SQL injection attacks. A vulnerability in this API allows an attacker to send specially crafted requests, resulting in arbitrary SQL injection for sites using PostgreSQL...

9.8CVSS6.4AI score0.84631EPSS
Exploits13References1
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.11 views

PT-2026-42361

Drupal core includes a database abstraction API to ensure that queries executed against the database are sanitized to prevent SQL injection attacks. A vulnerability in this API allows an attacker to send specially crafted requests, resulting in arbitrary SQL injection for sites using PostgreSQL...

6.2AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/17 12:0 a.m.3 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : plexus-utils (SUSE-SU-2026:1396-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1396-1 advisory. This update for plexus-utils fixes the following issue: Security fixes: - CVE-2025-67030: directory...

8.8CVSS5.9AI score0.00663EPSS
Exploits0References4
OSV
OSV
added 2026/04/14 4:34 p.m.4 views

OPENSUSE-SU-2026:20579-1 Security update for gosec

This update for gosec fixes the following issues: Changes in gosec: - Update to version 2.25.0: choredeps: bump google.golang.org/grpc from 1.75.0 to 1.79.3 1617 fix: allow barry action to access secrets on fork PRs 1616 fix: reduce G117 false positives for custom marshalers and transformed value...

8.7CVSS5.9AI score0.00396EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:17 p.m.4 views

CVE-2026-32735

openapi-to-java-records-mustache-templates allows users to generate Java Records from OpenAPI specifications. Starting in version 5.1.1 and prior to version 5.5.1, the parent POM file of this project openapi-to-java-records-mustache-templates-parent, which is used to centralize plugin...

2.3CVSS5.9AI score0.00321EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/18 12:0 a.m.11 views

Openapi to Java Records Mustache Templates 输入验证错误漏洞

Openapi to Java Records Mustache Templates is a record-generation tool developed by Christopher Molin. Versions of Openapi to Java Records Mustache Templates prior to 5.5.1 had a vulnerability related to input validation errors. This vulnerability stemmed from the possibility of the parent POM fi...

2.3CVSS6AI score0.00321EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/03/06 12:0 a.m.8 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : cosign (SUSE-SU-2026:0777-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0777-1 advisory. Update to version 3.0.5 jscSLE-23879. Security issues fixed: - CVE-2025-11065:...

7.5CVSS6AI score0.00533EPSS
Exploits4References28
OSV
OSV
added 2026/03/02 2:16 p.m.2 views

SUSE-SU-2026:20534-1 Security update for rust-keylime

This update for rust-keylime fixes the following issues: Update to version 0.2.8+116. Security issues fixed: - CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion bsc1257908. Other updates and bugfixes: - Update vendored crates time to...

6.8CVSS6AI score0.00291EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.10 views

PT-2026-20655

Name of the Vulnerable Software and Affected Versions Strimzi versions 0.49.0 through 0.50.0 Description Strimzi allows running an Apache Kafka cluster on Kubernetes or OpenShift. Versions 0.49.0 through 0.50.0 incorrectly configure trusted certificates for mTLS authentication when using a custom...

8.1CVSS5.5AI score0.00365EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.12 views

PT-2026-20654

Strimzi provides a way to run an Apache Kafka cluster on Kubernetes or OpenShift in various deployment configurations. From 0.47.0 to before 0.50.1, when a chain consisting of multiple CA Certificate Authority certificates is used in the trusted certificates configuration of a Kafka Connect opera...

5.9CVSS5.5AI score0.00184EPSS
Exploits0References4
OSV
OSV
added 2026/02/18 11:27 a.m.4 views

SUSE-SU-2026:20580-1 Security update for cockpit-repos

This update for cockpit-repos fixes the following issues: Update to version 4.7. Security issues fixed: - CVE-2025-13465: prototype pollution in the .unset and .omit functions can lead to deletion of methods from global bsc1257325. - CVE-2025-64718: js-yaml prototype pollution in merge bsc1255425...

8.2CVSS5.8AI score0.01535EPSS
Exploits0References5
Packet Storm News
Packet Storm News
added 2026/01/27 12:0 a.m.5 views

Who Said CVE? How Vulnerability Identifiers Are Mentioned by Humans, Bots, and Agents in Pull Requests

Vulnerability identifiers such as CVE, CWE, and GHSA are standardised references to known software security issues, yet their use in practice is not well understood. This paper compares vulnerability ID use in GitHub pull requests authored by autonomous agents, bots, and human developers. Using t...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/31 12:0 a.m.4 views

Understanding Security Risks of AI Agents' Dependency Updates

Package dependencies are a critical control point in modern software supply chains. Dependency changes can substantially alter a project's security posture. As AI coding agents increasingly modify software via pull requests, it is unclear whether their dependency decisions introduce distinct...

6.9AI score
Exploits0
Rows per page
Query Builder