Lucene search
K

1469 matches found

OSV
OSV
added 2026/06/26 6:52 p.m.4 views

GHSA-4XG6-52MH-FPW8 Incus: Nil-pointer dereference in createDependentVolumesFromBackup on disk.{Volume,VolumeSnapshots,Pool}

Summary backend.createDependentVolumesFromBackup in internal/server/storage/backend.go contains a cluster of unguarded pointer derefs on every dependent-volume entry's VolumeSnapshotsi, Volume, and Pool sub-fields. An authenticated user with cancreateinstances permission on any project can crash...

5.3CVSS5.8AI score0.00025EPSS
Exploits0References2
OSV
OSV
added 2026/06/24 10:16 p.m.7 views

DEBIAN-CVE-2026-39894

Cacti is an open source performance and fault management framework. In versions 1.2.30 and below, the locale-dependent decimal formatting in rrdtoolfunctionupdate can corrupt RRDtool metric values. The rrdtoolfunctionupdate function checks metric values with isnumeric and concatenates them into t...

2.5CVSS5.8AI score0.00104EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:19 p.m.10 views

CVE-2026-10836

Improper handling of HTTP headers that allows a remote attacker to manipulate the value of the Host header using specially crafted requests. A successful exploit could result in the generation of manipulated links or responses, potentially leading to limited information disclosure or compromising...

5.1CVSS0.00308EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/17 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-12330

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect boundary conditions in the Internationalization component. This vulnerability was fixed in Firefox ESR 140.12, Firefox ESR 115.37, and Thunderbird...

5.4CVSS6.1AI score0.00164EPSS
Exploits0References2
OSV
OSV
added 2026/06/12 6:28 p.m.23 views

GHSA-J9GF-VW2F-9HRW Appsmith: Configuration-dependent origin validation bypass in password reset and email verification link generation

Summary A configuration-dependent origin validation bypass was identified in Appsmith’s password reset and email verification flows on current release. Both flows derive the email-link base URL from the request Origin header. The current validation only enforces a trusted base URL when...

8.1CVSS5.6AI score
Exploits0References3
Snyk
Snyk
added 2026/06/09 6:33 p.m.8 views

Double Free

Overview Affected versions of this package are vulnerable to Double Free in the certificate verification path, in the TLS client's OCSP stapling response handling. An attacker operating a malicious server can deliver an OCSP response via the statusrequest extension that corrupts heap memory and...

8.2CVSS7.2AI score0.00245EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.18 views

PT-2026-46934

Ericsson Packet Core Gateway PCG versions prior to 1.30 contain an Improper Handling of Missing Values CWE-230 vulnerability where an attacker continuously sending a specially crafted message can cause service degradation. The impact continues as long the attack persists but the system recovers...

7.1CVSS5.4AI score0.00165EPSS
Exploits0References2
OSV
OSV
added 2026/05/28 10:46 p.m.9 views

GHSA-QP9X-WP8F-QGJJ tuf has platform-dependent delegation path matching

DelegatedRole.istargetinpathpattern uses fnmatch.fnmatch to decide whether a given target path is authorized by a delegation's glob pattern. Python's fnmatch.fnmatch calls os.path.normcase on both arguments before matching. On POSIX hosts normcase is the identity function; on Windows hosts os.pat...

4CVSS5.8AI score
Exploits0References3
vulnersOsv
vulnersOsv
added 2026/05/28 4:50 p.m.11 views

360solutions-bc-mcp (>=0.5.3 <=0.5.6), 3di-cmd-client (>=0.0.1a0 <=0.0.3) +749 more potentially affected by CVE-2026-48525 via pyjwt (>=2.0.0 <=2.12.1)

pyjwt PYPI version =2.0.0, =0.5.3, =0.0.1a0, =1.1.1, =0.1.0, =0.1.1, =0.1.31, =0.1.0, =1.5.0, =0.1.0, =0.2.9, =0.5.0, =1.89.5, =1.420.4 and more Source cves: CVE-2026-48525 Source advisory: SNYK:PYTHON-PYJWT-17053409...

5.3CVSS5.7AI score0.00288EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2026/05/26 3:53 a.m.26 views

Important: Red Hat Security Advisory: Red Hat build of Cryostat 4.2.0: new RHEL 9 container image security update

New Red Hat build of Cryostat 4.2.0 on RHEL 9 container images are now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.8CVSS7.3AI score0.01735EPSS
Exploits3References17
vulnersOsv
vulnersOsv
added 2026/05/14 7:16 p.m.9 views

com.ritense.valtimo:audit (>=13.0.0.RELEASE <=13.22.0.RELEASE), com.ritense.valtimo:besluiten-api (>=13.0.0.RELEASE <=13.22.0.RELEASE) +49 more potentially affected by CVE-2026-42555 via com.ritense.valtimo:case (>=13.0.0.RELEASE <=13.22.0.RELEASE)

com.ritense.valtimo:case MAVEN version =13.0.0.RELEASE, =13.0.0.RELEASE, =13.0.0.RELEASE, =13.13.0.RELEASE, =13.0.0.RELEASE, =13.0.0.RELEASE, =13.0.0.RELEASE, =13.0.0.RELEASE, =13.0.0.RELEASE, =13.0.0.RELEASE, =13.0.0.RELEASE, =13.0.0.RELEASE, =13.10.0.RELEASE, =13.10.0.RELEASE, =13.0.0.RELEASE,...

9.1CVSS5.4AI score0.00576EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/13 8:2 p.m.11 views

@piksail/strapi-plugin-publish-coolify (=0.0.1), stronges (=0.1.1) +1 more potentially affected by CVE-2026-22706 via @strapi/plugin-users-permissions (>=5.11.0 <=5.30.0)

@strapi/plugin-users-permissions NPM version =5.11.0, =5.30.0 is affected by a known vulnerability. The following packages have a transitive dependency on @strapi/plugin-users-permissions and may be impacted: - @piksail/strapi-plugin-publish-coolify =0.0.1 - stronges =0.1.1 - test-lead =0.1.0...

6.5CVSS5.8AI score0.00272EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/13 3:31 p.m.9 views

nautobot-app-intent-networking (>=2.0.9 <=2.0.11), nautobot-bgp-models (>=3.0.0a1 <=3.0.0a2) +13 more potentially affected by CVE-2026-44798 via nautobot (>=3.0.0rc2 <=3.1.1)

nautobot PYPI version =3.0.0rc2, =2.0.9, =3.0.0a1, =3.0.0rc1, =4.0.0a1, =3.0.0a1, =4.0.0a1, =4.0.0a2 - nautobot-ssot =4.0.0a1 - nautobot-welcome-wizard =3.0.0a1 Source cves: CVE-2026-44798 Source advisory: SNYK:PYTHON-NAUTOBOT-16691141...

7.1CVSS5.8AI score0.00277EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/13 3:30 p.m.9 views

nautobot-app-intent-networking (>=2.0.9 <=2.0.11), nautobot-bgp-models (>=3.0.0a1 <=3.0.0a2) +13 more potentially affected by CVE-2026-44797 via nautobot (>=3.0.0rc2 <=3.1.1)

nautobot PYPI version =3.0.0rc2, =2.0.9, =3.0.0a1, =3.0.0rc1, =4.0.0a1, =3.0.0a1, =4.0.0a1, =4.0.0a2 - nautobot-ssot =4.0.0a1 - nautobot-welcome-wizard =3.0.0a1 Source cves: CVE-2026-44797 Source advisory: SNYK:PYTHON-NAUTOBOT-16691212...

8.5CVSS5.8AI score0.00235EPSS
Exploits0
CVE
CVE
added 2026/05/13 9:26 a.m.29 views

CVE-2026-4798

The connected sources confirm CVE-2026-4798 affects Avada Builder for WordPress

7.5CVSS5.9AI score0.00511EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/05/12 6:30 p.m.7 views

aait (>=1.0.4 <=1.0.5), adess (=1.0.0) +245 more potentially affected by CVE-2026-31235 via imgaug (>=0.2.5 <=0.4.0)

imgaug PYPI version =0.2.5, =1.0.4, =0.1.0, =0.10.0, =0.0.3.20, =0.1.0, =1.3.0, =0.5.0, =0.2.3, =0.3.2, =0.7.0.dev134, =0.1.4, =0.1.5 - arcoocr =1.0.1 - atlalign =0.6.2 - audio-snippets =0.0.1 and more Source cves: CVE-2026-31235 Source advisory: OSV:GHSA-G82G-J283-HJ97...

9.8CVSS5.5AI score0.00472EPSS
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/12 12:0 a.m.20 views

Still Camouflage, Moving Illusion: View-Induced Trajectory Manipulation in Autonomous Driving

Existing physical adversarial attacks on vision-based autonomous driving induce time-evolving perception errors, including biased object tracking or trajectory prediction, through i sophisticated physical patch inducing detection box drift when entering the view distance, or ii dynamically changi...

5.7AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/11 2:42 p.m.12 views

0perator (>=0.1.0 <=0.3.0), 0pflow (>=0.1.0 <=0.1.0-dev.f5622ac) +1435 more potentially affected by CVE-2026-44902 via @opentelemetry/auto-instrumentations-node (>=0.16.0 <=0.74.0)

@opentelemetry/auto-instrumentations-node NPM version =0.16.0, =0.1.0, =0.1.0, =0.0.1, =0.8.0, =1.0.5, =0.0.0-dev-nicolas-fix-publishing-aurora-mcp-1750279939, =0.0.65, =0.2.0, =0.2.0, =0.0.1, =0.3.4, =0.1.0, =0.4.0, =0.4.0, =0.4.0, =5.0.1-staging.f17326334 and more Source cves: CVE-2026-44902...

7.5CVSS5.7AI score0.00455EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/11 2:28 p.m.6 views

bsky2llm (=0.1.0), downitall-android (=1.5.0) +14 more potentially affected by CVE-2026-44353 via streamlink (>=0.14.2 <=8.0.0)

streamlink PYPI version =0.14.2, =0.3.0, =0.0.1, =0.0.18, =1.0.0, =0.12.0, =0.1.14, =1.1.0, =0.0.1, =2.1.0, =3.4.0b2 - twitch-fapi-backend =0.1.0 and more Source cves: CVE-2026-44353 Source advisory: OSV:GHSA-HGQW-6M45-HW5F...

6.5CVSS5.4AI score0.00345EPSS
Exploits1
EUVD
EUVD
added 2026/05/08 3:31 p.m.11 views

EUVD-2026-28718

In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: qdsp6: Fix q6apm remove ordering during ADSP stop and start During ADSP stop and start, the kernel crashes due to the order in which ASoC components are removed. On ADSP stop, the q6apm-audio .remove callback unloads...

5.8AI score0.00123EPSS
Exploits0References7
Rows per page
Query Builder