Lucene search
+L

4259 matches found

CNNVD
CNNVD
added 2026/04/17 12:0 a.m.11 views

libvips 安全漏洞

libvips is an open-source fast image processing library with low memory requirements. Versions of libvips 8.18.2 and earlier contain security vulnerabilities. These vulnerabilities stem from the handling of the parameter “n” in the file “libvips/deprecated/vips7compat.c”, which may lead to a heap...

5.3CVSS6.3AI score0.0016EPSS
Exploits0References2
OSV
OSV
added 2026/04/16 10:28 p.m.3 views

GHSA-V9WW-2J6R-98Q6 @fastify/middie vulnerable to middleware bypass via deprecated ignoreDuplicateSlashes option

Impact @fastify/middie v9.3.1 and earlier does not read the deprecated but still functional top-level ignoreDuplicateSlashes option, only reading from routerOptions. This creates a normalization gap: Fastify's router normalizes duplicate slashes but middie does not, allowing middleware bypass via...

7.4CVSS5.8AI score0.00278EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.8 views

PT-2026-32937

Unisys WebPerfect Image Suite versions 3.0.3960.22810 and 3.0.3960.22604 expose a deprecated .NET Remoting TCP channel that allows remote unauthenticated attackers to leak NTLMv2 machine-account hashes by supplying a Windows UNC path as a target file argument through object-unmarshalling...

7CVSS5.8AI score0.00687EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.9 views

Unisys WebPerfect Image Suite 安全漏洞

Unisys WebPerfect Image Suite is an enterprise document imaging and management system developed by Unisys, Inc. Both versions of Unisys WebPerfect Image Suite 3.0.3960.22810 and 3.0.3960.22604 contain security vulnerabilities. These vulnerabilities stem from the exposure of deprecated.NET Remotin...

10CVSS5.8AI score0.00687EPSS
Exploits1References3
HackRead
HackRead
added 2026/04/13 11:4 a.m.6 views

Why Your Deprecated Endpoints Are an Attacker’s Best Friend: The Rise of Ghost APIs

Ghost APIs are deprecated endpoints left active, exposing systems to attack. Learn how they differ from shadow APIs and why they create hidden security risks...

5.8AI score
Exploits0
UbuntuCve
UbuntuCve
added 2026/04/10 4:16 p.m.5 views

CVE-2026-34479

The Log4j1XmlLayout from the Apache Log4j 1-to-Log4j 2 bridge fails to escape characters forbidden by the XML 1.0 standard, producing malformed XML output. Conforming XML parsers are required to reject documents containing such characters with a fatal error, which may cause downstream log...

7.5CVSS5.8AI score0.00535EPSS
Exploits1References7
ATTACKERKB
ATTACKERKB
added 2026/04/09 8:45 p.m.19 views

CVE-2026-5979

A vulnerability was detected in D-Link DIR-605L 2.13B01. Affected by this vulnerability is the function formVirtualServ of the file /goform/formVirtualServ of the component POST Request Handler. The manipulation of the argument curTime results in buffer overflow. The attack can be launched...

9CVSS7.7AI score0.0069EPSS
Exploits1References5Affected Software1
EUVD
EUVD
added 2026/04/08 6:31 a.m.11 views

EUVD-2026-20060

Amon2::Plugin::Web::CSRFDefender versions from 7.00 through 7.03 for Perl generate an insecure session id. The generatesessionid function will attempt to read bytes from the /dev/urandom device, but if that is unavailable then it generates bytes using SHA-1 hash seeded with the built-in rand...

9.8CVSS5.9AI score0.00521EPSS
Exploits0References4
NVD
NVD
added 2026/04/08 6:16 a.m.4 views

CVE-2026-5082

Amon2::Plugin::Web::CSRFDefender versions from 7.00 through 7.03 for Perl generate an insecure session id. The generatesessionid function will attempt to read bytes from the /dev/urandom device, but if that is unavailable then it generates bytes using SHA-1 hash seeded with the built-in rand...

5.3CVSS0.00405EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/04/07 5:3 p.m.4 views

CVE-2026-21380

Memory Corruption when using deprecated DMABUF IOCTL calls to manage video memory...

7.8CVSS5.9AI score0.00075EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/06 6:33 p.m.4 views

EUVD-2026-19336

Memory Corruption when using deprecated DMABUF IOCTL calls to manage video memory...

7.8CVSS5.9AI score0.00075EPSS
Exploits0References2
NVD
NVD
added 2026/04/06 4:16 p.m.4 views

CVE-2026-21380

Memory Corruption when using deprecated DMABUF IOCTL calls to manage video memory...

7.8CVSS0.00075EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/06 3:33 p.m.3 views

CVE-2026-21380 Use After Free in DSP Service

Memory Corruption when using deprecated DMABUF IOCTL calls to manage video memory...

7.8CVSS5.9AI score0.00075EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/06 3:33 p.m.36 views

CVE-2026-21380 Use After Free in DSP Service

Memory Corruption when using deprecated DMABUF IOCTL calls to manage video memory...

7.8CVSS0.00075EPSS
Exploits0References1
CVE
CVE
added 2026/04/06 3:33 p.m.30 views

CVE-2026-21380

CVE-2026-21380 involves memory corruption (use-after-free) in the DSP service when deprecated DMABUF IOCTL calls are used to manage video memory. Documents describe a local, low-privilege attack with no user interaction and high impact to confidentiality, integrity, and availability. Root cause i...

7.8CVSS5.9AI score0.00075EPSS
Exploits0References1Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/04 6:15 a.m.10 views

AVideo: Unauthenticated Access to Payment Order Data via BlockonomicsYPT check.php

Summary The BlockonomicsYPT plugin's check.php endpoint returns payment order data for any Bitcoin address without requiring authentication. The endpoint was designed as an AJAX polling helper for the authenticated invoice.php page, but it performs no access control checks of its own. Since Bitco...

3.7CVSS5.9AI score0.00318EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/04 12:0 a.m.6 views

PT-2026-30333

Name of the Vulnerable Software and Affected Versions AVideo versions 26.0 and prior Description The BlockonomicsYPT plugin's check.php endpoint returns payment order data for any Bitcoin address without authentication. The endpoint was intended as an AJAX polling helper for the authenticated...

3.7CVSS5.9AI score0.00318EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2026/03/31 11:27 p.m.7 views

SUSE CVE-2026-34041

act is a project which allows for local running of github actions. Prior to version 0.2.86, act unconditionally processes the deprecated ::set-env:: and ::add-path:: workflow commands, which was disabled due to environment injection risks. When a workflow step echoes untrusted data to stdout, an...

9.8CVSS5.9AI score0.00619EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/03/31 1:43 a.m.4 views

CVE-2026-34041 act: Unrestricted set-env and add-path command processing enables environment injection

act is a project which allows for local running of github actions. Prior to version 0.2.86, act unconditionally processes the deprecated ::set-env:: and ::add-path:: workflow commands, which was disabled due to environment injection risks. When a workflow step echoes untrusted data to stdout, an...

7.7CVSS5.9AI score0.00619EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.6 views

PT-2026-28594

Name of the Vulnerable Software and Affected Versions act versions prior to 0.2.86 Description act unconditionally processes the deprecated ::set-env:: and ::add-path:: workflow commands, which GitHub Actions disabled due to environment injection risks. When a workflow step echoes untrusted data ...

9.8CVSS6AI score0.60368EPSS
Exploits18References49
Rows per page
Query Builder