Lucene search
K

211 matches found

OSV
OSV
added 2026/03/23 8:52 p.m.1 views

GHSA-CG4J-Q9V8-6V38 Rails Active Support has a possible ReDoS vulnerability in number_to_delimited

Impact NumberToDelimitedConverter used a regular expression with gsub! to insert thousands delimiters. This could produce quadratic time complexity on long digit strings. Releases The fixed releases are available at the normal locations. Credit This issue was responsibly reported by Hackerone...

6.9CVSS6.5AI score0.00498EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.7 views

PT-2026-27256

Name of the Vulnerable Software and Affected Versions Active Support versions prior to 8.1.2.1 Active Support versions prior to 8.0.4.1 Active Support versions prior to 7.2.3.1 Description The NumberToDelimitedConverter component utilizes a regular expression with gsub! to insert thousands...

6.9CVSS5.7AI score0.00498EPSS
Exploits0References21
RubySec
RubySec
added 2026/03/23 12:0 a.m.13 views

Rails Active Support has a possible ReDoS vulnerability in number_to_delimited

Impact NumberToDelimitedConverter used a regular expression with gsub! to insert thousands delimiters. This could produce quadratic time complexity on long digit strings. Releases The fixed releases are available at the normal locations...

6.9CVSS5.7AI score0.00498EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/03/22 3:16 a.m.6 views

CVE-2026-33550

SOGo before 5.12.5 does not renew the OTP if a user disables/enables it, and has a too short length only 12 digits instead of the 20 recommended...

2.6CVSS0.00135EPSS
Exploits0References2
OSV
OSV
added 2026/03/22 3:16 a.m.2 views

DEBIAN-CVE-2026-33550

SOGo before 5.12.5 does not renew the OTP if a user disables/enables it, and has a too short length only 12 digits instead of the 20 recommended...

2.6CVSS5.3AI score0.00135EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/03/22 3:16 a.m.9 views

CVE-2026-33550

SOGo before 5.12.5 does not renew the OTP if a user disables/enables it, and has a too short length only 12 digits instead of the 20 recommended...

2.6CVSS5.9AI score0.00135EPSS
Exploits0References3
OSV
OSV
added 2026/02/13 1:15 p.m.8 views

OESA-2026-1349 tinyxml2 security update

TinyXML-2 is a simple, small, efficient, C++ XML parser that can be easily integrated into other programs. TinyXML-2 parses an XML document, and builds from that a Document Object Model DOM that can be read, modified, and saved. Security Fixes: TinyXML2 through 10.0.0 has a reachable assertion fo...

6.5CVSS5.6AI score0.004EPSS
Exploits2References3
EUVD
EUVD
added 2026/01/22 4:52 p.m.5 views

EUVD-2026-4011

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in noCreativity Dooodl dooodl allows Reflected XSS.This issue affects Dooodl: from n/a through = 2.3.0...

5.4AI score0.00236EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.3 views

MiracleLinux 8 : dhcp-4.3.6-44.el8.1 (AXSA:2021-2197:04)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2197:04 advisory. dhcp: stack-based buffer overflow when parsing statements with colon-separated hex digits in config or lease files in dhcpd and dhclient CVE-2021-25217 Tenab...

7.4CVSS6AI score0.06118EPSS
Exploits1References2
EUVD
EUVD
added 2026/01/02 6:30 p.m.3 views

EUVD-2026-0506

This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure...

5.5AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/12/18 12:0 a.m.4 views

RockyLinux 8 : python38:3.8 and python38-devel:3.8 (RLSA-2023:2763)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:2763 advisory. python: int type in PyLongFromString does not limit amount of digits converting text to int leading to DoS CVE-2020-10735 python: open redirection...

7.5CVSS7AI score0.03502EPSS
Exploits1References7
CVE
CVE
added 2025/12/16 9:20 a.m.19 views

CVE-2025-14002

CVE-2025-14002 — The WPCOM Member plugin for WordPress allows authentication bypass via brute force. Root cause: weak OTP generation (6 digits) with a 10-minute validity and no rate limiting on verification attempts. Impact: unauthenticated attackers can log in as any user (including admins) if t...

8.1CVSS6.2AI score0.00458EPSS
Exploits0References4
EUVD
EUVD
added 2025/11/05 2:57 p.m.5 views

EUVD-2025-37768

A type confusion vulnerability exists in the lassonodeimplinitfromxml functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML response can lead to an arbitrary code execution. An attacker can send a malformed SAML response to trigger this vulnerability...

9.8CVSS7.3AI score0.00817EPSS
Exploits1References3
AstraLinux
AstraLinux
added 2025/11/01 10:54 a.m.2 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: crypto: ecdsa – Mitigation of integer overflows in DIVROUNDUP. Herbert notes that DIVROUNDUP may cause unnecessary overflows if the -keysize callback of an ecdsa implementation returns an unusually large value. Instead, Herbert...

5.5CVSS6.2AI score0.00149EPSS
Exploits0References3
Snyk
Snyk
added 2025/10/16 4:40 p.m.5 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the jsbigintfromstring function when parsing strings with an excessively large number of digits. An attacker can cause a heap out-of-bounds write by supplying a crafted string input that triggers an...

8.8CVSS5.9AI score0.00447EPSS
Exploits1References2
Malwarebytes
Malwarebytes
added 2025/10/07 8:34 a.m.6 views

Discord warns users after data stolen in third-party breach

Popular social platform Discord has suffered a data breach—though technically, it wasn’t Discord itself that was hacked. A third-party customer support provider was compromised, allowing attackers to access Discord’s user data. Either way, it’s Discord users who feel the impact. The breach, which...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2020-21812

Malware in sbrugna...

4.6CVSS5AI score0.00409EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2016-6009

Malware in sbrugna...

7.5CVSS6.8AI score0.01397EPSS
Exploits2References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.20 views

EUVD-2022-53462

Malicious code in bioql PyPI...

5.3CVSS5.7AI score0.01166EPSS
Exploits0References3
Imperva Blog
Imperva Blog
added 2025/09/15 8:12 p.m.13 views

Google Pay, Drug Bots, and SIM Swaps: How Old Leaks and New Vulnerabilities Power Attacks

It starts with something simple: a CAPTCHA box on your screen. You type the number you see, because of course you do. That’s what humans do online. But what if that “CAPTCHA” wasn’t a CAPTCHA at all? In this post, I’ll walk you through how old data leaks, lazy telecom verification, and a...

6.5AI score
Exploits0
Rows per page
Query Builder