Lucene search
K

9204 matches found

Tenable Nessus
Tenable Nessus
added 2026/04/17 12:0 a.m.6 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007420)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007420 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: imm: Fix use-after-free bug caused by unfinished delayed work The delayed work item 'immtq'...

5.8AI score0.00171EPSS
Exploits0References4
Oracle linux
Oracle linux
added 2026/04/17 12:0 a.m.7 views

nodejs:20 security update

nodejs 1:20.20.2-1 - Update to version 20.20.2 - Patch nghttp2 to version 1.68.1 and disable tests which would fail due to this change. Resolves: RHEL-154018 Fixes: CVE-2026-27135 CVE-2026-27904 CVE-2026-26996 CVE-2026-25547 CVE-2026-21710 nodejs-nodemon 3.0.1-1 - Rebase to 3.0.1 - Resolves:...

8.7CVSS5.7AI score0.26356EPSS
Exploits5
SUSE CVE
SUSE CVE
added 2026/04/16 11:28 p.m.3 views

SUSE CVE-2026-33220

Weblate is a web based localization tool. In versions prior to 5.17, the translation memory API exposed unintended endpoints, which in turn didn't perform proper access control. This issue has been fixed in version 5.17. If developers are unable to update immediately, they can disable this featur...

6.8CVSS5.6AI score0.00323EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/16 10:34 p.m.9 views

EUVD-2026-23243

@fastify/static vulnerable to path traversal in directory listing...

5.3CVSS5.8AI score0.00506EPSS
Exploits0References3
OSV
OSV
added 2026/04/16 10:16 p.m.4 views

ALPINE-CVE-2026-40170

ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2qlogparameterssettransportparams serializes peer transport parameters into a fixed 1024-byte stack buffer without bounds checking. When qlog is enabled, a remote peer can send sufficiently large transport...

7.5CVSS5.9AI score0.00776EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2026/04/16 9:34 p.m.8 views

CVE-2026-40170

ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2qlogparameterssettransportparams serializes peer transport parameters into a fixed 1024-byte stack buffer without bounds checking. When qlog is enabled, a remote peer can send sufficiently large transport...

7.5CVSS5.7AI score0.00776EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2026/04/16 9:34 p.m.2 views

CVE-2026-40170

ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2qlogparameterssettransportparams serializes peer transport parameters into a fixed 1024-byte stack buffer without bounds checking. When qlog is enabled, a remote peer can send sufficiently large transport...

7.5CVSS5.7AI score0.00776EPSS
Exploits1References9
Snyk
Snyk
added 2026/04/16 8:45 p.m.4 views

Server-side Request Forgery (SSRF)

Overview weblate is an A web-based continuous localization system with tight version control integration Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the fetchurl function in the webhook add-on. An attacker can access internal resources by supplying...

5.9CVSS5.7AI score0.00275EPSS
Exploits0References2
OSV
OSV
added 2026/04/16 8:45 p.m.5 views

GHSA-F8HV-G549-HWG2 Weblate: SSRF via the webhook add-on using unprotected fetch_url()

Impact The webhook add-on did not utilize existing SSRF protection. Patches https://github.com/WeblateOrg/weblate/pull/18815 Workarounds Disabling the add-on would avoid misusing this. References Thanks to @Lihfdgjr for reporting this via GitHub...

4.1CVSS5.8AI score0.00275EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/16 8:41 p.m.8 views

EUVD-2026-23000

Weblate: JavaScript localization CDN add-on allows arbitrary local file read outside the repository...

6.8CVSS5.9AI score0.00323EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/04/16 7:22 p.m.5 views

CVE-2026-33220

Weblate is a web based localization tool. In versions prior to 5.17, the translation memory API exposed unintended endpoints, which in turn didn't perform proper access control. This issue has been fixed in version 5.17. If developers are unable to update immediately, they can disable this featur...

6.8CVSS5.8AI score0.00323EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/16 1:29 p.m.4 views

CVE-2026-6410

@fastify/static versions 8.0.0 through 9.1.0 allow path traversal when directory listing is enabled via the list option. The dirList.path function resolves directories outside the configured static root using path.join without a containment check. A remote unauthenticated attacker can obtain...

5.3CVSS5.9AI score0.00506EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/04/16 1:29 p.m.34 views

CVE-2026-6410 @fastify/static vulnerable to path traversal in directory listing

@fastify/static versions 8.0.0 through 9.1.0 allow path traversal when directory listing is enabled via the list option. The dirList.path function resolves directories outside the configured static root using path.join without a containment check. A remote unauthenticated attacker can obtain...

5.3CVSS0.00506EPSS
Exploits0References2
NVD
NVD
added 2026/04/16 10:16 a.m.5 views

CVE-2024-8010

The component accepts XML input through the publisher without disabling external entity resolution. This allows malicious actors to submit a crafted XML payload that exploits the unescaped external entity references. By leveraging this vulnerability, a malicious actor can read confidential files...

7.5CVSS0.00273EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/16 1:22 a.m.2 views

CVE-2026-35032

Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain a vulnerability chain in the LiveTV M3U tuner endpoint POST /LiveTv/TunerHosts, where the tuner URL is not validated, allowing local file read via non-HTTP paths and Server-Side Request Forgery SSRF via HTTP...

8.6CVSS5.8AI score0.00312EPSS
Exploits1References1
PyPA
PyPA
added 2026/04/15 7:16 p.m.12 views

PYSEC-2026-156

Weblate is a web based localization tool. In versions prior to 5.17, the webhook add-on did not utilize existing SSRF protections. This issue has been fixed in version 5.17. If developers are unable to update immediately, they can disable the webhook add-on as a workaround...

4.1CVSS5.7AI score0.00275EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/04/15 7:16 p.m.7 views

PYSEC-2026-153

Weblate is a web based localization tool. In versions prior to 5.17, the translation memory API exposed unintended endpoints, which in turn didn't perform proper access control. This issue has been fixed in version 5.17. If developers are unable to update immediately, they can disable this featur...

6.8CVSS5.7AI score0.00323EPSS
Exploits0References2
PyPA
PyPA
added 2026/04/15 7:16 p.m.11 views

PYSEC-2026-153

Weblate is a web based localization tool. In versions prior to 5.17, the translation memory API exposed unintended endpoints, which in turn didn't perform proper access control. This issue has been fixed in version 5.17. If developers are unable to update immediately, they can disable this featur...

6.8CVSS5.7AI score0.00323EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/15 6:26 p.m.2 views

CVE-2026-39845 Weblate: SSRF via the webhook add-on using unprotected fetch_url()

Weblate is a web based localization tool. In versions prior to 5.17, the webhook add-on did not utilize existing SSRF protections. This issue has been fixed in version 5.17. If developers are unable to update immediately, they can disable the webhook add-on as a workaround...

4.1CVSS5.7AI score0.00275EPSS
Exploits0References2
CVE
CVE
added 2026/04/15 6:26 p.m.17 views

CVE-2026-39845

Weblate (web-based localization tool) has a vulnerability in versions prior to 5.17 where the webhook add-on did not apply SSRF protections. The root cause is exposure via the webhook add-on’s fetch_url() path, enabling potential SSRF risks as described in the CVE entry. The issue is fixed in ver...

4.1CVSS5.7AI score0.00275EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder