Lucene search
K

9204 matches found

RedhatCVE
RedhatCVE
added 2026/04/01 1:18 p.m.2 views

CVE-2026-35091

A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit token sanity check by sending a specially crafted User Datagram Protocol UDP packet. This can lead to an out-of-bounds read, causing a denial of service...

8.2CVSS5.9AI score0.00867EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/04/01 7:21 a.m.3 views

CVE-2026-33987

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. A memory corruption vulnerability exists in the persistent cache handling. If a memory reallocation fails, an internal size variable is incorrectly updated, while the data pointer still refers to the original,...

7.8CVSS6.1AI score0.001EPSS
Exploits0References5
Snyk
Snyk
added 2026/03/31 11:49 p.m.1 views

Inefficient Algorithmic Complexity

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity in the GraphQL query complexity validation process. An attacker can cause the Node.js eve...

8.2CVSS5.8AI score0.00463EPSS
Exploits0References2
NVD
NVD
added 2026/03/31 9:16 p.m.6 views

CVE-2026-34613

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo endpoint objects/pluginSwitch.json.php allows administrators to enable or disable any installed plugin. The endpoint checks for an active admin session but does not validate a CSRF token. Additionally, the plugin...

6.5CVSS0.00201EPSS
Exploits1References1
OSV
OSV
added 2026/03/31 8:45 p.m.9 views

CVE-2026-34613 AVideo: CSRF on Plugin Enable/Disable Endpoint Allows Disabling Security Plugins

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo endpoint objects/pluginSwitch.json.php allows administrators to enable or disable any installed plugin. The endpoint checks for an active admin session but does not validate a CSRF token. Additionally, the plugin...

6.5CVSS5.9AI score0.00201EPSS
Exploits1References3
CVE
CVE
added 2026/03/31 8:45 p.m.29 views

CVE-2026-34613

The CVE affects WWBN AVideo (versions 26.0 and earlier). The endpoint objects/pluginSwitch.json.php lets an admin enable/disable plugins without validating a CSRF token, and the plugin list is exempt from ORM-level Referer/Origin checks via ignoreTableSecurityCheck(), bypassing domain validation ...

6.5CVSS5.9AI score0.00201EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/31 8:45 p.m.2 views

CVE-2026-34613 AVideo: CSRF on Plugin Enable/Disable Endpoint Allows Disabling Security Plugins

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo endpoint objects/pluginSwitch.json.php allows administrators to enable or disable any installed plugin. The endpoint checks for an active admin session but does not validate a CSRF token. Additionally, the plugin...

6.5CVSS5.9AI score0.00201EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/31 8:45 p.m.2 views

CVE-2026-34613

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo endpoint objects/pluginSwitch.json.php allows administrators to enable or disable any installed plugin. The endpoint checks for an active admin session but does not validate a CSRF token. Additionally, the plugin...

6.5CVSS5.9AI score0.00201EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/03/31 8:45 p.m.24 views

CVE-2026-34613 AVideo: CSRF on Plugin Enable/Disable Endpoint Allows Disabling Security Plugins

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo endpoint objects/pluginSwitch.json.php allows administrators to enable or disable any installed plugin. The endpoint checks for an active admin session but does not validate a CSRF token. Additionally, the plugin...

6.5CVSS0.00201EPSS
Exploits1References1
OSV
OSV
added 2026/03/31 4:16 p.m.5 views

ALPINE-CVE-2026-34235

PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, a heap out-of-bounds read vulnerability exists in PJSIP's VP9 RTP unpacketizer that occurs when parsing crafted VP9 Scalability Structure SS data. Insufficient bounds checking on the payload...

9.1CVSS5.3AI score0.00405EPSS
Exploits0References1
NVD
NVD
added 2026/03/31 4:16 p.m.2 views

CVE-2026-34235

PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, a heap out-of-bounds read vulnerability exists in PJSIP's VP9 RTP unpacketizer that occurs when parsing crafted VP9 Scalability Structure SS data. Insufficient bounds checking on the payload...

9.1CVSS0.00405EPSS
Exploits0References2
CVE
CVE
added 2026/03/31 3:36 p.m.16 views

CVE-2026-34235

CVE-2026-34235 affects the PJSIP library (C) prior to version 2.17, where the VP9 RTP unpacketizer has a heap out-of-bounds read when parsing crafted VP9 SS data. The vulnerability stems from insufficient bounds checking on the payload descriptor length, causing reads beyond the RTP payload buffe...

9.1CVSS5.8AI score0.00405EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/03/31 3:36 p.m.4 views

EUVD-2026-17494

PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, a heap out-of-bounds read vulnerability exists in PJSIP's VP9 RTP unpacketizer that occurs when parsing crafted VP9 Scalability Structure SS data. Insufficient bounds checking on the payload...

6.9CVSS5.8AI score0.00405EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.5 views

PT-2026-29286

PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, a heap out-of-bounds read vulnerability exists in PJSIP's VP9 RTP unpacketizer that occurs when parsing crafted VP9 Scalability Structure SS data. Insufficient bounds checking on the payload...

9.1CVSS5.8AI score0.00405EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.4 views

PT-2026-29359

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo endpoint objects/pluginSwitch.json.php allows administrators to enable or disable any installed plugin. The endpoint checks for an active admin session but does not validate a CSRF token. Additionally, the plugin...

6.5CVSS5.9AI score0.00201EPSS
Exploits1References3
SUSE Linux
SUSE Linux
added 2026/03/30 9:17 a.m.4 views

Security Beta update 5.2.0 Beta1 for Multi-Linux Manager Client Tools

This update fixes the following issues: mgr-push: Version 5.2.3-0 Disable build for SLES 16 rhnlib: Version 5.2.4-0 Disable build for SLES 16 spacecmd: Version 5.2.6-0 Update translation strings spacewalk-client-tools: Version 5.2.4-0 Disable build for SLES 16 uyuni-common-libs: Version 5.2.3-0...

8.7CVSS6.7AI score0.00407EPSS
Exploits0References28
OSV
OSV
added 2026/03/30 9:16 a.m.2 views

SUSE-SU-2026:1142-1 Security Beta update 5.2.0 Beta1 for Multi-Linux Manager Client Tools

This update fixes the following issues: mgr-push: - Version 5.2.3-0 Disable build for SLES 16 rhnlib: - Version 5.2.4-0 Disable build for SLES 16 spacecmd: - Version 5.2.6-0 Update translation strings spacewalk-client-tools: - Version 5.2.4-0 Disable build for SLES 16 uyuni-common-libs: - Version...

7.8CVSS5.9AI score0.00407EPSS
Exploits0References11
SUSE Linux
SUSE Linux
added 2026/03/30 9:16 a.m.4 views

Security Beta update 5.2.0 Beta1 for Multi-Linux Manager Client Tools

This update fixes the following issues: mgr-push: Version 5.2.3-0 Disable build for SLES 16 rhnlib: Version 5.2.4-0 Disable build for SLES 16 spacecmd: Version 5.2.6-0 Update translation strings spacewalk-client-tools: Version 5.2.4-0 Disable build for SLES 16 uyuni-common-libs: Version 5.2.3-0...

8.7CVSS6.7AI score0.00407EPSS
Exploits0References22
Oracle linux
Oracle linux
added 2026/03/30 12:0 a.m.9 views

kernel security update

4.18.0-553.115.1 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug: 24817676 - Conflict with shim-ia32 and...

7.8CVSS6.8AI score0.00253EPSS
Exploits0
Oracle linux
Oracle linux
added 2026/03/30 12:0 a.m.7 views

kernel security update

6.12.0-124.47.1 - Add new Oracle Linux Driver Signing key 1 certificate Orabug: 37985782 - Disable UKI signing Orabug: 36571828 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list...

7.8CVSS5.9AI score0.00812EPSS
Exploits1
Rows per page
Query Builder