Lucene search
+L

92 matches found

Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.12 views

PT-2026-53690

Name of the Vulnerable Software and Affected Versions CSS::Minifier::XS versions prior to 0.14 Description The minify function contains a memory leak that occurs when processing a document consisting entirely of characters intended for removal, such as whitespace and comments, resulting in the...

6.5CVSS5.8AI score0.00238EPSS
Exploits0References5
OSV
OSV
added 2026/06/26 10:32 p.m.4 views

GHSA-J748-H363-WQJ8 Authelia has an Edge Case Access Control Rule Mismatch

Impact CVSSv4 Baseline Score: Low 2.4 CVSSv4 Weighted Score: Low 1.3 The full CVSSv4 Vector for this vulnerability is: CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:P/CR:H/IR:L/AR:L/MAV:N/MAC:H/MAT:P/MPR:L/MVC:L/MVI:N/MVA:N/MSC:L/MSI:N/MSA:N/S:N/AU:Y/R:U/V:D/RE:L/U:Amber...

2.3CVSS5.7AI score0.00283EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/26 10:32 p.m.13 views

EUVD-2026-38083

Authelia has an Edge Case Access Control Rule Mismatch...

2.3CVSS5.8AI score0.00283EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.14 views

PT-2026-52841

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A GPU shader compiler library contains a flaw where loading a web page with unusual GPU shader code can trigger an out-of-bounds write. This occurs during an edg...

7.7CVSS5.8AI score0.00118EPSS
Exploits0References4
CVE
CVE
added 2026/06/19 8:23 p.m.68 views

CVE-2026-48794

CVE-2026-48794 affects Authelia (versions 4.36.0–4.39.19). A domain canonicalization edge case can cause an access control rule to be skipped when it should match a request, under very specific conditions involving forwarded authorization, multi-segment subdomains (e.g., a.b.example.com vs exampl...

2.3CVSS5.8AI score0.00283EPSS
Exploits0References2
OSV
OSV
added 2026/06/19 8:23 p.m.3 views

CVE-2026-48794 Authelia has an Edge Case Access Control Rule Mismatch

Authelia is an open-source authentication and authorization server providing two-factor authentication and single sign-on SSO for applications via a web portal. In versions 4.36.0 through 4.39.19, due to lack of canonicalization of domains in very specific edge cases, an access control rule may b...

2.3CVSS5.9AI score0.00283EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/19 8:23 p.m.27 views

CVE-2026-48794 Authelia has an Edge Case Access Control Rule Mismatch

Authelia is an open-source authentication and authorization server providing two-factor authentication and single sign-on SSO for applications via a web portal. In versions 4.36.0 through 4.39.19, due to lack of canonicalization of domains in very specific edge cases, an access control rule may b...

2.3CVSS0.00283EPSS
Exploits0References2
OSV
OSV
added 2026/05/29 10:28 a.m.8 views

BIT-NEO4J-2026-1524 Auth misconfiguration when multiple providers enabled

An edgecase in SSO implementation in Neo4j Enterprise edition versions prior to version 2026.02 can lead to unauthorised access under the following conditions: If a neo4j admin configures two or more OIDC providers AND configures one or more of them to be an authorization provider AND configures...

9.8CVSS5.8AI score0.00315EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.22 views

Astra Linux – Vulnerability in Tomcat9

The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61, or 7.0.0 to 7.0.107, the Tomcat instance was still vulnerable to CVE-2020-9494, even when using a configuration edge case that was highly unlikely to be used. It should be...

7CVSS6.7AI score0.09491EPSS
Exploits16References1
OSV
OSV
added 2026/05/19 4:18 p.m.18 views

GHSA-FHVH-VW7H-9XF3 libcrux-ml-dsa: Signature Verification on AVX2 Platforms Mishandles Edge Case

The AVX2 implementation of ML-DSA verification incorrectly implemented the usehint function, mishandling an edge case that should lead to signature rejection. Impact An attacker could make the ML-DSA verifier accept a crafted invalid signature under a maliciously generated verification key, if th...

8.2CVSS5.8AI score
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/05/19 4:18 p.m.51 views

libcrux-ml-dsa: Signature Verification on AVX2 Platforms Mishandles Edge Case

The AVX2 implementation of ML-DSA verification incorrectly implemented the usehint function, mishandling an edge case that should lead to signature rejection. Impact An attacker could make the ML-DSA verifier accept a crafted invalid signature under a maliciously generated verification key, if th...

5.8AI score
Exploits0References5Affected Software1
Packet Storm News
Packet Storm News
added 2026/05/19 12:0 a.m.14 views

SAGE: Scalable Automatic Gating Ensemble for Confident Negative Harvesting in Fraud Detection

Music streaming fraud, where bad actors artificially inflate stream counts to manipulate chart rankings and royalty payments, poses a significant threat to streaming services and legitimate content creators. Traditional fraud detection approaches struggle with a critical challenge: many legitimat...

5.8AI score
Exploits0
OSV
OSV
added 2026/05/05 12:0 p.m.6 views

RUSTSEC-2026-0125 Signature Verification on AVX2 Platforms Mishandles Edge Case

The AVX2 implementation of ML-DSA verification incorrectly implemented the usehint function, mishandling an edge case that should lead to signature rejection. Impact An attacker could make the ML-DSA verifier accept a crafted invalid signature under a maliciously generated verification key, if th...

8.2CVSS5.8AI score
Exploits0References5
RustSec
RustSec
added 2026/05/05 12:0 p.m.11 views

Signature Verification on AVX2 Platforms Mishandles Edge Case

The AVX2 implementation of ML-DSA verification incorrectly implemented the usehint function, mishandling an edge case that should lead to signature rejection. Impact An attacker could make the ML-DSA verifier accept a crafted invalid signature under a maliciously generated verification key, if th...

5.8AI score
Exploits0Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/01 5:25 p.m.3 views

CVE-2026-34397

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From versions 2.0.0-alpha to before 2.3.9 and 3.0.0-alpha to before 3.1.1, there is a conditional local privilege escalation vulnerability in an edge-case naming collision. Only authenticated himmelblau users whose...

6.3CVSS5.8AI score0.00158EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.6 views

PT-2026-29576

Name of the Vulnerable Software and Affected Versions Himmelblau versions 2.0.0-alpha through 2.3.8 and 3.0.0-alpha through 3.1.0 Description Himmelblau, an interoperability suite for Microsoft Azure Entra ID and Intune, contains a conditional local privilege escalation issue due to an edge-case...

8.8CVSS5.9AI score0.00707EPSS
Exploits4References23
OSV
OSV
added 2026/03/11 4:16 p.m.3 views

CVE-2026-1524 Auth misconfiguration when multiple providers enabled

An edgecase in SSO implementation in Neo4j Enterprise edition versions prior to version 2026.02 can lead to unauthorised access under the following conditions: If a neo4j admin configures two or more OIDC providers AND configures one or more of them to be an authorization provider AND configures...

2.1CVSS6AI score0.00315EPSS
Exploits0References3
Packet Storm
Packet Storm
added 2026/03/03 12:0 a.m.141 views

📄 libvips 8.19.0 VIPS Image Extraction Crash / Auditor

This Python script performs a comprehensive security and stability audit of the vips image processing binary. It tests the extractarea function using extreme int32 and uint32 values as well as normal ranges to detect crashes, memory corruption, or buffer overflows. The audit automates setup,...

6AI score
Exploits0
OSV
OSV
added 2026/02/19 4:27 p.m.6 views

UBUNTU-CVE-2026-26345

SPIP before 4.4.8 contains a stored cross-site scripting XSS vulnerability in the public area triggered in certain edge-case usage patterns. The echapperhtmlsuspect function does not adequately sanitize user-controlled content, allowing authenticated users with content-editing privileges e.g.,...

8.6CVSS5.7AI score0.00169EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.11 views

MiracleLinux 7 : tomcat-7.0.76-16.0.1.el7.AXS7 (AXSA:2024-8731:12)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8731:12 advisory. Fix file path bug introduced by the CVE-2021-25329 fix CVEs: CVE-2021-25329 The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to...

7.5CVSS7.8AI score0.56636EPSS
Exploits16References2
Rows per page
Query Builder