Lucene search
+L

444 matches found

CVE
CVE
added yesterday6 views

CVE-2026-62963

CVE-2026-62963 affects Centrifugo prior to 6.8.4. The unidirectional WebSocket transport with uni_websocket.compression enabled did not cap output after decompression in ReadMessage (internal/websocket/conn.go advanceFrame), allowing unauthenticated requests to /connection/uni_websocket to trigge...

8.7CVSS6.1AI score
Exploits0References4
OSV
OSV
added 3 days ago3 views

CVE-2026-49476 Soup Sieve: Memory Exhaustion via Large Comma-Separated Selector Lists in soupsieve

Soup Sieve is a CSS selector library designed to be used with Beautiful Soup 4. Prior to 2.8.4, the CSS selector parser in soupsieve allocates unbounded memory when compiling large comma-separated selector lists, allowing an attacker who can supply a crafted selector string to soupsieve.compile o...

7.5CVSS6.1AI score0.00601EPSS
Exploits0References5
CVE
CVE
added 3 days ago15 views

CVE-2026-49477

Soup Sieve (CSS selector engine used by Beautiful Soup 4) Before 2.8.4 contains a regular-expression backtracking bug in soupsieve/css_parser.py (VALUE pattern) that enables catastrophic backtracking on unterminated quoted attribute values, causing CPU exhaustion and potential DoS when compiling ...

7.5CVSS6.1AI score0.00601EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/07/09 12:0 a.m.9 views

Podman 1.8.1 < 5.8.4 / 6.0.0 Host Environment Variable Leak (GHSA-4hq8-gpf5-8p68)

The version of Podman installed on the remote host is prior to 5.8.4 / 6.0.0. It is, therefore, affected by an information disclosure vulnerability. - Podman is a tool for managing OCI containers and pods. From 1.8.1 until 5.8.4, a container image that contains an environment variable with just a...

7.5CVSS6.2AI score0.0026EPSS
Exploits0References2
OSV
OSV
added 2026/07/08 8:25 p.m.1 views

GHSA-9X82-RM84-C6X7 DSpace has possible Remote Code Execution (RCE) through Velocity Templates used by LDN

Overview Remote Code Execution RCE is possible via Velocity Templates used by DSpace for COAR Notify/LDN messages. This vulnerability impacts DSpace versions 8.0 = 8.3, 9.0 = 9.2. The attacker MUST already have DSpace administrator credentials in order to perform the attack. This attack is relate...

8CVSS6.2AI score
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/07/08 9:57 a.m.5 views

Moderate: Red Hat Security Advisory: glibc security update

An update for glibc is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability...

9.8CVSS6AI score0.00502EPSS
Exploits1References2
NVD
NVD
added 2026/07/06 8:16 a.m.7 views

CVE-2026-12083

The Admin and Site Enhancements ASE WordPress plugin before 8.8.4, admin-site-enhancements-pro WordPress plugin before 8.8.4 does not perform authentication, authorization, or nonce checks on a role-restoration request handler, allowing unauthenticated attackers to restore a previously demoted...

8.1CVSS0.00295EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/07/06 6:39 a.m.8 views

Important: Red Hat Security Advisory: ruby:2.5 security update

An update for the ruby:2.5 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Common...

7.6CVSS6AI score0.00813EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/06 6:0 a.m.35 views

CVE-2026-12083 Admin and Site Enhancements < 8.8.4 - Unauthenticated Administrator-Role Restoration via reset-for Parameter

The Admin and Site Enhancements ASE WordPress plugin before 8.8.4, admin-site-enhancements-pro WordPress plugin before 8.8.4 does not perform authentication, authorization, or nonce checks on a role-restoration request handler, allowing unauthenticated attackers to restore a previously demoted...

0.00295EPSS
Exploits0References1
Debian
Debian
added 2026/07/04 12:44 p.m.9 views

[SECURITY] [DSA 6377-1] php8.4 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6377-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 04, 2026 https://www.debian.org/security/faq -...

5.6CVSS6.1AI score0.00306EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/07/03 8:57 p.m.7 views

CVE-2026-14355

In PHP versions 8.2. before 8.2.32, 8.3. before 8.3.32, 8.4. before 8.4.23, 8.5. before 8.5.8, the AES-WRAP-PAD algorithm implementation in OpenSSL extension contains a buffer allocation flaw. The output buffer for the AES key-wrap-with-padding operation is sized from the plaintext length without...

5.6CVSS6.1AI score0.00306EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2026/07/01 6:20 p.m.7 views

Important: Red Hat Security Advisory: postgresql:12 security update

An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A...

8.8CVSS5.9AI score0.00668EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/29 7:43 a.m.7 views

Important: Red Hat Security Advisory: flatpak security update

An update for flatpak is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerabili...

10CVSS7.8AI score0.0168EPSS
Exploits0References3
Chainguard
Chainguard
added 2026/06/26 8:22 p.m.8 views

GHSA-78MQ-XCR3-XM33 vulnerabilities

Vulnerabilities for packages: packer, reports-server, skaffold-fips, act, argocd-image-updater-fips, cilium-cli, commercial-grafana, guac, frankenphp-8.4, tekton-pipelines-fips, mattermost, argo-cd-fips, istio, prometheus, zarf-fips, flux-source-controller, grype-db, redpanda-console,...

5.3AI score
Exploits0
Chainguard
Chainguard
added 2026/06/26 8:22 p.m.8 views

GHSA-W879-237Q-WC7R vulnerabilities

Vulnerabilities for packages: drone, crossplane-provider-azure-servicelinker, docker-cli-buildx-fips, packer, reports-server, skaffold-fips, act, argocd-image-updater-fips, cilium-cli, mods, kargo, tflint-fips, commercial-grafana, guac, crossplane-provider-azure-network, frankenphp-8.4,...

5.3AI score
Exploits0
CVE
CVE
added 2026/06/26 4:29 p.m.26 views

CVE-2026-57231

CVE-2026-57231 affects Podman versions 1.8.1 through 5.8.4, where a container image with an Env entry having only a key (and using the * wildcard) can cause host environment variables to be leaked into the container at run time. The PTSecurity document confirms the issue is addressed in Podman 5....

7.5CVSS5.8AI score0.0026EPSS
Exploits0References2Affected Software1
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.7 views

Astra Linux – Vulnerability in mapserver

MapServer is a system for developing web-based GIS applications. Prior to version 8.4.1, the XML Filter Query directive’s PropertyName was vulnerable to Boolean-based SQL injection. It seems that expression checking was bypassed by introducing double quote characters in PropertyName, allowing...

9.8CVSS7.2AI score0.00391EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2026/06/24 12:48 p.m.8 views

Moderate: Red Hat Security Advisory: libpng12 security update

An update for libpng12 is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerabili...

7.5CVSS6.8AI score0.01052EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.6 views

SUSE SLES12 Security Update : openssh8.4 (SUSE-SU-2026:2430-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2430-1 advisory. This update for openssh8.4 fixes the following issues - CVE-2026-3497: Information disclosure or denial of service due to uninitialized variabl...

8.2CVSS6.2AI score0.0218EPSS
Exploits0References14
NVD
NVD
added 2026/06/15 9:16 p.m.9 views

CVE-2026-42378

Subscriber Broken Authentication in WP Full Stripe Free = 8.4.1 versions...

6.5CVSS0.0039EPSS
Exploits0References1
Rows per page
Query Builder