Lucene search
K

947 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/07/07 7:24 a.m.3 views

Security Bulletin: Multiple vulnerabilities affect Data Virtualization on IBM Software Hub (June 2026 - Part 2 of 2)

Summary Multiple vulnerabilities have been addressed in Data Virtualization on IBM Software Hub. Note that Data Virtualization was named Watson Query on IBM Cloud Pak for Data version 4.8. Vulnerability Details CVEID:CVE-2026-34477 DESCRIPTION: The fix for CVE-2025-68161...

9.6CVSS6.8AI score0.00743EPSS
Exploits1Affected Software1
EUVD
EUVD
added 2026/06/28 4:30 a.m.9 views

EUVD-2026-39982

A vulnerability was detected in skypilot-org skypilot up to 0.12.0. Impacted is the function username.encode of the file sky/users/server.py of the component User ID Handler. The manipulation results in use of weak hash. The attack may be performed from remote. This attack is characterized by hig...

6.3CVSS5.2AI score0.00189EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/28 4:30 a.m.35 views

CVE-2026-13482 skypilot-org skypilot User ID server.py username.encode weak hash

A vulnerability was detected in skypilot-org skypilot up to 0.12.0. Impacted is the function username.encode of the file sky/users/server.py of the component User ID Handler. The manipulation results in use of weak hash. The attack may be performed from remote. This attack is characterized by hig...

6.3CVSS0.00189EPSS
Exploits0References6
OSV
OSV
added 2026/06/24 9:39 p.m.2 views

SUSE-SU-2026:22271-1 Security update for python-idna

This update for python-idna fixes the following issue - CVE-2026-45409: specially crafted inputs to idna.encode can bypass earlier security fix bsc1265413...

6.9CVSS6.3AI score0.00408EPSS
Exploits0References3
OSV
OSV
added 2026/06/24 9:39 p.m.3 views

SUSE-SU-2026:22356-1 Security update for python-idna

This update for python-idna fixes the following issue - CVE-2026-45409: specially crafted inputs to idna.encode can bypass earlier security fix bsc1265413...

6.9CVSS6.3AI score0.00408EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/12 8:36 p.m.8 views

CVE-2026-54395 MISP UiBeta event index reflected XSS in advanced filter popup

MISP contains a reflected cross-site scripting vulnerability in the UiBeta event index view. The urlparams value is inserted into an inline JavaScript handler using HTML escaping inside a single-quoted JavaScript string. Because browsers HTML-decode attribute values before JavaScript parsing, a...

5.3CVSS5.1AI score0.00256EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/09 2:57 p.m.9 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in qs-6.14.2.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerability in qs-6.14.2.tgz Vulnerability Details CVEID:CVE-2026-8723 DESCRIPTION: Summary qs.stringify throws TypeError when called with arrayFormat: 'comma' and encodeValuesOnly: true on an array containing null or undefined. The throw is...

6.3CVSS5.5AI score0.00351EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:45 p.m.11 views

CVE-2026-48861

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in elixir-mint Mint allows HTTP Request Splitting and HTTP Request Smuggling. In lib/mint/http1/request.ex, the encoderequestline/2 function splices the caller-supplied method and target arguments directly into the HTTP/1...

2.1CVSS5.7AI score0.00166EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.10 views

CVE-2026-44294

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs generated JavaScript property accessors from schema-controlled field and oneof names. Certain control characters in field names were not escaped before being embedded into generated functio...

5.3CVSS5.4AI score0.00431EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:24 p.m.11 views

CVE-2026-8723

Summary qs.stringify throws TypeError when called with arrayFormat: 'comma' and encodeValuesOnly: true on an array containing null or undefined. The throw is synchronous and not handled by any of qs's null-related options skipNulls, strictNullHandling. Details In the comma + encodeValuesOnly...

6.3CVSS5.5AI score0.00351EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 12:17 p.m.31 views

CVE-2026-45928

CVE-2026-45928 relates to the Linux kernel media driver (chips-media wave5). In wave5_vpu_open_enc() and wave5_vpu_open_dec(), a vpu instance is kzalloc()-ed; if the subsequent allocation for inst->codec_info fails, the error path returns -ENOMEM without freeing the previously allocated vpu, c...

5.5CVSS5.8AI score0.00127EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/05/26 7:31 p.m.18 views

JLSEC-2026-533

In OpenJPEG 2.3.1, there is excessive iteration in the opjt1encodecblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. This issue is similar to CVE-2018-6616...

5.5CVSS6.7AI score0.02596EPSS
Exploits0References18
EUVD
EUVD
added 2026/05/22 5:27 p.m.43 views

EUVD-2026-30674

qs has a remotely triggerable DoS: qs.stringify crashes with TypeError on null/undefined entries in comma-format arrays when encodeValuesOnly is set...

6.3CVSS5.8AI score0.00351EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/22 5:27 p.m.56 views

qs has a remotely triggerable DoS: qs.stringify crashes with TypeError on null/undefined entries in comma-format arrays when encodeValuesOnly is set

Summary qs.stringify throws TypeError when called with arrayFormat: 'comma' and encodeValuesOnly: true on an array containing null or undefined. The throw is synchronous and not handled by any of qs's null-related options skipNulls, strictNullHandling. Details In the comma + encodeValuesOnly...

6.3CVSS5.9AI score0.00351EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/05/22 5:27 p.m.6 views

GHSA-Q8MJ-M7CP-5Q26 qs has a remotely triggerable DoS: qs.stringify crashes with TypeError on null/undefined entries in comma-format arrays when encodeValuesOnly is set

Summary qs.stringify throws TypeError when called with arrayFormat: 'comma' and encodeValuesOnly: true on an array containing null or undefined. The throw is synchronous and not handled by any of qs's null-related options skipNulls, strictNullHandling. Details In the comma + encodeValuesOnly...

6.3CVSS5.9AI score0.00351EPSS
Exploits0References4
Debian
Debian
added 2026/05/21 12:56 p.m.18 views

[SECURITY] [DLA 4593-1] openjpeg2 security update

Debian LTS Advisory DLA-4593-1 [email protected] https://www.debian.org/lts/security/ Jochen Sprickerhof May 21, 2026 https://wiki.debian.org/LTS Package : openjpeg2 Version : 2.4.0-3+deb11u3 CVE ID : CVE-2026-6192 A vulnerability was identified in uclouvain. This impacts the function...

4.8CVSS5.8AI score0.00112EPSS
Exploits0
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in hdf5

A buffer overflow in H5Olayoutencode in H5Olayout.c in the HDF HDF5 through 1.10.4 library allows attackers to cause a denial of service through a crafted HDF5 file. This issue was triggered during the repacking of an HDF5 file, also known as “Invalid write of size 2.”...

6.5CVSS6.9AI score0.01348EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in exiv2

An integer overflow in CrwMap::encode0x1810 of Exiv2 0.27.3 allows attackers to trigger a heap-based buffer overflow and cause a denial of service DOS by manipulating metadata...

7.5CVSS6.7AI score0.02555EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: accel/qaic: Improved the bounds checking in decodemessage by copying the bounds checking from encodemessage to decodemessage. This patch addresses the following issues: - Ensure that there is enough space for at least one...

7.8CVSS5.4AI score0.00143EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ceph: The “use after free” error was detected by KASAN at the line cephbuffergetarg-xattrbuf;. This means that the reference count could not be incremented before the memory was freed. In the same file, in the handlecapgrant...

7.8CVSS6.2AI score0.00247EPSS
Exploits0References2
Rows per page
Query Builder