Lucene search
K

32 matches found

NVD
NVD
added 2026/03/19 10:16 p.m.4 views

CVE-2026-32031

OpenClaw versions prior to 2026.2.26 server-http contains an authentication bypass vulnerability in gateway authentication for plugin channel endpoints due to path canonicalization mismatch between the gateway guard and plugin handler routing. Attackers can bypass authentication by sending reques...

6.5CVSS0.00192EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2017-7316

Malware in sbrugna...

4.3CVSS6.7AI score0.02303EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2025/03/20 7:34 a.m.4 views

postgresql: PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation

A flaw was found in PostgreSQL. Due to improper neutralization of quoting syntax, affected versions potentially allow a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the affected function's result to constru...

8.1CVSS7.3AI score0.89472EPSS
Exploits10References7
RedHat Linux
RedHat Linux
added 2025/02/20 5:27 p.m.4 views

postgresql: PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation

A flaw was found in PostgreSQL. Due to improper neutralization of quoting syntax, affected versions potentially allow a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the affected function's result to constru...

8.1CVSS7.3AI score0.89472EPSS
Exploits10References7
RedHat Linux
RedHat Linux
added 2025/02/20 3:48 p.m.5 views

postgresql: PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation

A flaw was found in PostgreSQL. Due to improper neutralization of quoting syntax, affected versions potentially allow a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the affected function's result to constru...

8.1CVSS7.3AI score0.89472EPSS
Exploits10References7
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/11 9:25 a.m.34 views

Security Bulletin: Vulnerability in Python Cryptographic Authority cryptography affects IBM Process Mining . CVE-2023-38325

Summary There is a vulnerability in Python Cryptographic Authority cryptography that could allow a remote authenticated attacker to launch attacks on the system . The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerabili...

7.5CVSS7.2AI score0.00613EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/08/29 11:49 p.m.27 views

Security Bulletin: z/Transaction Processing Facility is affected by a vulnerability in the Python Cryptographic Authority package [CVE-2023-38325]

Summary The Python Cryptographic Authority package is used by the z/TPF real-time insights dashboard starter kit when connecting to a MySQL database from Python. The starter kit was updated to address the vulnerability described by CVE-2023-38325. Vulnerability Details CVEID:CVE-2023-38325...

7.5CVSS7.3AI score0.00613EPSS
Exploits1Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 4:37 a.m.3 views

SUSE CVE-2017-15897

Node.js had a bug in versions 8.X and 9.X which caused buffers to not be initialized when the encoding for the fill value did not match the encoding specified. For example, 'Buffer.alloc0x100, "This is not correctly encoded", "hex";' The buffer implementation was updated such that the buffer will...

3.1CVSS7.9AI score0.02303EPSS
Exploits0References4
OSV
OSV
added 2017/12/11 9:29 p.m.6 views

ALPINE-CVE-2017-15897

Node.js had a bug in versions 8.X and 9.X which caused buffers to not be initialized when the encoding for the fill value did not match the encoding specified. For example, 'Buffer.alloc0x100, "This is not correctly encoded", "hex";' The buffer implementation was updated such that the buffer will...

3.1CVSS9.1AI score0.02303EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2017/12/11 12:0 a.m.9 views

PT-2017-14275 · Node.Js +1 · Node.Js +1

Name of the Vulnerable Software and Affected Versions: Node.js versions 8.X through 9.X Description: The issue arises when the encoding for the fill value does not match the encoding specified, causing buffers to not be initialized correctly. For example, 'Buffer.alloc0x100, "This is not correctl...

9.8CVSS7.9AI score0.95707EPSS
Exploits50References492
CNVD
CNVD
added 2017/05/15 12:0 a.m.4 views

Apache Traffic Server Denial of Service Vulnerability

Apache Traffic Server is scalable HTTP/1.1 compliant caching proxy server. A security vulnerability exists in Apache Traffic Server versions prior to 6.2.1. It allows an attacker to cause a denial of service due to improper matching between content length and block encoding...

6.7AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2008/07/07 11:41 p.m.1 views

CVE-2008-2807

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly handle an invalid .properties file for an add-on, which allows remote attackers to read uninitialized memory, as demonstrated by use of ISO 8859 encoding instead of UTF-8 encoding in a French .properties file...

5CVSS5.6AI score0.0156EPSS
Exploits1References56
Rows per page
Query Builder