Lucene search
K

29779 matches found

Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.4 views

MiracleLinux 8 : thunderbird-128.14.0-3.el8_10.ML.1 (AXSA:2025-10810:21)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2025-10810:21 advisory. firefox: thunderbird: Denial-of-service due to out-of-memory in the Graphics: WebRender component CVE-2025-9182 thunderbird: firefox: Sandbox escap...

9.8CVSS7.8AI score0.0053EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.4 views

MiracleLinux 8 : firefox-128.14.0-2.el8_10.ML.1 (AXSA:2025-10786:30)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2025-10786:30 advisory. firefox: thunderbird: Denial-of-service due to out-of-memory in the Graphics: WebRender component CVE-2025-9182 thunderbird: firefox: Sandbox escap...

9.8CVSS7.8AI score0.0053EPSS
Exploits0References6
NVD
NVD
added 2026/01/12 11:15 p.m.4 views

CVE-2024-58339

LlamaIndex run-llama/llamaindex versions up to and including 0.12.2 contain an uncontrolled resource consumption vulnerability in the VannaPack VannaQueryEngine implementation. The customquery logic generates SQL statements from a user-supplied prompt and executes them via vn.runsql without...

8.7CVSS0.00568EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/01/12 11:4 p.m.3 views

CVE-2024-58339 LlamaIndex <= 0.12.2 VannaQueryEngine SQL Execution Allows Resource Exhaustion

LlamaIndex run-llama/llamaindex versions up to and including 0.12.2 contain an uncontrolled resource consumption vulnerability in the VannaPack VannaQueryEngine implementation. The customquery logic generates SQL statements from a user-supplied prompt and executes them via vn.runsql without...

8.7CVSS7.1AI score0.00568EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/01/12 11:4 p.m.19 views

CVE-2024-58339 LlamaIndex <= 0.12.2 VannaQueryEngine SQL Execution Allows Resource Exhaustion

LlamaIndex run-llama/llamaindex versions up to and including 0.12.2 contain an uncontrolled resource consumption vulnerability in the VannaPack VannaQueryEngine implementation. The customquery logic generates SQL statements from a user-supplied prompt and executes them via vn.runsql without...

8.7CVSS0.00568EPSS
Exploits1References4
CVE
CVE
added 2026/01/12 11:4 p.m.21 views

CVE-2024-58339

Summary: CVE-2024-58339 affects LlamaIndex up to 0.12.2, due to an uncontrolled resource‑consumption path in the VannaQueryEngine. The vulnerable code is in llama_index/packs/vanna/base.py, inside custom_query(), where SQL is generated from a user‑supplied prompt and executed via vn.run_sql() wit...

8.7CVSS7.1AI score0.00568EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/01/12 12:0 p.m.4 views

SUSE-SU-2026:20031-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Changes in MozillaFirefox: Firefox Extended Support Release 140.6.0 ESR was released: Fixed: Various security fixes. MFSA 2025-94 bsc1254551: CVE-2025-14321: Use-after-free in the WebRTC: Signaling component CVE-2025-14322: Sandbox escape...

9.8CVSS5.8AI score0.00498EPSS
Exploits2References12
Debian CVE
Debian CVE
added 2026/01/10 5:53 a.m.4 views

CVE-2026-22693

HarfBuzz is a text shaping engine. Prior to version 12.3.0, a null pointer dereference vulnerability exists in the SubtableUnicodesCache::create function located in src/hb-ot-cmap-table.hh. The function fails to check if hbmalloc returns NULL before using placement new to construct an object at t...

5.3CVSS5.3AI score0.00377EPSS
Exploits1
CVE
CVE
added 2026/01/10 5:53 a.m.51 views

CVE-2026-22693

HarfBuzz text shaping engine contains a null pointer dereference in SubtableUnicodesCache::create (src/hb-ot-cmap-table.hh) that occurs when hb_malloc returns NULL before a placement new, leading to undefined behavior/segfault on low memory. This affects versions prior to 12.3.0 and has been fixe...

5.3CVSS6.7AI score0.00377EPSS
Exploits1References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 12:42 p.m.7 views

CVE-2023-25759

OS Command Injection in TripleData Reporting Engine in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated users to run unprivileged OS level commands via a crafted request payload...

5.4CVSS7.2AI score0.00871EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:40 p.m.4 views

CVE-2023-43120

An issue discovered in Extreme Networks Switch Engine EXOS before 32.5.1.5, before 22.7 and before 31.7.1 allows attackers to gain escalated privileges via crafted HTTP request...

8.8CVSS7.2AI score0.00715EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:37 p.m.6 views

CVE-2023-49322

Certain WithSecure products allow a Denial of Service because there is an unpack handler crash that can lead to a scanning engine crash. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 a...

7.5CVSS6.9AI score0.00701EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:36 p.m.11 views

CVE-2023-49652

Incorrect permission checks in Jenkins Google Compute Engine Plugin 4.550.vb327fca3db11 and earlier allow attackers with global Item/Configure permission while lacking Item/Configure permission on any particular job to enumerate system-scoped credentials IDs of credentials stored in Jenkins and t...

2.7CVSS6.2AI score0.00531EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:24 p.m.11 views

CVE-2018-14777

An issue was discovered in DataLife Engine DLE through 13.0. An attacker can use XSS related to the /addnews.html and /index.php?do=addnews URIs to send a malicious script to unsuspecting Admins or users...

5.4CVSS6AI score0.00653EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:19 p.m.7 views

CVE-2018-10531

An issue was discovered in the America's Army Proving Grounds platform for the Unreal Engine. With a false packet sent via UDP, the application server responds with several bytes, giving the possibility of DoS amplification, even being able to be used in DDoS attacks...

7.5CVSS6.9AI score0.01425EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:53 a.m.5 views

CVE-2009-4839

Multiple cross-site scripting XSS vulnerabilities in Basic Analysis and Security Engine BASE, possibly 1.4.4 and earlier, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to 1 admin/baseroleadmin.php, 2 admin/baseuseradmin.php, 3 baseconfcontents.php, 4...

4.3CVSS6AI score0.01083EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:52 a.m.7 views

CVE-2009-4330

Unspecified vulnerability in db2licm in the Engine Utilities component in IBM DB2 9.5 before FP5 has unknown impact and local attack vectors...

7.2CVSS6.5AI score0.00375EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:51 a.m.8 views

CVE-2009-4837

Multiple cross-site scripting XSS vulnerabilities in Basic Analysis and Security Engine BASE before 1.4.3.1 allow remote attackers to inject arbitrary web script or HTML via the 1 sig1 parameter to base/baseqrymain.php, or the time01 parameter to 2 base/basestatalerts.php or 3...

4.3CVSS5.9AI score0.01097EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:49 a.m.7 views

CVE-2009-4838

SQL injection vulnerability in baseagcommon.php in Basic Analysis and Security Engine BASE before 1.4.3.1 allows remote attackers to execute arbitrary SQL commands via unspecified parameters. NOTE: some of these details are obtained from third party information...

7.5CVSS8.8AI score0.01087EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:29 a.m.8 views

CVE-2021-27408

The affected product is vulnerable to an out-of-bounds read, which can cause information leakage leading to arbitrary code execution if chained to the out-of-bounds write vulnerability on the Welch Allyn medical device management tools Welch Allyn Service Tool: versions prior to v1.10, Welch Ally...

7.5CVSS7.6AI score0.01687EPSS
Exploits0References1
Rows per page
Query Builder