Lucene search
K

174 matches found

CNNVD
CNNVD
added 2026/04/02 12:0 a.m.11 views

OpenProject SQL注入漏洞

OpenProject is an open-source web-based project management software. Versions of OpenProject prior to 17.2.3 had a SQL injection vulnerability. This vulnerability stemmed from the use of the = operator, which directly embedded user input into the SQL WHERE clause, potentially allowing SQL injecti...

9.9CVSS5.9AI score0.0027EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/29 3:19 p.m.8 views

EUVD-2026-16349

XPath: Boolean expression infinite loop leads to denial of service via CPU exhaustion...

5.9AI score0.00519EPSS
Exploits1References5
OSV
OSV
added 2026/03/29 3:19 p.m.5 views

GHSA-65XW-VW82-R86X XPath: Boolean expression infinite loop leads to denial of service via CPU exhaustion

Boolean expressions that evaluate to true can cause an infinite loop in logicalQuery.Select, leading to 100% CPU usage. This can be triggered by top-level selectors such as "1=1" or "true"...

7.5CVSS5.9AI score0.00519EPSS
Exploits1References7
OSV
OSV
added 2026/03/26 8:16 p.m.2 views

DEBIAN-CVE-2026-32287

Boolean XPath expressions that evaluate to true can cause an infinite loop in logicalQuery.Select, leading to 100% CPU usage. This can be triggered by top-level selectors such as "1=1" or "true"...

7.5CVSS6AI score0.00519EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/26 7:40 p.m.4 views

CVE-2026-32287 Infinite loop in github.com/antchfx/xpath

Boolean XPath expressions that evaluate to true can cause an infinite loop in logicalQuery.Select, leading to 100% CPU usage. This can be triggered by top-level selectors such as "1=1" or "true"...

5.9AI score0.00519EPSS
Exploits1References4
Packet Storm News
Packet Storm News
added 2026/03/24 12:0 a.m.10 views

What a Mesh: Formal Security Analysis of WPA3 SAE Wireless Authentication

The latest Wi-Fi security standard, IEEE 802.11, includes a secure authentication protocol called SAE, whose use is mandatory for WPA3-Personal networks. The protocol is specified at two separate but linked levels: a traditional cryptographic description of the communication logic between network...

5.8AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/03/12 3:36 p.m.2 views

CVE-2019-25515

Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an authentication bypass vulnerability in the login.php administration panel that allows unauthenticated attackers to gain administrative access by submitting crafted SQL syntax. Attackers can bypass authentication by submitting equals signs and...

8.7CVSS5.8AI score0.01089EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/12 12:0 a.m.11 views

PT-2026-7920

E Learning Script 1.0 contains an authentication bypass vulnerability that allows attackers to access the dashboard without valid credentials by manipulating login parameters. Attackers can exploit the /login.php file by sending a specific payload '=''or' to bypass authentication and gain...

8.8CVSS5.5AI score0.00308EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/02/12 12:0 a.m.8 views

Symfony < 5.4.51 / 6.4.x < 6.4.33 / 7.3.x < 7.3.11 / 7.4.x < 7.4.5 / 8.0.x < 8.0.5 Process Component Argument Injection (GHSA-r39x-jcww-82v6)

The version of Symfony installed on the remote host is prior to 5.4.51, or 6.4.x prior to 6.4.33, or 7.3.x prior to 7.3.11, or 7.4.x prior to 7.4.5, or 8.0.x prior to 8.0.5. It is, therefore, affected by an argument injection vulnerability in the Process component. The Symfony Process component d...

6.3CVSS5.9AI score0.00201EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/02/04 4:4 p.m.26 views

CVE-2025-71196 phy: stm32-usphyc: Fix off by one in probe()

In the Linux kernel, the following vulnerability has been resolved: phy: stm32-usphyc: Fix off by one in probe The "index" variable is used as an index into the usbphyc-phys array which has usbphyc-nphys elements. So if it is equal to usbphyc-nphys then it is one element out of bounds. The "index...

0.00173EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/01/31 12:0 a.m.7 views

Linux Kernel Security Vulnerabilities

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which may lead to PCP corruption when SMP=n is used...

7.8CVSS7AI score0.00184EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/01/28 8:25 p.m.7 views

CVE-2026-24739

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to versions 5.4.51, 6.4.33, 7.3.11, 7.4.5, and 8.0.5, the Symfony Process component did not correctly treat some characters notably = as “special” when escaping arguments on Windows. When PHP i...

6.3CVSS5.8AI score0.00201EPSS
Exploits1References6Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/28 8:25 p.m.3 views

CVE-2026-24739 Symfony has incorrect argument escaping under MSYS2/Git Bash on Windows that can lead to destructive file operations

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to versions 5.4.51, 6.4.33, 7.3.11, 7.4.5, and 8.0.5, the Symfony Process component did not correctly treat some characters notably = as “special” when escaping arguments on Windows. When PHP i...

6.3CVSS5.8AI score0.00201EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2026/01/09 12:23 a.m.7 views

SUSE CVE-2026-21895

The rsa crate is an RSA implementation written in rust. Prior to version 0.9.10, when creating a RSA private key from its components, the construction panics instead of returning an error when one of the primes is 1. Version 0.9.10 fixes the issue...

3.3CVSS6.9AI score0.00405EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/01/08 2:15 p.m.9 views

CVE-2026-21895

The rsa crate is an RSA implementation written in rust. Prior to version 0.9.10, when creating a RSA private key from its components, the construction panics instead of returning an error when one of the primes is 1. Version 0.9.10 fixes the issue...

6.9CVSS5.9AI score0.00405EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/08 2:6 p.m.3 views

CVE-2026-21895 rsa crate has potential panic on a prime being equal to 1

The rsa crate is an RSA implementation written in rust. Prior to version 0.9.10, when creating a RSA private key from its components, the construction panics instead of returning an error when one of the primes is 1. Version 0.9.10 fixes the issue...

6.9CVSS6.5AI score0.00405EPSS
Exploits0References2
OSV
OSV
added 2026/01/08 2:6 p.m.6 views

CVE-2026-21895 rsa crate has potential panic on a prime being equal to 1

The rsa crate is an RSA implementation written in rust. Prior to version 0.9.10, when creating a RSA private key from its components, the construction panics instead of returning an error when one of the primes is 1. Version 0.9.10 fixes the issue...

6.9CVSS6.4AI score0.00405EPSS
Exploits0References4
EUVD
EUVD
added 2026/01/08 2:6 p.m.5 views

EUVD-2026-1033

The rsa crate is an RSA implementation written in rust. Prior to version 0.9.10, when creating a RSA private key from its components, the construction panics instead of returning an error when one of the primes is 1. Version 0.9.10 fixes the issue...

6.9CVSS6.3AI score0.00405EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/01/08 2:6 p.m.25 views

CVE-2026-21895 rsa crate has potential panic on a prime being equal to 1

The rsa crate is an RSA implementation written in rust. Prior to version 0.9.10, when creating a RSA private key from its components, the construction panics instead of returning an error when one of the primes is 1. Version 0.9.10 fixes the issue...

6.9CVSS0.00405EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/08 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-21895

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The rsa crate is an RSA implementation written in rust. Prior to version 0.9.10, when creating a RSA private key from its components, the construction panics...

6.9CVSS5.8AI score0.00405EPSS
Exploits0References4
Rows per page
Query Builder