Lucene search
K

73991 matches found

CNNVD
CNNVD
added 2026/03/28 12:0 a.m.7 views

OpenUI 安全漏洞

OpenUI is an open-source UI program developed byWeights & Biases. Versions of OpenUI 1.0 and earlier contained security vulnerabilities, which were caused by incorrect handling of parameter keys, potentially leading to information leakage through error messages...

5.1CVSS5.8AI score0.00198EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/03/28 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-23305

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: accel/rocket: fix unwinding in error path in rocketprobe When rocketcoreinit fails as could ...

7.1CVSS5.7AI score0.00124EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/03/28 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-23399

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - nftables: nftdynset: fix possible stateful expression memleak in error path If cloning the second stateful expression in the element via GFPATOMIC fails, then t...

5.5CVSS5.8AI score0.00121EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/27 10:21 p.m.6 views

EUVD-2026-16232

Kirby CMS has Persistent DoS via Malformed Image Upload...

6.5CVSS5.9AI score0.00445EPSS
Exploits1References5
OSV
OSV
added 2026/03/27 10:21 p.m.19 views

GHSA-CW7V-45WM-MCF2 Withdrawn Advisory: Kirby CMS has Persistent DoS via Malformed Image Upload

Duplicate Advisory This advisory has been withdrawn because it is been determined to not be a vulnerability. This link is maintained to preserve external references. Original Description Summary Kirby CMS through version 5.1.4 allows an authenticated user with Editor permissions to cause a...

6.5CVSS5.7AI score0.00445EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2026/03/27 10:21 p.m.12 views

Withdrawn Advisory: Kirby CMS has Persistent DoS via Malformed Image Upload

Duplicate Advisory This advisory has been withdrawn because it is been determined to not be a vulnerability. This link is maintained to preserve external references. Original Description Summary Kirby CMS through version 5.1.4 allows an authenticated user with Editor permissions to cause a...

6.5CVSS5.2AI score0.00445EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/27 6:21 p.m.16 views

Handlebars.js has Denial of Service via Malformed Decorator Syntax in Template Compilation

Summary When a Handlebars template contains decorator syntax referencing an unregistered decorator e.g. n, the compiled template calls lookupPropertydecorators, "n", which returns undefined. The runtime then immediately invokes the result as a function, causing an unhandled TypeError: ... is not ...

7.5CVSS6AI score0.00602EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/03/27 6:4 p.m.0 views

SUSE-SU-2026:1136-1 Security update for the Linux Kernel (Live Patch 7 for SUSE Linux Enterprise 15 SP7)

This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.25 fixes various security issues The following security issues were fixed: - CVE-2025-40258: mptcp: fix race condition in mptcpschedulework bsc1255053. - CVE-2025-40297: net: bridge: fix use-after-free due to MST port state bypass...

5.5CVSS6.5AI score0.00176EPSS
Exploits0References13
Snyk
Snyk
added 2026/03/27 5:38 p.m.3 views

Off-by-one Error

Overview Affected versions of this package are vulnerable to Off-by-one Error in the plugins privilege validation. An attacker can gain unauthorized access to sensitive plugin privileges by installing a malicious plugin that exploits the privilege comparison logic. - Remediation Upgrade...

8.4CVSS5.9AI score0.00387EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/27 5:0 p.m.4 views

CVE-2026-33758

A flaw was found in OpenBao. Installations that have an OIDC/JWT authentication method enabled with a role configured to use callbackmode=direct are vulnerable to XSS via the errordescription parameter on the page for a failed authentication. This allows an attacker to access the token used by an...

9.6CVSS5.9AI score0.00287EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/03/27 3:56 p.m.14 views

python-ecdsa: Denial of Service via improper DER length validation in crafted private keys

Summary An issue in the low-level DER parsing functions can cause unexpected exceptions to be raised from the public API functions. 1. ecdsa.der.removeoctetstring accepts truncated DER where the encoded length exceeds the available buffer. For example, an OCTET STRING that declares a length of 40...

5.3CVSS5.8AI score0.00476EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/03/27 3:29 p.m.2 views

GHSA-VVXM-VXMR-624H Open WebUI vulnerable to Path Traversal in `POST /api/v1/audio/transcriptions`

Summary An unsanitised filename field in the speech-to-text transcription endpoint allows any authenticated non-admin user to trigger a FileNotFoundError whose message — including the server's absolute DATADIR path — is returned verbatim in the HTTP 400 response body, confirming information...

4.3CVSS6AI score0.00427EPSS
Exploits1References4
NVD
NVD
added 2026/03/27 3:16 p.m.4 views

CVE-2026-33758

OpenBao is an open source identity-based secrets management system. Prior to version 2.5.2, OpenBao installations that have an OIDC/JWT authentication method enabled and a role with callbackmode=direct configured are vulnerable to XSS via the errordescription parameter on the page for a failed...

9.6CVSS0.00287EPSS
Exploits0References7
SUSE Linux
SUSE Linux
added 2026/03/27 2:21 p.m.1 views

Security update for redis

This update for redis fixes the following issue: a user can manipulate data read by a connection by injecting sequences into a Redis error reply bsc1258706. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/03/27 2:21 p.m.1 views

SUSE-SU-2026:1122-1 Security update for redis

This update for redis fixes the following issue: - a user can manipulate data read by a connection by injecting sequences into a Redis error reply bsc1258706...

5.9AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/27 2:12 p.m.3 views

CVE-2026-33758 OpenBao has Reflected XSS in its OIDC authentication error message

OpenBao is an open source identity-based secrets management system. Prior to version 2.5.2, OpenBao installations that have an OIDC/JWT authentication method enabled and a role with callbackmode=direct configured are vulnerable to XSS via the errordescription parameter on the page for a failed...

9.4CVSS5.8AI score0.00287EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/27 2:12 p.m.27 views

CVE-2026-33758 OpenBao has Reflected XSS in its OIDC authentication error message

OpenBao is an open source identity-based secrets management system. Prior to version 2.5.2, OpenBao installations that have an OIDC/JWT authentication method enabled and a role with callbackmode=direct configured are vulnerable to XSS via the errordescription parameter on the page for a failed...

9.4CVSS0.00287EPSS
Exploits0References4
CVE
CVE
added 2026/03/27 2:12 p.m.17 views

CVE-2026-33758

CVE-2026-33758 affects OpenBao before 2.5.2. When OIDC/JWT auth is enabled and a role has callback_mode=direct, an XSS flaw exists in the error_description parameter during failed authentication, enabling access to the token used in the Web UI. The issue is fixed in v2.5.2; mitigation is to remov...

9.6CVSS5.8AI score0.00287EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2026/03/27 2:12 p.m.7 views

CVE-2026-33758 OpenBao has Reflected XSS in its OIDC authentication error message

OpenBao is an open source identity-based secrets management system. Prior to version 2.5.2, OpenBao installations that have an OIDC/JWT authentication method enabled and a role with callbackmode=direct configured are vulnerable to XSS via the errordescription parameter on the page for a failed...

9.4CVSS5.8AI score0.00287EPSS
Exploits0References6
OSV
OSV
added 2026/03/27 2:7 p.m.5 views

OESA-2026-1780 python-pyasn1 security update

Abstract Syntax Notation One ASN.1 is a technology for exchanging structured data in a universally understood, hardware agnostic way. Many industrial, security and telephony applications heavily rely on ASN.1. The pyasn1 library implements ASN.1 support in pure-Python. Security Fixes: The pyasn1...

7.5CVSS5.9AI score0.0058EPSS
Exploits1References2
Rows per page
Query Builder