Lucene search
K

73993 matches found

Cvelist
Cvelist
added 2026/03/27 2:12 p.m.27 views

CVE-2026-33758 OpenBao has Reflected XSS in its OIDC authentication error message

OpenBao is an open source identity-based secrets management system. Prior to version 2.5.2, OpenBao installations that have an OIDC/JWT authentication method enabled and a role with callbackmode=direct configured are vulnerable to XSS via the errordescription parameter on the page for a failed...

9.4CVSS0.00287EPSS
Exploits0References4
CVE
CVE
added 2026/03/27 2:12 p.m.17 views

CVE-2026-33758

CVE-2026-33758 affects OpenBao before 2.5.2. When OIDC/JWT auth is enabled and a role has callback_mode=direct, an XSS flaw exists in the error_description parameter during failed authentication, enabling access to the token used in the Web UI. The issue is fixed in v2.5.2; mitigation is to remov...

9.6CVSS5.8AI score0.00287EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2026/03/27 2:12 p.m.7 views

CVE-2026-33758 OpenBao has Reflected XSS in its OIDC authentication error message

OpenBao is an open source identity-based secrets management system. Prior to version 2.5.2, OpenBao installations that have an OIDC/JWT authentication method enabled and a role with callbackmode=direct configured are vulnerable to XSS via the errordescription parameter on the page for a failed...

9.4CVSS5.8AI score0.00287EPSS
Exploits0References6
OSV
OSV
added 2026/03/27 2:7 p.m.5 views

OESA-2026-1780 python-pyasn1 security update

Abstract Syntax Notation One ASN.1 is a technology for exchanging structured data in a universally understood, hardware agnostic way. Many industrial, security and telephony applications heavily rely on ASN.1. The pyasn1 library implements ASN.1 support in pure-Python. Security Fixes: The pyasn1...

7.5CVSS5.9AI score0.0058EPSS
Exploits1References2
OSV
OSV
added 2026/03/27 2:7 p.m.7 views

OESA-2026-1773 ghostscript security update

Ghostscript is an interpreter for PostScript™ and Portable Document Format PDF files. Ghostscript consists of a PostScript interpreter layer, and a graphics library. Security Fixes: A vulnerability was found in Artifex GhostPDL up to 3989415a5b8e99b9d1b87cc9902bde9b7cdea145. It has been classifie...

5.3CVSS4.8AI score0.00388EPSS
Exploits0References2
OSV
OSV
added 2026/03/27 2:3 p.m.6 views

OESA-2026-1734 pyOpenSSL security update

pyOpenSSL is a rather thin wrapper around a subset of the OpenSSL library. With thin wrapper we mean that a lot of the object methods do nothing more than calling a corresponding function in the OpenSSL library. Security Fixes: A security vulnerability exists in the PyOpenSSL library's...

9.8CVSS5.9AI score0.00704EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/27 1:30 p.m.7 views

CVE-2026-4340

REJECT DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/03/27 11:39 a.m.6 views

CLSA-2026-1774611572 expat: Fix of CVE-2026-32778

CVE-2026-32778: fix NULL pointer dereference in setContext on retry after earlier out-of-memory...

5.5CVSS5.8AI score0.00143EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/03/27 11:18 a.m.5 views

SUSE CVE-2019-16227

An issue was discovered in py-lmdb 0.97. For certain values of mnflags, mdbcursorset triggers a memcpy with an invalid write operation within mdbxcursorinit1. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker...

9.8CVSS7.2AI score0.01963EPSS
Exploits1References2
SUSE Linux
SUSE Linux
added 2026/03/27 10:4 a.m.4 views

Security update for the Linux Kernel (Live Patch 6 for SUSE Linux Enterprise 15 SP7)

This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.22 fixes various security issues The following security issues were fixed: CVE-2025-40258: mptcp: fix race condition in mptcpschedulework bsc1255053. CVE-2025-40284: Bluetooth: MGMT: cancel mesh send timer when hdev removed...

8.7CVSS6.4AI score0.00176EPSS
Exploits0References28
GithubExploit
GithubExploit
added 2026/03/27 9:5 a.m.137 views

sqli

SQL Injection Write-up 🧪 1. Průzkum Do vyhledávacího pole...

6AI score
Exploits0
OSV
OSV
added 2026/03/27 8:5 a.m.8 views

SUSE-SU-2026:1102-1 Security update for the Linux Kernel (Live Patch 8 for SUSE Linux Enterprise 15 SP7)

This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.28 fixes various security issues The following security issues were fixed: - CVE-2025-68284: libceph: prevent potential out-of-bounds writes in handleauthsessionkey bsc1255378. - CVE-2025-68285: libceph: fix potential use-after-free...

5.5CVSS5.9AI score0.00173EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/03/27 4:59 a.m.6 views

CVE-2026-29905

Kirby CMS through 5.1.4 allows an authenticated user with 'Editor' permissions to cause a persistent Denial of Service DoS via a malformed image upload. The application fails to properly validate the return value of the PHP getimagesize function. When the system attempts to process this file for...

6.5CVSS5.8AI score0.00445EPSS
Exploits1References1
OSV
OSV
added 2026/03/27 4:33 a.m.2 views

SUSE-SU-2026:1099-1 Security update for the Linux Kernel (Live Patch 5 for SUSE Linux Enterprise 15 SP7)

This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.19 fixes various security issues The following security issues were fixed: - CVE-2025-40258: mptcp: fix race condition in mptcpschedulework bsc1255053. - CVE-2025-40284: Bluetooth: MGMT: cancel mesh send timer when hdev removed...

5.5CVSS6.1AI score0.00176EPSS
Exploits0References15
Snyk
Snyk
added 2026/03/27 1:23 a.m.2 views

Origin Validation Error

Overview Affected versions of this package are vulnerable to Origin Validation Error during the intra-handshake attestation.. An attacker can impersonate a trusted service endpoint and gain unauthorized access to sensitive data or operations by extracting the ephemeral TLS private key through...

7.8CVSS5.9AI score0.00062EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/27 1:23 a.m.1 views

Origin Validation Error

Overview Affected versions of this package are vulnerable to Origin Validation Error during the intra-handshake attestation.. An attacker can impersonate a trusted service endpoint and gain unauthorized access to sensitive data or operations by extracting the ephemeral TLS private key through...

7.8CVSS5.9AI score0.00062EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/27 1:23 a.m.1 views

Origin Validation Error

Overview Affected versions of this package are vulnerable to Origin Validation Error during the intra-handshake attestation.. An attacker can impersonate a trusted service endpoint and gain unauthorized access to sensitive data or operations by extracting the ephemeral TLS private key through...

7.8CVSS5.9AI score0.00062EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/27 1:23 a.m.1 views

Origin Validation Error

Overview Affected versions of this package are vulnerable to Origin Validation Error during the intra-handshake attestation.. An attacker can impersonate a trusted service endpoint and gain unauthorized access to sensitive data or operations by extracting the ephemeral TLS private key through...

7.8CVSS5.9AI score0.00062EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/27 1:23 a.m.1 views

Origin Validation Error

Overview Affected versions of this package are vulnerable to Origin Validation Error during the intra-handshake attestation.. An attacker can impersonate a trusted service endpoint and gain unauthorized access to sensitive data or operations by extracting the ephemeral TLS private key through...

7.8CVSS5.9AI score0.00062EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/27 1:23 a.m.4 views

Origin Validation Error

Overview Affected versions of this package are vulnerable to Origin Validation Error during the intra-handshake attestation.. An attacker can impersonate a trusted service endpoint and gain unauthorized access to sensitive data or operations by extracting the ephemeral TLS private key through...

7.8CVSS5.9AI score0.00062EPSS
Exploits0References3
Rows per page
Query Builder