Lucene search
K

73993 matches found

Snyk
Snyk
added 2026/03/27 1:23 a.m.2 views

Origin Validation Error

Overview Affected versions of this package are vulnerable to Origin Validation Error during the intra-handshake attestation.. An attacker can impersonate a trusted service endpoint and gain unauthorized access to sensitive data or operations by extracting the ephemeral TLS private key through...

7.8CVSS5.9AI score0.00062EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/27 1:23 a.m.2 views

Origin Validation Error

Overview Affected versions of this package are vulnerable to Origin Validation Error during the intra-handshake attestation.. An attacker can impersonate a trusted service endpoint and gain unauthorized access to sensitive data or operations by extracting the ephemeral TLS private key through...

7.8CVSS5.9AI score0.00062EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/27 1:23 a.m.2 views

Origin Validation Error

Overview Affected versions of this package are vulnerable to Origin Validation Error during the intra-handshake attestation.. An attacker can impersonate a trusted service endpoint and gain unauthorized access to sensitive data or operations by extracting the ephemeral TLS private key through...

7.8CVSS5.9AI score0.00062EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/27 1:23 a.m.1 views

Origin Validation Error

Overview Affected versions of this package are vulnerable to Origin Validation Error during the intra-handshake attestation.. An attacker can impersonate a trusted service endpoint and gain unauthorized access to sensitive data or operations by extracting the ephemeral TLS private key through...

7.8CVSS5.9AI score0.00062EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/27 1:23 a.m.2 views

Origin Validation Error

Overview Affected versions of this package are vulnerable to Origin Validation Error during the intra-handshake attestation.. An attacker can impersonate a trusted service endpoint and gain unauthorized access to sensitive data or operations by extracting the ephemeral TLS private key through...

7.8CVSS5.9AI score0.00062EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/27 1:23 a.m.3 views

Origin Validation Error

Overview Affected versions of this package are vulnerable to Origin Validation Error during the intra-handshake attestation.. An attacker can impersonate a trusted service endpoint and gain unauthorized access to sensitive data or operations by extracting the ephemeral TLS private key through...

7.8CVSS5.9AI score0.00062EPSS
Exploits0References3
Fedora
Fedora
added 2026/03/27 1:18 a.m.13 views

[SECURITY] Fedora 43 Update: pyOpenSSL-26.0.0-1.fc43

High-level wrapper around a subset of the OpenSSL library, includes among oth ers SSL.Connection objects, wrapping the methods of Python's portable sockets Callbacks written in Python Extensive error-handling mechanism, mirroring OpenSSL's error codes...

9.8CVSS5.8AI score0.00704EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/03/27 12:29 a.m.4 views

SUSE CVE-2026-4887

A flaw was found in GIMP. This issue is a heap buffer over-read in GIMP PCX file loader due to an off-by-one error. A remote attacker could exploit this by convincing a user to open a specially crafted PCX image. Successful exploitation could lead to out-of-bounds memory disclosure and a possible...

6.1CVSS6AI score0.00634EPSS
Exploits1References6
Amazon
Amazon
added 2026/03/27 12:0 a.m.37 views

Important: kernel6.12

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: md: suspend array while updating raiddisks via sysfs CVE-2025-71225 In the Linux kernel, the following vulnerability has been resolved: btrfs: fix reservation leak in some error paths when inserting inline extent...

8.8CVSS5.7AI score0.00344EPSS
Exploits6
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.7 views

Fleet 安全漏洞

Fleet is Fleet Device Management open source a device management platform that supports a wide range of operating systems and devices to help IT and security teams with device management, vulnerability reporting, MDM and more. An access control error vulnerability exists in Fleet versions prior t...

8.8CVSS5.8AI score0.00315EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.6 views

PT-2026-28312

Name of the Vulnerable Software and Affected Versions Coverity Connect affected versions not specified Description The authentication logic in the command line tooling for Coverity Connect is missing an error handler, leading to a potential authentication bypass. An attacker with access to the...

9.3CVSS5.9AI score0.00478EPSS
Exploits0References6
Amazon
Amazon
added 2026/03/27 12:0 a.m.7 views

Medium: freetype

Issue Overview: An integer overflow in the ttvarloaditemvariationstore function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. This issue is fixed in version 2.14.2. CVE-2026-23865...

5.3CVSS5.9AI score0.00141EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.8 views

PT-2026-28568

Name of the Vulnerable Software and Affected Versions ecdsa versions prior to 0.19.2 Description The ecdsa package, a Python implementation of ECC, contains a flaw in its DER parsing functions. Specifically, ecdsa.der.remove octet string incorrectly accepts truncated DER data where the declared...

5.3CVSS6AI score0.00476EPSS
Exploits2References116
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.6 views

handlebars 代码问题漏洞

Handlebars is a semantic web template system. Versions of Handlebars 4.7.8 and earlier have a code vulnerability that arises when templates contain unregistered decorator references, leading to an unhandled TypeError. This can cause Node.js processes to crash, resulting in a denial-of-service...

7.5CVSS7.2AI score0.00602EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.9 views

brace-expansion 资源管理错误漏洞

Brace-expansion is a Brace extension in JavaScript developed by Julian Gruber. Versions prior to 5.0.5, 3.0.2, 2.0.3, and 1.1.13 contained a resource management error vulnerability. This vulnerability stemmed from a bracket pattern where the step length was zero, causing the sequence generation t...

7.5CVSS6.2AI score0.0043EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2026/03/26 11:3 p.m.5 views

CVE-2026-2484

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information exposure vulnerability caused by overly verbose error messages...

4.3CVSS5.8AI score0.00284EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/03/26 10:56 p.m.128 views

Exploit for CVE-2026-29971

CVE-2026-29971 An attacker can execute arbitrary JavaScript in...

5.9AI score0.00299EPSS
Exploits3
Snyk
Snyk
added 2026/03/26 8:33 p.m.3 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the OIDC authentication error message handling process. An attacker can execute arbitrary JavaScript in the context of the user's browser by crafting a malicious input that is reflected in the error message...

9.6CVSS5.9AI score0.00287EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/26 8:33 p.m.2 views

Cross-site Scripting (XSS)

Overview github.com/ory/hydra/oauth2 is an OAuth2 Server and OpenID Certified™ OpenID Connect Provider written in Go. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the errorhint parameter. An attacker can execute arbitrary JavaScript in the context of the user's...

6.1CVSS5.9AI score0.01322EPSS
Exploits1References3
OSV
OSV
added 2026/03/26 8:33 p.m.5 views

GO-2026-4861 Hydra has Reflected XSS via error_hint parameter in github.com/ory/hydra

Hydra has Reflected XSS via errorhint parameter in github.com/ory/hydra. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, please...

6.1CVSS5.9AI score0.01322EPSS
Exploits1References7
Rows per page
Query Builder