Lucene search
K

73993 matches found

OSV
OSV
added 2026/03/26 8:33 p.m.5 views

GO-2026-4861 Hydra has Reflected XSS via error_hint parameter in github.com/ory/hydra

Hydra has Reflected XSS via errorhint parameter in github.com/ory/hydra. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, please...

6.1CVSS5.9AI score0.01322EPSS
Exploits1References7
Cvelist
Cvelist
added 2026/03/26 8:10 p.m.20 views

CVE-2026-4933 Unpublished Node Permissions - Critical - Access bypass - SA-CONTRIB-2026-029

Incorrect Authorization vulnerability in Drupal Unpublished Node Permissions allows Forceful Browsing.This issue affects Unpublished Node Permissions: from 0.0.0 before 1.7.0...

0.00232EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/03/26 7:50 p.m.6 views

OpenClaw: Remote media error responses could trigger unbounded memory allocation before failure

Summary Remote media HTTP error bodies were read without a hard size cap before failure handling, allowing unbounded allocation on error responses. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked: v2026.3.23-2...

6.9CVSS5.8AI score0.0036EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/03/26 7:50 p.m.2 views

GHSA-4QWC-C7G9-4XCW OpenClaw: Remote media error responses could trigger unbounded memory allocation before failure

Summary Remote media HTTP error bodies were read without a hard size cap before failure handling, allowing unbounded allocation on error responses. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked: v2026.3.23-2...

8.2CVSS5.9AI score0.0036EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/03/26 7:49 p.m.3 views

CVE-2026-33532

yaml is a YAML parser and serialiser for JavaScript. Parsing a YAML document with a version of yaml on the 1.x branch prior to 1.10.3 or on the 2.x branch prior to 2.8.3 may throw a RangeError due to a stack overflow. The node resolution/composition phase uses recursive function calls without a...

4.3CVSS6.1AI score0.00469EPSS
Exploits1References5Affected Software1
Debian CVE
Debian CVE
added 2026/03/26 7:49 p.m.4 views

CVE-2026-33532

yaml is a YAML parser and serialiser for JavaScript. Parsing a YAML document with a version of yaml on the 1.x branch prior to 1.10.3 or on the 2.x branch prior to 2.8.3 may throw a RangeError due to a stack overflow. The node resolution/composition phase uses recursive function calls without a...

4.3CVSS5.7AI score0.00469EPSS
Exploits1
OSV
OSV
added 2026/03/26 7:49 p.m.6 views

CVE-2026-33532 yaml is vulnerable to Stack Overflow via deeply nested YAML collections

yaml is a YAML parser and serialiser for JavaScript. Parsing a YAML document with a version of yaml on the 1.x branch prior to 1.10.3 or on the 2.x branch prior to 2.8.3 may throw a RangeError due to a stack overflow. The node resolution/composition phase uses recursive function calls without a...

4.3CVSS6.2AI score0.00469EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2026/03/26 7:47 p.m.6 views

crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate

A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the HostnameError.Error function. This flaw, caused by unbounded string concatenation, leads to excessive resource...

7.5CVSS6.5AI score0.00451EPSS
Exploits2References8
NVD
NVD
added 2026/03/26 7:17 p.m.4 views

CVE-2026-33148

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, the FDC USDA FoodData Central search endpoint constructs an upstream API URL by directly interpolating the user-supplied query parameter into the URL string without...

6.5CVSS0.00467EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/26 7:4 p.m.2 views

CVE-2026-33148

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, the FDC USDA FoodData Central search endpoint constructs an upstream API URL by directly interpolating the user-supplied query parameter into the URL string without...

6.5CVSS5.8AI score0.00467EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/26 6:37 p.m.5 views

OpenBao has Reflected XSS in its OIDC authentication error message

Impact OpenBao installations that have an OIDC/JWT authentication method enabled and a role with callbackmode=direct configured are vulnerable to XSS via the errordescription parameter on the page for a failed authentication. This allows an attacker access to the token used in the Web UI by a...

9.6CVSS5.8AI score0.00287EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/03/26 6:37 p.m.1 views

GHSA-CPJ3-3R2F-XJ59 OpenBao has Reflected XSS in its OIDC authentication error message

Impact OpenBao installations that have an OIDC/JWT authentication method enabled and a role with callbackmode=direct configured are vulnerable to XSS via the errordescription parameter on the page for a failed authentication. This allows an attacker access to the token used in the Web UI by a...

9.4CVSS5.8AI score0.00287EPSS
Exploits0References6
vulnersOsv
vulnersOsv
added 2026/03/26 6:29 p.m.6 views

@algolia/coquille (>=0.0.2 <=0.0.13), @candlelabs/sdk (>=1.0.1 <=1.0.2) +20 more potentially affected by CVE-2026-33750 via brace-expansion (>=1.1.0 <=1.1.11)

brace-expansion NPM version =1.1.0, =0.0.2, =1.0.1, =0.0.1, =0.1.0, =1.0.0, =1.0.0, =1.1.1, =1.0.3-dev.20180316T104657Z.4a84a30, =1.1.0 and more Source cves: CVE-2026-33750 Source advisory: SNYK:JS-BRACEEXPANSION-15789759...

7.5CVSS6.2AI score0.0043EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2026/03/26 6:0 p.m.7 views

libcrux Panics During Standalone MAC Operations

An incorrect constant for the key length in libcrux-poly1305 caused the standalone MAC function libcruxpoly1305::mac to always panic with an out-of-bounds memory access. Impact Applications wishing to use libcrux-poly1305 as a standalone MAC would experience panics. The use of libcrux-poly1305 in...

5.8AI score
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/26 5:17 p.m.9 views

CVE-2026-33487

goxmlsig provides XML Digital Signatures implemented in Go. Prior to version 1.6.0, the validateSignature function in validate.go goes through the references in the SignedInfo block to find one that matches the signed element's ID. In Go versions before 1.22, or when go.mod uses an older version,...

7.5CVSS5.9AI score0.00299EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2026/03/26 5:16 p.m.8 views

CVE-2026-29905

Kirby CMS through 5.1.4 allows an authenticated user with 'Editor' permissions to cause a persistent Denial of Service DoS via a malformed image upload. The application fails to properly validate the return value of the PHP getimagesize function. When the system attempts to process this file for...

6.5CVSS0.00445EPSS
Exploits1References3
NVD
NVD
added 2026/03/26 5:16 p.m.3 views

CVE-2026-26073

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to possible std::queue/std::deque corruption. The trigger is powermeter public key update and EV session/error events while OCPP not started. This results in a TSAN data race report and an ASAN/UBSAN...

5.9CVSS0.00304EPSS
Exploits0References1
CVE
CVE
added 2026/03/26 5:10 p.m.15 views

CVE-2026-33481

Technical details about CVE-2026-33481 are not publicly provided in the connected documents. Monitor for updates; no affected products, versions, vectors, or remediation details are specified in the supplied materials.

5.3CVSS5.7AI score0.00408EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/03/26 5:10 p.m.32 views

CVE-2026-33481 Syft improper temporary file cleanup

Syft is a a CLI tool and Go library for generating a Software Bill of Materials SBOM from container images and filesystems. Syft versions before v1.42.3 would not properly cleanup temporary storage if the temporary storage was exhausted during a scan. When scanning archives Syft will unpack those...

5.3CVSS0.00408EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2026/03/26 5:10 p.m.1 views

CVE-2026-33481

Syft is a a CLI tool and Go library for generating a Software Bill of Materials SBOM from container images and filesystems. Syft versions before v1.42.3 would not properly cleanup temporary storage if the temporary storage was exhausted during a scan. When scanning archives Syft will unpack those...

5.3CVSS6.2AI score0.00408EPSS
Exploits0References4
Rows per page
Query Builder