Lucene search
K

74033 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/25 8:36 p.m.3 views

CVE-2026-2484

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information exposure vulnerability caused by overly verbose error messages...

4.3CVSS5.8AI score0.00284EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/25 8:36 p.m.3 views

CVE-2026-2484 IBM InfoSphere Information Server Information Disclosure

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information exposure vulnerability caused by overly verbose error messages...

4.3CVSS5.8AI score0.00284EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/03/25 8:8 p.m.16 views

yaml is vulnerable to Stack Overflow via deeply nested YAML collections

Parsing a YAML document with yaml may throw a RangeError due to a stack overflow. The node resolution/composition phase uses recursive function calls without a depth bound. An attacker who can supply YAML for parsing can trigger a RangeError: Maximum call stack size exceeded with a small payload...

4.3CVSS5.9AI score0.00469EPSS
Exploits1References6Affected Software1
Snyk
Snyk
added 2026/03/25 8:8 p.m.2 views

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion in the compose/resolve phase due to using recursive function calls without a depth bound. An attacker can cause the application to throw a RangeError and potentially terminate the Node.js process by supplying a...

6.5CVSS5.9AI score0.00469EPSS
Exploits1References2
OSV
OSV
added 2026/03/25 8:8 p.m.1 views

GHSA-48C2-RRV3-QJMP yaml is vulnerable to Stack Overflow via deeply nested YAML collections

Parsing a YAML document with yaml may throw a RangeError due to a stack overflow. The node resolution/composition phase uses recursive function calls without a depth bound. An attacker who can supply YAML for parsing can trigger a RangeError: Maximum call stack size exceeded with a small payload...

4.3CVSS6AI score0.00469EPSS
Exploits1References6
EUVD
EUVD
added 2026/03/25 7:53 p.m.6 views

EUVD-2026-14498

AVideo has Pre-Captcha User Enumeration and Account Status Disclosure in Password Recovery Endpoint...

5.3CVSS5.8AI score0.00278EPSS
Exploits1References3
OSV
OSV
added 2026/03/25 7:53 p.m.3 views

GHSA-M99F-MMVG-3XMX AVideo has Pre-Captcha User Enumeration and Account Status Disclosure in Password Recovery Endpoint

Summary The password recovery endpoint at objects/userRecoverPass.php performs user existence and account status checks before validating the captcha. This allows an unauthenticated attacker to enumerate valid usernames and determine whether accounts are active, inactive, or banned — at scale and...

5.3CVSS5.9AI score0.00278EPSS
Exploits1References4
SUSE Linux
SUSE Linux
added 2026/03/25 7:34 p.m.5 views

Security update for the Linux Kernel (Live Patch 36 for SUSE Linux Enterprise 15 SP4)

This update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.150 fixes various security issues The following security issues were fixed: CVE-2022-50697: mrp: introduce active flags to prevent UAF when applicant uninit bsc1255595. CVE-2023-53781: smc: Fix use-after-free in tcpwritetimerhandl...

8.7CVSS6.7AI score0.00278EPSS
Exploits0References40
EUVD
EUVD
added 2026/03/25 6:31 p.m.5 views

EUVD-2026-15559

Missing Authorization vulnerability in loopus WP Cost Estimation & Payment Forms Builder WPEstimationForm allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Cost Estimation & Payment Forms Builder: from n/a through 10.3.0...

5.8AI score0.00377EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/25 6:24 p.m.2 views

CVE-2026-23296

A flaw was found in the Linux kernel's SCSI core. A reference count leak, a type of resource management issue, occurs when tearing down a SCSI host due to an error in the tagsetrefcnt mechanism. This can cause the system to hang, leading to a Denial of Service DoS for the affected system...

5.5CVSS5.7AI score0.00123EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/25 6:13 p.m.3 views

CVE-2026-23284

A flaw was found in the Linux kernel's mtkethsoc driver. This vulnerability occurs when an error in the mtkopen routine within mtkxdpsetup leads to an incorrect reset of the eBPF Extended Berkeley Packet Filter program pointer without properly decreasing its reference count. This improper resourc...

5.7AI score0.00123EPSS
Exploits0References4
OSV
OSV
added 2026/03/25 6:10 p.m.5 views

SUSE-SU-2026:20945-1 Security update for the Linux Kernel (Live Patch 1 for SUSE Linux Enterprise 16)

This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.6.1 fixes various security issues The following security issues were fixed: - CVE-2025-40214: afunix: Initialise sccindex in unixaddedge bsc1255052. - CVE-2025-40258: mptcp: fix race condition in mptcpschedulework bsc1255053. -...

5.5CVSS6.5AI score0.00176EPSS
Exploits0References17
SUSE Linux
SUSE Linux
added 2026/03/25 5:54 p.m.3 views

Security update for the Linux Kernel (Live Patch 70 for SUSE Linux Enterprise 12 SP5)

This update for the SUSE Linux Enterprise Kernel 4.12.14-122.266 fixes various security issues The following security issues were fixed: CVE-2022-50423: ACPICA: Fix use-after-free in acpiutcopyipackagetoipackage bsc1250785. CVE-2022-50697: mrp: introduce active flags to prevent UAF when applicant...

8.7CVSS6.7AI score0.00278EPSS
Exploits0References36
Github Security Blog
Github Security Blog
added 2026/03/25 5:33 p.m.7 views

@grackle-ai/server JSON.parse lacks try-catch logic in its gRPC Service AdapterConfig Handling

Impact JSON.parseenv.adapterConfig is called without error handling in three locations within the gRPC service. While the data originates from the server's own SQLite database and should always be valid JSON, database corruption, migration errors, or unexpected state could cause an unhandled...

5.8AI score
Exploits0References2Affected Software1
OSV
OSV
added 2026/03/25 5:33 p.m.4 views

GHSA-8G29-8XWR-QMHR @grackle-ai/server JSON.parse lacks try-catch logic in its gRPC Service AdapterConfig Handling

Impact JSON.parseenv.adapterConfig is called without error handling in three locations within the gRPC service. While the data originates from the server's own SQLite database and should always be valid JSON, database corruption, migration errors, or unexpected state could cause an unhandled...

2.1CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/03/25 5:27 p.m.2 views

Origin Validation Error

Overview @grackle-ai/server is a Grackle server orchestrator — spawns and wires core gRPC, web-server HTTP, MCP, and PowerLine Affected versions of this package are vulnerable to Origin Validation Error via the connection handler process. An attacker can gain unauthorized access to real-time...

7.1CVSS5.8AI score
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/03/25 5:17 p.m.6 views

CVE-2026-34085

fontconfig before 2.17.1 has an off-by-one error in allocation during sfnt capability handling, leading to a one-byte out-of-bounds write, and potentially a crash or code execution. This is in FcFontCapabilities in fcfreetype.c...

7.8CVSS5.9AI score0.00125EPSS
Exploits0References1
Snyk
Snyk
added 2026/03/25 5:15 p.m.3 views

Cross-site Scripting (XSS)

Overview @grackle-ai/server is a Grackle server orchestrator — spawns and wires core gRPC, web-server HTTP, MCP, and PowerLine Affected versions of this package are vulnerable to Cross-site Scripting XSS via the renderPairingPage function. An attacker can inject malicious scripts into the rendere...

4.7CVSS5.6AI score
Exploits0References2
OSV
OSV
added 2026/03/25 5:15 p.m.2 views

GHSA-7Q9X-8G6P-3X75 @grackle-ai/server: Unescaped Error String in renderPairingPage() HTML Template

Impact The renderPairingPage function embeds the error parameter directly into HTML without escaping: typescript const errorHtml = error ? $error : ""; All current call sites pass hardcoded strings, so this is not exploitable today. However, the function is architecturally fragile — if a future...

2.3CVSS5.9AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/25 5:1 p.m.4 views

CVE-2026-23305

A flaw was found in the accel/rocket component of the Linux kernel. This vulnerability arises from improper error handling during the unwinding process in the rocketprobe function. When the rocketcoreinit function fails, the system does not correctly manage resources, leading to out-of-bounds...

5.7AI score0.00124EPSS
Exploits0References4
Rows per page
Query Builder