Lucene search
K

74049 matches found

Hacker One
Hacker One
added 2026/03/22 4:52 a.m.10 views

AWS VDP: Health check errors silently dropped when channel buffer full

Component: pkg/plugin/plugin.go:153-156, pkg/plugin/pluginv2.go:156-158 Affected Version: aws-encryption-provider @ 4341c70 all versions Found by: Source audit TLP: TLP:Amber --- Summary When KMS operations fail, the error is sent to a buffered channel healthCheckErrc, size 100 via a non-blocking...

6AI score
Exploits0
SUSE CVE
SUSE CVE
added 2026/03/22 12:24 a.m.6 views

SUSE CVE-2026-23273

In the Linux kernel, the following vulnerability has been resolved: macvlan: observe an RCU grace period in macvlancommonnewlink error path valis reported that a race condition still happens after my prior patch. macvlancommonnewlink might have made @dev visible before detecting an error, and its...

6.4CVSS5.7AI score0.00119EPSS
Exploits0References22
CNNVD
CNNVD
added 2026/03/22 12:0 a.m.8 views

UltraVNC Viewer 缓冲区错误漏洞

UltraVNC Viewer is a remote desktop client developed by UltraVNC Corporation. Version 1.2.2.4 of UltraVNC Viewer contains a buffer error vulnerability. This vulnerability stems from a denial-of-service attack on the VNC Server’s input fields, which could allow attackers to cause the application t...

7.1CVSS6AI score0.00689EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/22 12:0 a.m.13 views

HeidiSQL 缓冲区错误漏洞

HeidiSQL is an open-source database management graphical interface tool developed by HeidiSQL. Version HeidiSQL 10.1.0.5464 contains a buffer error vulnerability. This vulnerability stems from a denial-of-service vulnerability in the password field, which could allow local attackers to cause the...

6.9CVSS6AI score0.00137EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/03/22 12:0 a.m.8 views

SUSE SLES15 Security Update : kernel (Live Patch 8 for SUSE Linux Enterprise 15 SP7 RT) (SUSE-SU-2026:0945-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0945-1 advisory. This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.7.28 fixes various security issues The following security issues were fixed: -...

5.5CVSS6.1AI score0.00173EPSS
Exploits0References13
CNNVD
CNNVD
added 2026/03/21 12:0 a.m.8 views

OpenClaw 访问控制错误漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an Access Control Error vulnerability that stems from the BlueBubbles webhook handler containing a passwordless fallback authentication path, which can be exploited by an attacker to cause an...

6.5CVSS5.8AI score0.00249EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/03/20 8:46 p.m.10 views

Syft improper temporary file cleanup

Impact Syft versions before v1.42.3 would not properly cleanup temporary storage if the temporary storage was exhausted during a scan. When scanning archives Syft will unpack those archives into temporary storage then inspect the unpacked contents. Under normal operation Syft will remove the...

5.3CVSS5.8AI score0.00408EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/03/20 8:45 p.m.2 views

GHSA-QPC3-FG4J-8HGM Parse Server has a protected field change detection oracle via LiveQuery watch parameter

Impact An attacker can subscribe to LiveQuery with a watch parameter targeting a protected field. Although the protected field value is properly stripped from event payloads, the presence or absence of update events reveals whether the protected field changed, creating a binary oracle. For boolea...

6.3CVSS5.8AI score0.00316EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/03/20 8:45 p.m.7 views

Parse Server has a protected field change detection oracle via LiveQuery watch parameter

Impact An attacker can subscribe to LiveQuery with a watch parameter targeting a protected field. Although the protected field value is properly stripped from event payloads, the presence or absence of update events reveals whether the protected field changed, creating a binary oracle. For boolea...

6.3CVSS5.8AI score0.00316EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2026/03/20 8:35 p.m.4 views

GHSA-9F94-5G5W-GF6R CRL Distribution Point Scope Check Logic Error in AWS-LC

Summary AWS-LC is an open-source, general-purpose cryptographic library. Impact A logic error in CRL distribution point matching in AWS-LC allows a revoked certificate to bypass revocation checks during certificate validation, when the application enables CRL checking and uses partitioned CRLs wi...

7.4CVSS5.9AI score0.00252EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/03/20 8:35 p.m.10 views

CRL Distribution Point Scope Check Logic Error in AWS-LC

Summary AWS-LC is an open-source, general-purpose cryptographic library. Impact A logic error in CRL distribution point matching in AWS-LC allows a revoked certificate to bypass revocation checks during certificate validation, when the application enables CRL checking and uses partitioned CRLs wi...

5.9AI score
Exploits0References5Affected Software2
Cvelist
Cvelist
added 2026/03/20 2:42 p.m.20 views

CVE-2026-33312 Read-only Vikunja users can delete project background images via broken object-level authorization

Vikunja is an open-source self-hosted task management platform. Starting in version 0.20.2 and prior to version 2.2.0, the DELETE /api/v1/projects/:project/background endpoint checks CanRead permission instead of CanUpdate, allowing any user with read-only access to a project to permanently delet...

5.3CVSS0.00211EPSS
Exploits1References2
OSV
OSV
added 2026/03/20 2:24 p.m.4 views

OESA-2026-1664 edk2 security update

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: Issue summary: Calling PKCS12getfriendlyname function on a maliciously crafted PKCS12 file with a BMPString UTF-16BE friendly name containing non-ASCII BMP code...

7.4CVSS6AI score0.00444EPSS
Exploits1References2
NVD
NVD
added 2026/03/20 2:16 p.m.3 views

CVE-2026-31382

The errordescription parameter is vulnerable to Reflected XSS. An attacker can bypass the domain's WAF using a Safari-specific onpagereveal payload...

6.1CVSS0.00245EPSS
Exploits1References2
SUSE Linux
SUSE Linux
added 2026/03/20 1:41 p.m.5 views

Security update for

This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.7.25 fixes various security issues The following security issues were fixed: CVE-2025-40258: mptcp: fix race condition in mptcpschedulework bsc1255053. CVE-2025-40297: net: bridge: fix use-after-free due to MST port state bypass...

8.7CVSS6.4AI score0.00176EPSS
Exploits0References24
Vulnrichment
Vulnrichment
added 2026/03/20 1:4 p.m.4 views

CVE-2026-31382 Gainsight Assist reflected XSS/HTML injection

The errordescription parameter is vulnerable to Reflected XSS. An attacker can bypass the domain's WAF using a Safari-specific onpagereveal payload...

6.1CVSS5.8AI score0.00303EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/20 1:4 p.m.25 views

CVE-2026-31382 Gainsight Assist reflected XSS/HTML injection

The errordescription parameter is vulnerable to Reflected XSS. An attacker can bypass the domain's WAF using a Safari-specific onpagereveal payload...

6.1CVSS0.00245EPSS
Exploits1References2
CVE
CVE
added 2026/03/20 1:4 p.m.6 views

CVE-2026-31382

CVE-2026-31382 (Gainsight Assist) is a reflected XSS in the error_description parameter. An attacker can bypass a domain WAF using a Safari-specific onpagereveal payload, enabling HTML/script injection. Public sources in the connected set confirm the vulnerability type as reflected XSS/HTML injec...

6.1CVSS5.8AI score0.00303EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/20 1:4 p.m.1 views

CVE-2026-31382

The errordescription parameter is vulnerable to Reflected XSS. An attacker can bypass the domain's WAF using a Safari-specific onpagereveal payload...

6.1CVSS5.8AI score0.00303EPSS
Exploits1References2
Rapid7 Blog
Rapid7 Blog
added 2026/03/20 1:0 p.m.7 views

CVE-2026-31381, CVE-2026-31382: Gainsight Assist Information Disclosure and Cross-Site Scripting (FIXED)

Overview Rapid7 Labs recently identified a chain of security vulnerabilities in the Gainsight Assist plugin and its interactions with the associated domain app.gainsight.com. These vulnerabilities include an Information Disclosure flaw CVE-2026-31381 and a Reflected Cross-Site Scripting XSS...

6.1CVSS5.8AI score0.00303EPSS
Exploits1
Rows per page
Query Builder