Lucene search
K

74050 matches found

CNNVD
CNNVD
added 2026/03/20 12:0 a.m.7 views

tinytag 安全漏洞

Tinytag is a Python library developed by Tinytag that reads metadata from audio files. Version 2.2.0 of Tinytag contains a security vulnerability. This vulnerability stems from an incorrect assumption during the parsing of ID3v2 SYLT frames, which may lead to non-terminating loops and cause...

6.5CVSS5.8AI score0.0041EPSS
Exploits1References5
Packet Storm News
Packet Storm News
added 2026/03/20 12:0 a.m.1 views

Full Network Nonlocality Based Security in Quantum Key Distribution

In the last decade research of quantum nonlocality has moved beyond the regime of standard Bell nonlocality to consider network-based experimental set-ups involving multiple independent sources. Notion of full network nonlocality has emerged as some truly network phenomena that cannot be realized...

5.9AI score
Exploits0
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.8 views

astral-tokio-tar 安全漏洞

astral-tokio-tar is an open-source Rust library developed by Astral. Versions of astral-tokio-tar 0.5.6 and earlier contain security vulnerabilities. These vulnerabilities stem from a silent skipping of format-errors PAX extensions during the parsing of tar archives. Such behavior could potential...

6.3CVSS5.8AI score0.00249EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.7 views

libde265 缓冲区错误漏洞

libde265 is a video codec developed by Struktur AG as open source. Versions of libde265 prior to 1.0.17 contained a buffer error vulnerability. This vulnerability arises from out-of-bounds heap writes when processing specially crafted HEVC bitstreams...

5.5CVSS6AI score0.00232EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/20 12:0 a.m.6 views

PT-2026-26760

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.54 Parse Server versions prior to 9.6.0-alpha.43 Description Parse Server contains a flaw where an attacker can subscribe to LiveQuery using a watch parameter that targets a protected field. While the actual...

6.3CVSS5.7AI score0.00316EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.8 views

Google Chrome 输入验证错误漏洞

Google Chrome is a web browser developed by Google Inc. In versions prior to 146.0.7680.153, there was a vulnerability related to input validation. This vulnerability stemmed from integer overflow in the ANGLE component, which could allow remote attackers to exploit heap corruption through...

8.8CVSS5.9AI score0.00253EPSS
Exploits0References3
Kaspersky
Kaspersky
added 2026/03/20 12:0 a.m.7 views

KLA90954 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to cause denial of service. Below is a complete list of vulnerabilities: 1. Integer underflow vulnerability in Dawn can be exploited to cause denial of service. 2. Out of bounds memory read...

8.8CVSS5.8AI score0.00281EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.10 views

Gainsight Assist 安全漏洞

Gainsight Assist is a customer communication template management tool developed by Gainsight Inc. There is a security vulnerability in Gainsight Assist, which stems from improper handling of the errordescription parameter. This vulnerability may lead to reflective cross-site scripting attacks...

6.1CVSS5.9AI score0.00303EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.4 views

free5GC 输入验证错误漏洞

free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of free5GC prior to 1.2.2 contained a vulnerability related to input validation errors. This vulnerability stemmed from excessive slicing access within the CHF nchf-convergedcharging service, which could lea...

7.1CVSS6.4AI score0.00404EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.11 views

free5GC 安全漏洞

free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of free5GC prior to 1.4.2 contained security vulnerabilities. These vulnerabilities stemmed from UDM’s improper handling of PATCH requests with empty supi path parameters. UDM incorrectly converted downstrea...

8.7CVSS6.4AI score0.00321EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.9 views

free5GC 安全漏洞

free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of free5GC prior to 1.4.2 contained security vulnerabilities. These vulnerabilities stemmed from improper handling of UDM errors; when a downstream error of 400 was converted to an error of 500, it could lea...

6.9CVSS6.4AI score0.00282EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2026/03/20 12:0 a.m.5 views

CVE-2026-33192

Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. In versions prior to 1.4.2, the UDM incorrectly converts a downstream 400 Bad Request from UDR into a 500 Internal Server Error when handling PATCH requests with an empty supi path parameter...

8.7CVSS5.7AI score0.00321EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/03/20 12:0 a.m.7 views

PT-2026-26768

Name of the Vulnerable Software and Affected Versions Syft versions prior to 1.42.3 Description Syft did not properly remove temporary files if temporary storage became full during a scan. This occurred when unpacking archives, specifically with large or highly compressed archives. The issue caus...

5.3CVSS5.8AI score0.00408EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/03/19 11:49 p.m.6 views

crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate

A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the HostnameError.Error function. This flaw, caused by unbounded string concatenation, leads to excessive resource...

7.5CVSS7.1AI score0.00459EPSS
Exploits2References8
EUVD
EUVD
added 2026/03/19 10:7 p.m.6 views

EUVD-2026-13330

OpenClaw versions prior to 2026.3.1 fail to properly handle authentication bootstrap errors during startup, allowing browser-control routes to remain accessible without authentication. Local processes or loopback-reachable SSRF paths can exploit this to access browser-control routes including...

7.5CVSS5.8AI score0.0011EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/19 10:6 p.m.4 views

CVE-2026-32008

OpenClaw versions prior to 2026.2.21 contain an improper URL scheme validation vulnerability in the assertBrowserNavigationAllowed function that allows authenticated users with browser-tool access to navigate to file:// URLs. Attackers can exploit this by accessing local files readable by the...

7.1CVSS5.8AI score0.00403EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2026/03/19 9:34 p.m.5 views

crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate

A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the HostnameError.Error function. This flaw, caused by unbounded string concatenation, leads to excessive resource...

7.5CVSS7.3AI score0.00459EPSS
Exploits2References8
NVD
NVD
added 2026/03/19 9:17 p.m.7 views

CVE-2026-4428

A logic error in CRL distribution point validation in AWS-LC before 1.71.0 causes partitioned CRLs to be incorrectly rejected as out of scope, which allows a revoked certificate to bypass certificate revocation checks. To remediate this issue, users should upgrade to AWS-LC 1.71.0 or...

9.1CVSS0.00252EPSS
Exploits0References2
OSV
OSV
added 2026/03/19 9:17 p.m.10 views

CVE-2026-4428

A logic error in CRL distribution point validation in AWS-LC before 1.71.0 causes partitioned CRLs to be incorrectly rejected as out of scope, which allows a revoked certificate to bypass certificate revocation checks. To remediate this issue, users should upgrade to AWS-LC 1.71.0 or...

9.1CVSS5.8AI score
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/03/19 9:11 p.m.8 views

crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate

A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the HostnameError.Error function. This flaw, caused by unbounded string concatenation, leads to excessive resource...

7.5CVSS7.3AI score0.00459EPSS
Exploits2References8
Rows per page
Query Builder