Lucene search
K

225 matches found

Rosalinux
Rosalinux
added 2026/02/16 7:7 a.m.6 views

Advisory ROSA-SA-2026-3131

Software: bind 9.11.36 OS: ROSA Virtualization 2.1 unaffected versions = bind-9.11.36-16.rv3.6 affected versions bind-9.11.36-16.rv3.6 CVE-ID: CVE-2025-40778 BDU-ID: 2025-13637 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the BIND DNS server is related to the loading of external unreliable data...

8.6CVSS6.4AI score0.00509EPSS
Exploits1
EUVD
EUVD
added 2026/01/27 4:27 p.m.4 views

EUVD-2026-4746

An out-of-band SQL injection vulnerability OOB SQLi has been detected in the Performance Evaluation EDD application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'Idusuario' and 'Idevaluacion' en ‘/evaluacioninicio.aspx’, could allow an attacker to...

9.3CVSS5.8AI score0.00327EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/27 4:26 p.m.6 views

EUVD-2026-4744

An out-of-band SQL injection vulnerability OOB SQLi has been detected in the Performance Evaluation EDD application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'txAny' in '/evaluacioncompetenciasautoevallist.aspx', could allow an attacker to extra...

9.3CVSS5.8AI score0.00327EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/27 4:26 p.m.3 views

CVE-2026-1472

An out-of-band SQL injection vulnerability OOB SQLi has been detected in the Performance Evaluation EDD application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'txAny' in '/evaluacioncompetenciasautoevallist.aspx', could allow an attacker to extra...

9.3CVSS5.8AI score0.00327EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/27 12:0 a.m.5 views

PT-2026-4973

An out-of-band SQL injection vulnerability OOB SQLi has been detected in the Performance Evaluation EDD application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'Id usuario' in ‘/evaluacion acciones ver auto.aspx’, could allow an attacker to extrac...

9.3CVSS5.8AI score0.00327EPSS
Exploits0References2
NVD
NVD
added 2026/01/15 7:16 p.m.6 views

CVE-2026-22774

Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. From 5.3.0 to 5.6.1, certain inputs can cause devalue.parse to consume excessive CPU time and/or memory, potentially leading to denial of service in systems that parse inpu...

7.5CVSS0.0057EPSS
Exploits0References8
EUVD
EUVD
added 2026/01/15 6:53 p.m.8 views

EUVD-2026-2790

Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. From 5.3.0 to 5.6.1, certain inputs can cause devalue.parse to consume excessive CPU time and/or memory, potentially leading to denial of service in systems that parse inpu...

7.5CVSS6.2AI score0.0057EPSS
Exploits0References5
OSV
OSV
added 2026/01/15 6:53 p.m.5 views

CVE-2026-22774 devalue vulnerable to denial of service due to memory exhaustion in devalue.parse

Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. From 5.3.0 to 5.6.1, certain inputs can cause devalue.parse to consume excessive CPU time and/or memory, potentially leading to denial of service in systems that parse inpu...

7.5CVSS6.7AI score0.0057EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/01/15 12:0 a.m.5 views

PT-2026-3093

Name of the Vulnerable Software and Affected Versions Svelte devalue versions 5.1.0 through 5.6.1 Description Certain inputs can cause the devalue.parse function to consume excessive CPU time and/or memory, potentially leading to a denial of service. This affects applications using devalue.parse ...

7.8CVSS6.6AI score0.0057EPSS
Exploits0References17
RedhatCVE
RedhatCVE
added 2026/01/09 11:26 a.m.7 views

CVE-2021-33629

isula-build before 0.9.5-6 can cause a program crash, when building container images, some functions for processing external data do not remove spaces when processing data...

7.5CVSS7AI score0.00961EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:29 a.m.9 views

CVE-2023-29046

Connections to external data sources, like e-mail autoconfiguration, were not terminated in case they hit a timeout, instead those connections were logged. Some connections use user-controlled endpoints, which could be malicious and attempt to keep the connection open for an extended period of...

4.3CVSS6.9AI score0.00478EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:18 a.m.23 views

CVE-2025-1386

When using the ch-go library, under a specific condition when the query includes a large, uncompressed malicious external data, it is possible for an attacker in control of such data to smuggle another query packet into the connection stream...

5.9CVSS6.8AI score0.00342EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/19 10:13 p.m.7 views

CVE-2025-68382

Out-of-bounds read CWE-125 allows an unauthenticated remote attacker to perform a buffer overflow CAPEC-100 via the NFS protocol dissector, leading to a denial-of-service DoS through a reliable process crash when handling truncated XDR-encoded RPC messages...

6.5CVSS7.5AI score0.002EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2025/12/06 10:58 a.m.324 views

Exploit for Code Injection in Pivotal_Software Spring_Data_Commons

SpringBoot-Toolkit An interactive penetration-testing tool de...

10CVSS8.7AI score0.99939EPSS
Exploits190
Tenable Nessus
Tenable Nessus
added 2025/11/20 12:0 a.m.5 views

TencentOS Server 4: openstack-cinder (TSSA-2025:0077)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0077 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

6.5CVSS6.6AI score0.00835EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/11/13 9:8 a.m.3 views

CVE-2025-64403

Apache OpenOffice Calc spreadsheet can contain links to other files, in the form of "external data sources". A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause such links to be loaded without prompt. This issue affects Apache...

8.1CVSS6.8AI score0.01312EPSS
Exploits0References1
Redos
Redos
added 2025/11/13 12:0 a.m.7 views

ROS-20251113-07

The BIND DNS server vulnerability is related to a pseudo-random number generator PRNG vulnerability. Exploitation exploitation of the vulnerability could allow a remote attacker to compromise the integrity of data in the DNS system A vulnerability in the BIND DNS server is related to the loading ...

8.6CVSS5.5AI score0.1096EPSS
Exploits1
Redos
Redos
added 2025/11/13 12:0 a.m.5 views

ROS-20251113-06

The BIND DNS server vulnerability is related to a pseudo-random number generator PRNG vulnerability. Exploitation exploitation of the vulnerability could allow a remote attacker to compromise the integrity of data in the DNS system A vulnerability in the BIND DNS server is related to the loading ...

8.6CVSS5.5AI score0.1096EPSS
Exploits1
OSV
OSV
added 2025/11/12 9:15 a.m.4 views

CVE-2025-64403

Apache OpenOffice Calc spreadsheet can contain links to other files, in the form of "external data sources". A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause such links to be loaded without prompt. This issue affects Apache...

8.1CVSS5.7AI score0.01312EPSS
Exploits0References3
NVD
NVD
added 2025/11/12 9:15 a.m.11 views

CVE-2025-64403

Apache OpenOffice Calc spreadsheet can contain links to other files, in the form of "external data sources". A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause such links to be loaded without prompt. This issue affects Apache...

8.1CVSS0.01312EPSS
Exploits0References3
Rows per page
Query Builder