Lucene search
K

93 matches found

EUVD
EUVD
added 2026/06/29 6:31 p.m.6 views

EUVD-2026-40170

Gigamon GVOS v5.16.1 and below is vulnerable to Directory Traversal in the GVOS H-VUE subsystem...

7.5CVSS5.8AI score0.00695EPSS
Exploits2References3
NVD
NVD
added 2026/06/22 4:16 p.m.10 views

CVE-2026-53655

node-tar is a full-featured Tar for Node.js. Prior to 7.5.16, tar node-tar applies a PAX extended header's size= record and other PAX overrides to the next header entry of any type, including intermediary metadata headers such as a GNU long-name L or long-link K entry. Per POSIX pax, a PAX extend...

6.9CVSS0.00107EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux, Linux 5.10

A memory flaw after deallocation was discovered in the Linux kernel’s garbage collection for Unix domain socket file handlers. This flaw occurs when users call close and fget simultaneously, potentially triggering a race condition. This flaw allows a local user to crash the system or escalate the...

7CVSS6.7AI score0.0031EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/26 9:56 p.m.5 views

CVE-2026-27457 Weblate: Missing access control for the AddonViewSet API exposes all addon configurations

Weblate is a web based localization tool. Prior to version 5.16.1, the REST API's AddonViewSet weblate/api/views.py, line 2831 uses queryset = Addon.objects.all without overriding getqueryset to scope results by user permissions. This allows any authenticated user or anonymous users if REQUIRELOG...

4.3CVSS5.9AI score0.00303EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/02/26 9:56 p.m.24 views

CVE-2026-27457 Weblate: Missing access control for the AddonViewSet API exposes all addon configurations

Weblate is a web based localization tool. Prior to version 5.16.1, the REST API's AddonViewSet weblate/api/views.py, line 2831 uses queryset = Addon.objects.all without overriding getqueryset to scope results by user permissions. This allows any authenticated user or anonymous users if REQUIRELOG...

4.3CVSS0.00303EPSS
Exploits0References6
OSV
OSV
added 2026/02/26 9:56 p.m.6 views

CVE-2026-27457 Weblate: Missing access control for the AddonViewSet API exposes all addon configurations

Weblate is a web based localization tool. Prior to version 5.16.1, the REST API's AddonViewSet weblate/api/views.py, line 2831 uses queryset = Addon.objects.all without overriding getqueryset to scope results by user permissions. This allows any authenticated user or anonymous users if REQUIRELOG...

4.3CVSS5.9AI score0.00303EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/02/26 12:0 a.m.7 views

PT-2026-22201

Name of the Vulnerable Software and Affected Versions Weblate versions prior to 5.16.1 Description Weblate’s REST API AddonViewSet in weblate/api/views.py line 2831 did not properly restrict access to addon information based on user permissions. Specifically, the queryset = Addon.objects.all...

4.3CVSS5.9AI score0.00303EPSS
Exploits0References19
RedhatCVE
RedhatCVE
added 2026/02/20 1:22 a.m.7 views

CVE-2026-24126

Weblate is a web based localization tool. Prior to 5.16.0, the SSH management console did not validate the passed input while adding the SSH host key, which could lead to an argument injection to ssh-add. Version 5.16.0 fixes the issue. As a workaround, properly limit access to the management...

9.1CVSS5.5AI score0.00447EPSS
Exploits3References1
SUSE CVE
SUSE CVE
added 2026/02/20 12:24 a.m.7 views

SUSE CVE-2026-24126

Weblate is a web based localization tool. Prior to 5.16.0, the SSH management console did not validate the passed input while adding the SSH host key, which could lead to an argument injection to ssh-add. Version 5.16.0 fixes the issue. As a workaround, properly limit access to the management...

9.1CVSS5.8AI score0.00447EPSS
Exploits3References3
CVE
CVE
added 2026/02/19 8:26 a.m.15 views

CVE-2026-24999

CVE-2026-24999 concerns WordPress plugin “Alma gateway for WooCommerce” (WordPress Alma plugin

5.3CVSS5.4AI score0.00214EPSS
Exploits0References1
NVD
NVD
added 2026/02/19 12:16 a.m.10 views

CVE-2026-24126

Weblate is a web based localization tool. Prior to 5.16.0, the SSH management console did not validate the passed input while adding the SSH host key, which could lead to an argument injection to ssh-add. Version 5.16.0 fixes the issue. As a workaround, properly limit access to the management...

9.1CVSS0.00447EPSS
Exploits3References3
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.12 views

PT-2026-20672

Missing Authorization vulnerability in Alma Alma alma-gateway-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Alma: from n/a through = 5.16.1...

5.5AI score0.00214EPSS
Exploits0References1
CVE
CVE
added 2026/02/18 11:5 p.m.38 views

CVE-2026-24126

CVE-2026-24126 (Weblate) : The SSH host-key management endpoint accepts the admin-supplied host value and forwards it to ssh-keyscan without validation, enabling argument injection and potential arbitrary local-file read by the web server user. Affected: Weblate versions ≤ 5.15.2; Impact: read se...

9.1CVSS5.5AI score0.00447EPSS
Exploits3References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/18 11:5 p.m.4 views

CVE-2026-24126 Weblate has an argument injection in management console

Weblate is a web based localization tool. Prior to 5.16.0, the SSH management console did not validate the passed input while adding the SSH host key, which could lead to an argument injection to ssh-add. Version 5.16.0 fixes the issue. As a workaround, properly limit access to the management...

6.6CVSS5.5AI score0.00447EPSS
Exploits3References3
Cvelist
Cvelist
added 2026/02/18 11:5 p.m.32 views

CVE-2026-24126 Weblate has an argument injection in management console

Weblate is a web based localization tool. Prior to 5.16.0, the SSH management console did not validate the passed input while adding the SSH host key, which could lead to an argument injection to ssh-add. Version 5.16.0 fixes the issue. As a workaround, properly limit access to the management...

6.6CVSS0.00447EPSS
Exploits3References3
SUSE CVE
SUSE CVE
added 2026/02/12 12:25 a.m.5 views

SUSE CVE-2026-25934

go-git is a highly extensible git implementation library written in pure Go. Prior to 5.16.5, a vulnerability was discovered in go-git whereby data integrity values for .pack and .idx files were not properly verified. This resulted in go-git potentially consuming corrupted files, which would like...

4.3CVSS5.6AI score0.00136EPSS
Exploits0References10
OSV
OSV
added 2026/02/10 12:28 a.m.4 views

GHSA-37CX-329C-33X3 go-git improperly verifies data integrity values for .idx and .pack files

Impact A vulnerability was discovered in go-git whereby data integrity values for .pack and .idx files were not properly verified. This resulted in go-git potentially consuming corrupted files, which would likely result in unexpected errors such as object not found. For context, clients fetch...

4.3CVSS5.6AI score0.00136EPSS
Exploits0References4
Snyk
Snyk
added 2026/02/09 11:23 p.m.2 views

Improper Validation of Integrity Check Value

Overview Affected versions of this package are vulnerable to Improper Validation of Integrity Check Value for .idx and .pack files. An attacker can cause the application to consume corrupted files, leading to unexpected errors, due to checksums not being checked in the loadIdxFile function...

5.3CVSS5.7AI score0.00136EPSS
Exploits0References2
OSV
OSV
added 2026/02/09 11:16 p.m.3 views

DEBIAN-CVE-2026-25934

go-git is a highly extensible git implementation library written in pure Go. Prior to 5.16.5, a vulnerability was discovered in go-git whereby data integrity values for .pack and .idx files were not properly verified. This resulted in go-git potentially consuming corrupted files, which would like...

4.3CVSS7.6AI score0.00136EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/09 10:13 p.m.2 views

CVE-2026-25934 go-git improperly verifies data integrity values for .idx and .pack files

go-git is a highly extensible git implementation library written in pure Go. Prior to 5.16.5, a vulnerability was discovered in go-git whereby data integrity values for .pack and .idx files were not properly verified. This resulted in go-git potentially consuming corrupted files, which would like...

4.3CVSS5.5AI score0.00136EPSS
Exploits0References2
Rows per page
Query Builder