Lucene search
+L

1432 matches found

cvelist
cvelist
added 2026/04/24 7:40 p.m.34 views

CVE-2026-41502 BACnet Stack: Off-by-One Out-of-Bounds Read in ReadPropertyMultiple Object ID Decoder

BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3, an off-by-one out-of-bounds read vulnerability in bacnet-stack's ReadPropertyMultiple service decoder allows unauthenticated remote attackers to read one byte past an allocated buffer boundary by...

8.7CVSS0.00401EPSS
Exploits1References1
nvd
nvd
added 2026/04/24 7:17 p.m.12 views

CVE-2026-41416

PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, there is an integer overflow in media stream buffer size calculation when processing SDP with asymmetric ptime configuration. The overflow may result in an undersized buffer allocation, which can...

9.3CVSS0.00279EPSS
Exploits0References2
osv
osv
added 2026/04/24 5:18 p.m.2 views

CVE-2026-41678 rust-openssl: Incorrect bounds assertion in aes key wrap

rust-openssl provides OpenSSL bindings for the Rust programming language. From to before 0.10.78, aes::unwrapkey contains an incorrect assertion: it checks that out.len + 8 = in.len - 8, ensuring the output buffer is large enough. Because of the inverted check, the function only accepts buffers a...

9.2CVSS6.1AI score0.00294EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/04/24 12:0 a.m.8 views

PT-2026-35048

Name of the Vulnerable Software and Affected Versions Axios versions prior to 0.31.1 Axios versions prior to 1.15.1 Description An incomplete fix for no proxy hostname normalization bypass allows requests to 127.0.0.1 and ::1 to route through a proxy even when no proxy=localhost is configured. Th...

7.5CVSS5.8AI score0.00301EPSS
Exploits1References8
osv
osv
added 2026/04/23 12:16 a.m.9 views

DEBIAN-CVE-2026-41179

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Starting in version 1.48.0 and prior to version 1.73.5, the RC endpoint operations/fsinfo is exposed without AuthRequired: true and accepts attacker-controlled fs input. Because rc.GetFs...

9.8CVSS5.6AI score0.09199EPSS
Exploits2References1
ptsecurity
ptsecurity
added 2026/04/23 12:0 a.m.11 views

PT-2026-34736

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Server-Side Request Forgery SSRF vulnerability exists in FlowiseAI's POST/GET API Chain components that allows unauthenticated attackers to force the server to make arbitrary HTTP requests t...

7.1CVSS7.2AI score0.00233EPSS
Exploits1References2
ibm
ibm
added 2026/04/22 1:27 p.m.6 views

Security Bulletin: Vulnerability in kernel affects IBM Netezza Appliance

Summary The kernel package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-38550 Vulnerability Details CVEID:CVE-2025-38550 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: Delay put pmc-idev in...

7.8CVSS5.5AI score0.00144EPSS
Exploits0Affected Software1
nvd
nvd
added 2026/04/21 9:16 p.m.13 views

CVE-2026-40910

frp is a fast reverse proxy. From 0.43.0 to 0.68.0, frp contains an authentication bypass in the HTTP vhost routing path when routeByHTTPUser is used as part of access control. In proxy-style requests, the routing logic uses the username from Proxy-Authorization to select the routeByHTTPUser...

9.1CVSS0.00269EPSS
Exploits1References1
cve
cve
added 2026/04/21 9:14 p.m.17 views

CVE-2026-40944

Summary: CVE-2026-40944 affects Oxia, a metadata store and coordination system. Before 0.16.2, the TLS trustedCertPool() configuration only loads the first PEM block from CA bundles; when multiple certificates (e.g., intermediate + root) are present, the chain is not fully validated for mTLS. Thi...

6.9CVSS5.8AI score0.0016EPSS
Exploits0References1
euvd
euvd
added 2026/04/21 5:5 p.m.6 views

EUVD-2026-24180

RansomLook is a tool to monitor Ransomware groups and markets and extract their victims. Prior to 1.9.0, the API in the affected application improperly filters private location entries in website/web/api/genericapi.py. Because the code removes elements from a list while iterating over it, entries...

6.9CVSS5.8AI score0.00276EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/04/21 12:41 p.m.3 views

CVE-2026-6786

Memory safety bugs present in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in...

6AI score0.00499EPSS
Exploits0References6
nvd
nvd
added 2026/04/21 2:16 a.m.8 views

CVE-2026-39973

Apktool is a tool for reverse engineering Android APK files. In versions 3.0.0 and 3.0.1, a path traversal vulnerability in brut/androlib/res/decoder/ResFileDecoder.java allows a maliciously crafted APK to write arbitrary files to the filesystem during standard decoding apktool d. This is a...

7.1CVSS0.00182EPSS
Exploits1References4
attackerkb
attackerkb
added 2026/04/18 1:36 a.m.6 views

CVE-2026-40491

gdown is a Google Drive public file/folder downloader. Versions prior to 5.2.2 are vulnerable to a Path Traversal attack within the extractall functionality. When extracting a maliciously crafted ZIP or TAR archive, the library fails to sanitize or validate the filenames of the archive members...

6.5CVSS5.9AI score0.00575EPSS
Exploits1References4Affected Software1
alpinelinux
alpinelinux
added 2026/04/18 1:24 a.m.22 views

CVE-2026-40489

editorconfig-core-c is an EditorConfig core library for use by plugins supporting EditorConfig parsing. Versions up to and including 0.12.10 have a stack-based buffer overflow in ecglob that allows an attacker to crash any application using libeditorconfig by providing a specially crafted directo...

8.6CVSS7.8AI score0.00965EPSS
Exploits1
osv
osv
added 2026/04/17 9:56 p.m.3 views

GHSA-C9H3-5P7R-MRJH OpenClaw: Discord event cover images bypassed sandbox media normalization

Summary Discord event cover images bypassed sandbox media normalization. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.7 = 2026.4.10 Impact Discord event cover image parameters could bypass the sandbox media normalization path used for outbound...

7.7CVSS5.7AI score0.00259EPSS
Exploits0References6
euvd
euvd
added 2026/04/17 9:5 p.m.8 views

EUVD-2026-23557

FastGPT is an AI Agent building platform. In versions prior to 4.14.9.5, the password-based login endpoint uses TypeScript type assertion without runtime validation, allowing an unauthenticated attacker to pass a MongoDB query operator object e.g., "$ne": "" as the password field. This NoSQL...

9.8CVSS5.7AI score0.00627EPSS
Exploits1References3
euvd
euvd
added 2026/04/16 9:8 p.m.8 views

EUVD-2026-23110

sanitize-html allowedTags Bypass via Entity-Decoded Text in nonTextTags Elements...

6.1CVSS5.8AI score0.00235EPSS
Exploits1References3
vulnrichment
vulnrichment
added 2026/04/15 7:38 p.m.6 views

CVE-2026-39857 Information Disclosure via `choices`/`counts` Query Parameters Bypassing publicApiProjection Field Restrictions

ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain an authorization bypass vulnerability in the choices and counts query parameters of the REST API, where these query builders execute MongoDB distinct operations that bypass the publicApiProjection...

5.3CVSS5.8AI score0.00435EPSS
Exploits1References2
nvd
nvd
added 2026/04/15 4:17 a.m.14 views

CVE-2026-40091

SpiceDB is an open source database system for creating and managing security-critical application permissions. In versions 1.49.0 through 1.51.0, when SpiceDB starts with log level info, the startup "configuration" log will include the full datastore DSN, including the plaintext password, inside...

6CVSS0.00166EPSS
Exploits0References2
nvd
nvd
added 2026/04/14 9:16 p.m.10 views

CVE-2026-34160

Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, the PENS Package Exchange Notification Services plugin endpoint at public/plugin/Pens/pens.php is accessible without authentication and accepts a user-controlled package-url parameter that the server fetche...

8.6CVSS0.00344EPSS
Exploits0References3
Rows per page
Query Builder