Lucene search
+L

788 matches found

RedHat Linux
RedHat Linux
added 3 days ago6 views

Low: Red Hat Security Advisory: capstone security update

An update for capstone is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...

9.8CVSS6.7AI score0.0017EPSS
Exploits0References2
OSV
OSV
added 3 days ago2 views

CVE-2026-45064 Symfony: HtmlSanitizer URL Attributes Pass Through BiDi Override Characters → Visual href Spoofing

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 6.1.0-BETA1 until 6.4.40, 7.4.12, and 8.0.12, UrlSanitizer::parse passes Unicode explicit-direction BiDi formatting characters through into sanitized href and src attributes, allowing sanitized...

2.3CVSS6.1AI score0.00293EPSS
Exploits0References7
OSV
OSV
added 3 days ago3 views

DEBIAN-CVE-2026-62641

In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, the TNEF decoder was subject to denial of service via a crafted compressed-RTF size...

4.3CVSS6.1AI score0.00234EPSS
Exploits0References1
OSV
OSV
added 6 days ago3 views

CVE-2026-61861 ImageMagick before 7.1.2-26 Use-After-Free in FormatMagickCaption

ImageMagick before 7.1.2-26 contains a use-after-free vulnerability in the FormatMagickCaption method when memory allocation fails. Attackers can trigger memory allocation failures to cause a dangling pointer to reference freed memory, potentially enabling denial of service or code execution...

6.3CVSS6.2AI score0.00323EPSS
Exploits0References4
OSV
OSV
added 2026/07/08 5:17 p.m.3 views

DEBIAN-CVE-2026-59922

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, a run of closed tilde, equals-sign, or caret marker pairs around a character causes quadratic work in src/mistune/plugins/formatting.py when the strikethrough, mark, or insert plugin scans for matching markers from ea...

7.5CVSS6.1AI score0.00366EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/07/08 4:12 p.m.34 views

CVE-2026-59922 Mistune plugins/formatting: quadratic-time parsing on long runs of `~~x~~`, `==x==`, and `^^x^^` markers (strikethrough / mark / insert)

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, a run of closed tilde, equals-sign, or caret marker pairs around a character causes quadratic work in src/mistune/plugins/formatting.py when the strikethrough, mark, or insert plugin scans for matching markers from ea...

7.5CVSS0.00366EPSS
Exploits1References3
OSV
OSV
added 2026/07/08 4:12 p.m.5 views

CVE-2026-59922 Mistune plugins/formatting: quadratic-time parsing on long runs of `~~x~~`, `==x==`, and `^^x^^` markers (strikethrough / mark / insert)

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, a run of closed tilde, equals-sign, or caret marker pairs around a character causes quadratic work in src/mistune/plugins/formatting.py when the strikethrough, mark, or insert plugin scans for matching markers from ea...

7.5CVSS6.1AI score0.00366EPSS
Exploits1References5
CVE
CVE
added 2026/07/08 4:12 p.m.13 views

CVE-2026-59922

Mistune (Python Markdown parser) contains a quadratic-time DoS in formatting.py for long runs of marker pairs (x , ==x==, ^^x^^) in the strikethrough/mark/insert plugins. The issue arises from scanning for matching markers from every possible start position, causing CPU exhaustion. It is fixed in...

7.5CVSS6AI score0.00366EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2026/07/08 9:16 a.m.12 views

CVE-2026-57243

During the process of page opening and form formatting, a JavaScript reentrancy results in an inconsistent document status. Subsequently, with outdated page information, the application attempts to access invalid addresses, causing the application to crash...

6.1CVSS0.00107EPSS
Exploits0References1
CVE
CVE
added 2026/07/08 7:36 a.m.14 views

CVE-2026-57243

CVE-2026-57243 affects Foxit PDF Editor/Reader. A JavaScript reentrancy during page opening and form formatting leads to an inconsistent document status and, with outdated page information, the application accesses invalid addresses, causing a crash. Current details describe the vulnerable operat...

6.1CVSS6AI score0.00107EPSS
Exploits0References1Affected Software2
ATTACKERKB
ATTACKERKB
added 2026/07/08 7:36 a.m.7 views

CVE-2026-57243

During the process of page opening and form formatting, a JavaScript reentrancy results in an inconsistent document status. Subsequently, with outdated page information, the application attempts to access invalid addresses, causing the application to crash...

6.1CVSS6AI score0.00107EPSS
Exploits0References2Affected Software2
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.12 views

PT-2026-56342

Name of the Vulnerable Software and Affected Versions Foxit PDF Editor/Reader affected versions not specified Description During page opening and form formatting, a JavaScript reentrancy—a situation where a function is interrupted and called again before its first execution completes—leads to an...

6.1CVSS6.2AI score0.00107EPSS
Exploits0References5
Ubuntu
Ubuntu
added 2026/07/06 11:3 a.m.7 views

USN-8505-1: Parsl vulnerability

It was discovered that Parsl incorrectly constructed SQL queries using unsafe string formatting with user-supplied input in the parsl-visualize component. A remote attacker could possibly use this issue to perform SQL injection attacks, leading to data exfiltration or a denial of service...

7.3CVSS6.1AI score0.00235EPSS
Exploits1
OSV
OSV
added 2026/06/29 11:50 a.m.8 views

PYSEC-2026-530 SciTokens is vulnerable to SQL Injection in KeyCache

Summary The KeyCache class in scitokens was vulnerable to SQL Injection because it used Python's str.format to construct SQL queries with user-supplied data such as issuer and keyid. This allowed an attacker to execute arbitrary SQL commands against the local SQLite database. Ran the POC below...

9.8CVSS6.3AI score0.00492EPSS
Exploits1References7
Microsoft CVE
Microsoft CVE
added 2026/06/27 8:15 a.m.2 views

netfilter: conntrack: remove sprintf usage

...

9.8CVSS6.1AI score0.00359EPSS
Exploits0
OSV
OSV
added 2026/06/25 10:34 p.m.5 views

GO-2026-5467 Authorizer: CQL/N1QL Injection in Cassandra and Couchbase Backends via fmt.Sprintf String Interpolation in github.com/authorizerdev/authorizer

Authorizer: CQL/N1QL Injection in Cassandra and Couchbase Backends via fmt.Sprintf String Interpolation in github.com/authorizerdev/authorizer...

5.8AI score
Exploits0References4
NVD
NVD
added 2026/06/24 10:16 p.m.7 views

CVE-2026-39894

Cacti is an open source performance and fault management framework. In versions 1.2.30 and below, the locale-dependent decimal formatting in rrdtoolfunctionupdate can corrupt RRDtool metric values. The rrdtoolfunctionupdate function checks metric values with isnumeric and concatenates them into t...

2.9CVSS0.00104EPSS
Exploits0References3
OSV
OSV
added 2026/06/24 10:16 p.m.4 views

UBUNTU-CVE-2026-39894

Cacti is an open source performance and fault management framework. In versions 1.2.30 and below, the locale-dependent decimal formatting in rrdtoolfunctionupdate can corrupt RRDtool metric values. The rrdtoolfunctionupdate function checks metric values with isnumeric and concatenates them into t...

2.9CVSS5.7AI score0.00104EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/06/24 9:55 p.m.7 views

CVE-2026-39894

Cacti is an open source performance and fault management framework. In versions 1.2.30 and below, the locale-dependent decimal formatting in rrdtoolfunctionupdate can corrupt RRDtool metric values. The rrdtoolfunctionupdate function checks metric values with isnumeric and concatenates them into t...

2.9CVSS5.8AI score0.00104EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/24 9:55 p.m.31 views

CVE-2026-39894 Cacti: RRDtool metric shift via LC_NUMERIC locale comma decimal formatting

Cacti is an open source performance and fault management framework. In versions 1.2.30 and below, the locale-dependent decimal formatting in rrdtoolfunctionupdate can corrupt RRDtool metric values. The rrdtoolfunctionupdate function checks metric values with isnumeric and concatenates them into t...

2.9CVSS0.00104EPSS
Exploits0References3
Rows per page
Query Builder