Lucene search
K

776 matches found

OSV
OSV
added 2026/06/08 1:15 p.m.9 views

JLSEC-2026-578

In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character...

5.3CVSS7.4AI score0.06457EPSS
Exploits0References26
RedhatCVE
RedhatCVE
added 2026/06/05 7:16 p.m.9 views

CVE-2026-42197

RELATE is a web-based courseware package. Versions prior to commit 555f0efb1c5bd7531c07cd73724d7e566a81f620 have a stored cross-site scripting vulnerability that allows any enrolled student to execute arbitrary JavaScript in an administrator's browser session, potentially leading to full admin...

8.7CVSS5.7AI score0.0031EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/02 12:31 a.m.15 views

EUVD-2026-33848

Memory corruption while processing fastboot commands with improperly formatted input...

7.2CVSS5.8AI score0.00097EPSS
Exploits0References2
NVD
NVD
added 2026/05/28 10:16 a.m.16 views

CVE-2026-46149

In the Linux kernel, the following vulnerability has been resolved: scsi: target: configfs: Bound snprintf return in tgptgpmembersshow targettgptgpmembersshow formats LUN paths with snprintf into a 256-byte stack buffer, then will memcpy curlen bytes from that buffer. snprintf returns the length...

7.1CVSS0.00139EPSS
Exploits0References8
Amazon
Amazon
added 2026/05/26 12:0 a.m.23 views

Important: docker

Issue Overview: When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. CVE-2026-33811 When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a...

7.5CVSS7.5AI score0.00813EPSS
Exploits0
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Jinja2

This issue affects the Jinja2 package versions starting from 0.0.0 and earlier than 2.11.3. The ReDoS vulnerability is primarily caused by the punctuationre regex operator and its use of multiple wildcards. The last wildcard is the most exploitable, as it is used to search for trailing punctuatio...

5.3CVSS7.1AI score0.03546EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: HID: uclogic: The reference to the devm device for the hidinput inputdevice name must be corrected. Instead of referring to the input device, the correct device should be used. Referring to the inputdevice would lead to a...

7.8CVSS5.8AI score0.0013EPSS
Exploits0References1
OSV
OSV
added 2026/05/02 1:2 a.m.16 views

CLSA-2026-1777541147 squid34: Fix of 12 CVEs

CVE-2019-12525: fix heap buffer over-read in Digest auth parameter parsing - CVE-2018-1000027: fix NULL pointer dereference in X-Forwarded-For logging for internal transactions - CVE-2018-19131: escape certificate field injection via %D in ERRSECURECONNECTFAIL page - CVE-2018-19132: fix memory...

9.8CVSS6.7AI score0.74477EPSS
Exploits2References1
EUVD
EUVD
added 2026/04/29 5:53 p.m.10 views

EUVD-2026-26270

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.8.0 to before version 4.14.4, a stack-based buffer overflow exists in printhexstring in wazuh-remoted. The bug is triggered when formatting attacker-controlled bytes using sprintfdstbuf +...

6.5CVSS5.9AI score0.00382EPSS
Exploits1References2
OSV
OSV
added 2026/04/29 1:21 p.m.9 views

JLSEC-2026-301

HDF5 Library through 1.14.3 may attempt to dereference uninitialized values in h5toolsstrsprint in tools/lib/h5toolsstr.c called from h5toolsdumpsimpledata in tools/lib/h5toolsdump.c...

5.7CVSS7.4AI score0.00227EPSS
Exploits0References2
OSV
OSV
added 2026/04/28 4:18 a.m.7 views

USN-8202-2 jq vulnerabilities

USN-8202-1 fixed vulnerabilities in jq. This update provides the corresponding update to Ubuntu 26.04 LTS. Original advisory details: It was discovered that jq did not correctly handle certain string concatenations. An attacker could possibly use this issue to cause a denial of service or execute...

8.2CVSS5.9AI score0.00559EPSS
Exploits5References7
OSV
OSV
added 2026/04/24 3:16 p.m.6 views

DEBIAN-CVE-2026-31630

In the Linux kernel, the following vulnerability has been resolved: rxrpc: proc: size address buffers for %pISpc output The AFRXRPC procfs helpers format local and remote socket addresses into fixed 50-byte stack buffers with "%pISpc". That is too small for the longest current-tree IPv6-with-port...

7.8CVSS5.4AI score0.00132EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/24 2:5 a.m.4 views

EUVD-2026-25377

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Versions prior to 8.2.6.4 have a SQL injection vulnerability in the haproxysectionsave function in app/routes/config/routes.py. The serverip parameter, sourced from the URL path, is passed unsanitized through...

9.3CVSS6.2AI score0.00352EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.6 views

PT-2026-34982

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In the AF RXRPC procfs helpers, local and remote socket addresses are formatted into fixed 50-byte stack buffers using the %pISpc formatter. This buffer size is insufficient for the...

7.8CVSS5.7AI score0.00378EPSS
Exploits0References144
Ubuntu
Ubuntu
added 2026/04/23 7:35 a.m.10 views

USN-8202-1: jq vulnerabilities

It was discovered that jq did not correctly handle certain string concatenations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue was addressed in Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS...

8.2CVSS5.9AI score0.00559EPSS
Exploits5
OSV
OSV
added 2026/04/23 7:35 a.m.7 views

USN-8202-1 jq vulnerabilities

It was discovered that jq did not correctly handle certain string concatenations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue was addressed in Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS...

8.2CVSS6AI score0.00559EPSS
Exploits5References7
Vulnrichment
Vulnrichment
added 2026/04/21 7:12 p.m.7 views

CVE-2026-40871 mailcow: dockerized vulnerable to Second Order SQL Injection in quarantine category via API

mailcow: dockerized is an open source groupware/email suite based on docker. Versions prior to 2026-03b have a second-order SQL injection vulnerability in the quarantinecategory field via the Mailcow API. The /api/v1/add/mailbox endpoint stores quarantinecategory without validation or sanitizatio...

7.2CVSS5.9AI score0.09874EPSS
Exploits0References1
CVE
CVE
added 2026/04/21 7:12 p.m.13 views

CVE-2026-40871

CVE-2026-40871 affects the mailcow: dockerized project. Versions prior to 2026-03b are vulnerable to a second-order SQL injection in the quarantine_category field exposed via the Mailcow API, specifically at the /api/v1/add/mailbox endpoint. The input is stored without validation and later used b...

7.2CVSS6.2AI score0.09874EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/20 7:23 p.m.6 views

CVE-2026-4666

The wpForo Forum plugin for WordPress is vulnerable to unauthorized modification of data due to the use of extract$args, EXTROVERWRITE on user-controlled input in the edit method of classes/Posts.php in all versions up to, and including, 2.4.16. The postedit action handler in Actions.php passes...

6.5CVSS5.7AI score0.00331EPSS
Exploits0References1
OSV
OSV
added 2026/04/19 11:50 a.m.9 views

CLSA-2026-1776599416 curl: Fix of CVE-2024-7264

CVE-2024-7264: fix ASN.1 GTime2str heap buffer over-read caused by off-by-one in fractional seconds length calculation...

6.5CVSS5.9AI score0.17301EPSS
Exploits1References1
Rows per page
Query Builder