Lucene search
K

68 matches found

OSV
OSV
added 2026/06/19 9:16 p.m.5 views

GHSA-M4W9-HJFW-VWJ4 http4k: `HmacSha256.hash` (despite the `Hmac` naming) computed a plain unkeyed digest; clarified by deprecation in favour of `Sha256.hash` / `Sha256.hmac`

Impact The HmacSha256 class contained two functions: - hashpayload — a plain unkeyed SHA-256 digest. The Hmac prefix in the class name was misleading; this function has no key parameter, so it could never have been an HMAC. - hmacSHA256key, data — a properly keyed HMAC-SHA256. A reader who didn't...

8.2CVSS5.9AI score
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/16 12:0 a.m.7 views

Fedora 43 : yelp (2026-7c3b91a2bc)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-7c3b91a2bc advisory. Yelp 49.1, fixing: Flatpak applications are able to exfiltrate host files due to yelp's CSP being too permissive Tenable has extracted the preceding...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/13 12:1 p.m.5 views

MINI-P36M-MRPH-49V2

Bulletin has no description...

7.5CVSS5.7AI score0.00429EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/05/04 12:0 a.m.6 views

RHCOS 9 : OpenShift Container Platform 4.13.49 (RHSA-2024:6011)

The remote Red Hat Enterprise Linux CoreOS 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:6011 advisory. - jinja2: accepts keys containing non-attribute characters CVE-2024-34064 Note that Nessus has not tested for this issue but has instead reli...

5.4CVSS6.8AI score0.00979EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/21 12:41 p.m.3 views

CVE-2026-6785

Memory safety bugs present in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This...

6AI score0.00513EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.8 views

PT-2026-33970

Name of the Vulnerable Software and Affected Versions Firefox version 149 Thunderbird version 149 Description Memory safety bugs exist that show evidence of memory corruption, which could potentially be exploited to execute arbitrary code. Recommendations Update Firefox to version 150. Update...

8.8CVSS6AI score0.00302EPSS
Exploits0References59
RedHat Linux
RedHat Linux
added 2026/04/15 10:31 a.m.5 views

firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume th...

9.8CVSS7.3AI score0.00424EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/15 12:0 a.m.9 views

Bouncy Castle Java 安全漏洞

Bouncy Castle Java is an open-source encryption algorithm developed by Legion of the Bouncy Castle Inc. Versions of Bouncy Castle Java from 1.49 to 1.84 contained security vulnerabilities. These vulnerabilities were due to the use of defective encryption algorithms, which could allow empty...

6.3CVSS7.1AI score0.00392EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/04/07 11:57 a.m.5 views

WordPress WPAMS plugin < 49.5.3 - Arbitrary Content Deletion vulnerability

Arbitrary Content Deletion vulnerability discovered by Denver Jackson in WordPress Plugin WPAMS versions 49.5.3...

5.9AI score0.00352EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2026/03/24 3:30 p.m.2 views

EUVD-2026-14843

Incorrect boundary conditions in the Audio/Video component. This vulnerability affects Firefox 149 and Firefox ESR 140.9...

7.5CVSS5.8AI score0.00433EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/03/24 1:16 p.m.9 views

CVE-2026-4693

Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9...

7.5CVSS7.3AI score0.00687EPSS
Exploits0References10
UbuntuCve
UbuntuCve
added 2026/03/24 1:16 p.m.5 views

CVE-2026-4720

Memory safety bugs present in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in...

9.8CVSS7.4AI score0.00424EPSS
Exploits0References9
OSV
OSV
added 2026/03/24 1:16 p.m.6 views

UBUNTU-CVE-2026-4684

Race condition, use-after-free in the Graphics: WebRender component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9...

7.5CVSS7.2AI score0.00352EPSS
Exploits0References11
AlpineLinux
AlpineLinux
added 2026/03/24 12:30 p.m.1 views

CVE-2026-4713

Incorrect boundary conditions in the Graphics component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9...

7.5CVSS7.2AI score0.00433EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/24 12:30 p.m.12 views

CVE-2026-4707 Incorrect boundary conditions in the Graphics: Canvas2D component

Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9...

7.2AI score0.00577EPSS
Exploits0References6
AlpineLinux
AlpineLinux
added 2026/03/24 12:30 p.m.6 views

CVE-2026-4705

Undefined behavior in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9...

9.8CVSS7.2AI score0.00418EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/03/24 12:30 p.m.9 views

CVE-2026-4688

Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9...

10CVSS7.9AI score0.00531EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/03/24 12:30 p.m.11 views

CVE-2026-4684

Race condition, use-after-free in the Graphics: WebRender component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9...

7.5CVSS8AI score0.00352EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/03/24 12:0 a.m.2 views

PT-2026-27515

Name of the Vulnerable Software and Affected Versions Thunderbird versions prior to 140.9 Thunderbird versions prior to 149 Description A spoofing issue exists in Thunderbird. Recommendations Update Thunderbird to version 140.9 or later. Update Thunderbird to version 149 or later...

10CVSS6.4AI score0.01279EPSS
Exploits1References53
OSV
OSV
added 2026/03/04 5:32 a.m.5 views

MINI-V49R-3P5R-2JVM

Bulletin has no description...

8.6CVSS5.9AI score0.00472EPSS
Exploits0
Rows per page
Query Builder