Lucene search
K

78 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Jetty9

In Eclipse Jetty versions 9.4.0 through 9.4.46, and 10.0.0 through 10.0.9, as well as 11.0.0 through 11.0.9, the parsing of the authority segment of an http scheme URI causes the Jetty HttpURI class to incorrectly detect an invalid input as a hostname. This can lead to failures in a Proxy scenari...

4CVSS6.7AI score0.01173EPSS
Exploits0References1
OSV
OSV
added 2026/06/07 7:24 p.m.8 views

MINI-PPWM-GP46-RXV7

Bulletin has no description...

9.1CVSS5.2AI score0.00338EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/02 12:0 a.m.16 views

SUSE SLES15 Security Update : kernel (Live Patch 46 for SUSE Linux Enterprise 15 SP4) (SUSE-SU-2026:2158-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2158-1 advisory. This update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.184 fixes various security issues The following security issues were fixed: ...

7.8CVSS5.4AI score0.03663EPSS
Exploits17References16
OSV
OSV
added 2026/05/28 7:52 p.m.9 views

GHSA-2XF4-CG6J-VHGQ symfony/polyfill-intl-idn: xn-- labels with ASCII-only Punycode payloads are treated as equivalent to their decoded form

Description symfony/polyfill-intl-idn provides a userland implementation of idntoutf8 and idntoascii for runtimes that lack the intl extension. Its Idn::process method decodes labels prefixed with xn-- using Punycode but never enforces the validity criterion added in UTS 46 revision 33 Section 4...

6.9CVSS5.9AI score0.00137EPSS
Exploits0References6
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in binutils

A vulnerability has been discovered in GNU Binutils 2.45. The affected element is the function elfswapshdr in the bfd/elfcode.h library of the Linker component. Manipulation of this function leads to a heap-based buffer overflow. This attack must be carried out locally. The exploit has been...

7.8CVSS6AI score0.00235EPSS
Exploits1References2
The Hacker News
The Hacker News
added 2026/04/10 7:58 a.m.9 views

Google Rolls Out DBSC in Chrome 146 to Block Session Theft on Windows

Google has made Device Bound Session Credentials DBSC generally available to all Windows users of its Chrome web browser, months after it began testing the security feature in open beta. The public availability is currently limited to Windows users on Chrome 146, with macOS expansion planned in a...

5.8AI score
Exploits0
NVD
NVD
added 2026/04/08 9:16 p.m.3 views

CVE-2026-39415

Frappe Learning Management System LMS is a learning system that helps users structure their content. Prior to 2.46.0, a vulnerability has been identified in Frappe Learning where quiz scores can be modified by students before submission. The application currently relies on client-side calculated...

5.3CVSS0.00262EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/08 8:7 p.m.4 views

EUVD-2026-20603

Frappe Learning Management System LMS is a learning system that helps users structure their content. Prior to 2.46.0, a vulnerability has been identified in Frappe Learning where quiz scores can be modified by students before submission. The application currently relies on client-side calculated...

5.3CVSS5.8AI score0.00262EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/19 11:37 p.m.5 views

CVE-2026-22735

Spring MVC and WebFlux applications are vulnerable to stream corruption when using Server-Sent Events SSE. This issue affects Spring Foundation: from 7.0.0 through 7.0.5, from 6.2.0 through 6.2.16, from 6.1.0 through 6.1.25, from 5.3.0 through 5.3.46...

2.6CVSS5.8AI score0.00112EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/03/17 12:0 a.m.8 views

Unity Linux 20.1070a Security Update: binutils (UTSA-2026-006232)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006232 advisory. A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elfswapshdr in the library bfd/elfcode.h of the component Linker. The...

7.8CVSS5.7AI score0.00235EPSS
Exploits1References4
Debian CVE
Debian CVE
added 2026/03/06 12:0 a.m.5 views

CVE-2025-69644

An issue was discovered in Binutils before 2.46. The objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed debug information. A logic flaw in the handling of DWARF location list headers can cause objdump to enter an unbounded loop and produce endless...

5CVSS4.3AI score0.00126EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/03/06 12:0 a.m.3 views

CVE-2025-69649

GNU Binutils thru 2.46 readelf contains a null pointer dereference vulnerability when processing a crafted ELF binary with malformed header fields. During relocation processing, an invalid or null section pointer may be passed into displayrelocations, resulting in a segmentation fault SIGSEGV and...

7.5CVSS4.6AI score0.00256EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/02/10 12:0 a.m.9 views

PT-2026-7473

Name of the Vulnerable Software and Affected Versions cryptography versions prior to 46.0.5 Description The public key from numbers or EllipticCurvePublicNumbers.public key, EllipticCurvePublicNumbers.public key, load der public key, and load pem public key functions do not validate that the...

8.2CVSS5.3AI score0.00341EPSS
Exploits0References363
Cvelist
Cvelist
added 2026/01/20 9:56 p.m.16 views

CVE-2026-21946

...

6.1CVSS0.002EPSS
Exploits0References1
OSV
OSV
added 2026/01/18 10:45 p.m.6 views

CVE-2026-23626 Kimai Vulnerable to Authenticated Server-Side Template Injection (SSTI)

Kimai is a web-based multi-user time-tracking application. Prior to version 2.46.0, Kimai's export functionality uses a Twig sandbox with an overly permissive security policy DefaultPolicy that allows arbitrary method calls on objects available in the template context. An authenticated user with...

6.8CVSS5.7AI score0.00389EPSS
Exploits1References6
AstraLinux
AstraLinux
added 2026/01/13 2:1 p.m.3 views

Astra Linux – Vulnerability in binutils

A vulnerability was identified in GNU Binutils 2.45. The function getlinkhashentry in the bfd/elflink.c file of the Linker component is affected by this vulnerability. This manipulation causes an out-of-bounds read. The attack can only be executed locally. The exploit has been publicly disclosed...

5.5CVSS5.3AI score0.00189EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2026/01/12 9:21 p.m.9 views

binutils: GNU Binutils Linker heap-based overflow

A head based buffer overflow flaw has been discovered in GNU bin utilities. The affected element is the function elfswapshdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally...

7.8CVSS6.4AI score0.00235EPSS
Exploits1References12
UbuntuCve
UbuntuCve
added 2026/01/12 4:16 p.m.4 views

CVE-2025-71063

Errands before 46.2.10 does not verify TLS certificates for CalDAV servers...

8.2CVSS5.8AI score0.00135EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/09 8:57 a.m.5 views

CVE-2023-31133

Ghost is an app for new-media creators with tools to build a website, publish content, send newsletters, and offer paid subscriptions to members. Prior to version 5.46.1, due to a lack of validation when filtering on the public API endpoints, it is possible to reveal private fields via a brute...

7.5CVSS6.7AI score0.45713EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/01/08 1:27 p.m.12 views

binutils: GNU Binutils Linker heap-based overflow

A head based buffer overflow flaw has been discovered in GNU bin utilities. The affected element is the function elfswapshdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally...

7.8CVSS6.4AI score0.00235EPSS
Exploits1References12
Rows per page
Query Builder