Lucene search
+L

40 matches found

OSV
OSV
added 4 days ago7 views

CVE-2026-41580 Stirling-PDF: Reflected XSS through crafted PDF metadata fields (Title and Author)

Stirling-PDF is a locally hosted web application that facilitates various operations on PDF files. Prior to 2.0.0, Stirling-PDF's /get-info-on-pdf endpoint rendered PDF Title and Author metadata fields without proper HTML encoding or sanitization, allowing a crafted PDF to execute...

6.1CVSS6.2AI score0.00188EPSS
Exploits0References4
OSV
OSV
added 2026/07/06 11:10 p.m.4 views

CVE-2026-53647 FOSSBilling vulnerable to unauthenticated API key configuration disclosure via guest Serviceapikey get_info endpoint

FOSSBilling is a free, open-source billing and client management system. In versions 0.5.3 through 0.7.2, the Guest serviceapikey/getinfo API endpoint is accessible without authentication. Any caller with a valid API key can retrieve all custom configuration parameters custom fields stored in the...

6.9CVSS5.9AI score0.0042EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-53203

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - accel/ivpu: Add buffer overflow check in MS getinfoioctl Add validation that the info size returned from the metric stream info query is not exceeded when check...

7.1CVSS6.2AI score0.00153EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/26 2:10 a.m.7 views

SUSE CVE-2026-53203

In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Add buffer overflow check in MS getinfoioctl Add validation that the info size returned from the metric stream info query is not exceeded when checked against the allocated buffer size. If the firmware returns a size...

7.1CVSS6AI score0.00153EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/10/07 12:0 a.m.2 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987369)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987369 advisory. In the Linux kernel, the following vulnerability has been resolved: Input: elantech - fix stack out of bound access in elantechchangereportid The array param in...

7.1CVSS6AI score0.00413EPSS
Exploits1References4
CVE
CVE
added 2025/09/18 1:33 p.m.32 views

CVE-2023-53399

CVE-2023-53399 affects the Linux kernel’s ksmbd component, specifically a NULL pointer dereference in smb2_get_info_filesystem(). The issue occurs when share is present but share->path is NULL, which can trigger a crash. The connected sources consistently describe the vulnerability as resolved...

5.5CVSS6.2AI score0.00135EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/06/24 2:52 p.m.3 views

SUSE-SU-2025:20436-1 Security update for kernel-livepatch-MICRO-6-0_Update_2

This update for kernel-livepatch-MICRO-6-0Update2 fixes the following issues: - CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inetcreate bsc1235231 - CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when resizing bsc1233708 - CVE-2024-50301: security/keys:...

7.8CVSS6.7AI score0.00274EPSS
Exploits0References23
OSV
OSV
added 2025/06/23 3:27 p.m.5 views

SUSE-SU-2025:20450-1 Security update for kernel-livepatch-MICRO-6-0-RT_Update_2

This update for kernel-livepatch-MICRO-6-0-RTUpdate2 fixes the following issues: - CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inetcreate bsc1235231 - CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when resizing bsc1233708 - CVE-2024-50301:...

7.8CVSS6.7AI score0.00274EPSS
Exploits0References23
SUSE CVE
SUSE CVE
added 2025/05/03 2:51 a.m.5 views

SUSE CVE-2023-53035

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix kernel-infoleak in nilfsioctlwrapcopy The ioctl helper function nilfsioctlwrapcopy, which exchanges a metadata array to/from user space, may copy uninitialized buffer regions to user space memory for read-only ioctl...

5.5CVSS6.6AI score0.00191EPSS
Exploits0References9
Microsoft CVE
Microsoft CVE
added 2024/12/12 8:0 a.m.5 views

netfilter: Fix use-after-free in get_info()

...

7.8CVSS7.2AI score0.00257EPSS
Exploits0
OSV
OSV
added 2024/11/09 11:15 a.m.7 views

AZL-53304 CVE-2024-50257 affecting package kernel for versions less than 6.6.64.2-1

In the Linux kernel, the following vulnerability has been resolved: netfilter: Fix use-after-free in getinfo ip6tablenat module unload has refcnt warning for UAF. call trace is: WARNING: CPU: 1 PID: 379 at kernel/module/main.c:853 moduleput+0x6f/0x80 Modules linked in: ip6tablenat- CPU: 1 UID: 0...

7.8CVSS7AI score0.00257EPSS
Exploits0References1
OSV
OSV
added 2024/11/09 11:15 a.m.0 views

DEBIAN-CVE-2024-50257

In the Linux kernel, the following vulnerability has been resolved: netfilter: Fix use-after-free in getinfo ip6tablenat module unload has refcnt warning for UAF. call trace is: WARNING: CPU: 1 PID: 379 at kernel/module/main.c:853 moduleput+0x6f/0x80 Modules linked in: ip6tablenat- CPU: 1 UID: 0...

7.8CVSS6.5AI score0.00257EPSS
Exploits0References1
OSV
OSV
added 2024/11/09 11:15 a.m.7 views

UBUNTU-CVE-2024-50257

In the Linux kernel, the following vulnerability has been resolved: netfilter: Fix use-after-free in getinfo ip6tablenat module unload has refcnt warning for UAF. call trace is: WARNING: CPU: 1 PID: 379 at kernel/module/main.c:853 moduleput+0x6f/0x80 Modules linked in: ip6tablenat- CPU: 1 UID: 0...

7.8CVSS6.6AI score0.00257EPSS
Exploits0References34
Vulnrichment
Vulnrichment
added 2024/09/16 12:0 a.m.21 views

CVE-2024-46937

An improper access control IDOR vulnerability in the /api-selfportal/get-info-token-properties endpoint in MFASOFT Secure Authentication Server SAS 1.8.x through 1.9.x before 1.9.040924 allows remote attackers gain access to user tokens without authentication. The is a brute-force attack on the...

7.1AI score0.00495EPSS
Exploits0References2
OSV
OSV
added 2024/03/04 6:15 p.m.5 views

UBUNTU-CVE-2021-47097

In the Linux kernel, the following vulnerability has been resolved: Input: elantech - fix stack out of bound access in elantechchangereportid The array param in elantechchangereportid must be at least 3 bytes, because elantechreadregparams is calling ps2command with PSMOUSECMDGETINFO, that is goi...

7.1CVSS6.2AI score0.00413EPSS
Exploits1References7
CNNVD
CNNVD
added 2023/01/16 12:0 a.m.4 views

NethServer nethserver-phonenehome SQL注入漏洞

nethserver-phonenehome is an open source application for NethServer. It is used to track all NethServer installations worldwide. NethServer nethserver-phonenehome suffers from a SQL injection vulnerability that originates from a security issue in the function getinfo/getcountrycoor in the file...

9.8CVSS6.6AI score0.00667EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/01/16 12:0 a.m.5 views

PT-2023-12417 · Unknown · Nethserver

Name of the Vulnerable Software and Affected Versions: NethServer phonenehome affected versions not specified Description: A critical issue affects the function get info/get country coor of the file server/index.php, leading to sql injection. Recommendations: Apply a patch to fix this issue. As a...

9.8CVSS6.2AI score0.00667EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2022/08/17 12:0 a.m.42 views

Debian DSA-5211-1 : wpewebkit - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5211 advisory. - An out-of-bounds write issue was addressed with improved input validation. CVE-2022-32792 - The issue was addressed with improved UI handling. CVE-2022-32816 No...

8.8CVSS7.7AI score0.06463EPSS
Exploits0References7
OSV
OSV
added 2022/04/11 8:15 p.m.7 views

CVE-2022-27571

Heap-based buffer overflow vulnerability in sheifdgetinfoimage function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker...

9.8CVSS7.9AI score0.01306EPSS
Exploits0References1
OSV
OSV
added 2021/08/13 2:15 p.m.5 views

AZL-6574 CVE-2021-3573 affecting package kernel for versions less than 5.10.78.1-1

A use-after-free in function hcisockboundioctl of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hciunregisterdev together with one of the calls hcisockblacklistadd, hcisockblacklistdel, hcigetconninfo,...

6.4CVSS6.6AI score0.0037EPSS
Exploits1References1
Rows per page
Query Builder