Lucene search
K

19092 matches found

OSV
OSV
added yesterday3 views

GHSA-CWV4-H3J5-W3CF rama has Stored XSS in ServeDir HTML directory listing via unescaped file names and URI path

Resolved: https://github.com/plabayo/rama/commit/89ddff578fd78bbebec99482d7030f28c07757a3 Summary plabayo/rama contains a stored/reflected cross-site scripting issue in the ServeDir HTML directory listing feature. When ServeDir is configured with DirectoryServeMode::HtmlFileList, file names and U...

3.7CVSS6.5AI score
Exploits0References3
Github Security Blog
Github Security Blog
added yesterday5 views

rama has Stored XSS in ServeDir HTML directory listing via unescaped file names and URI path

Resolved: https://github.com/plabayo/rama/commit/89ddff578fd78bbebec99482d7030f28c07757a3 Summary plabayo/rama contains a stored/reflected cross-site scripting issue in the ServeDir HTML directory listing feature. When ServeDir is configured with DirectoryServeMode::HtmlFileList, file names and U...

6.5AI score
Exploits0References3Affected Software1
OSV
OSV
added yesterday3 views

GHSA-PW9M-5JXM-XR6H Better Auth: OAuth refresh-token replay via missing client authentication on oidc-provider and mcp plugins

Am I affected? Users are affected if all of the following are true: - Their application uses better-auth and has enabled at least one of: oidcProvider imported from better-auth/plugins/oidc-provider, or mcp imported from better-auth/plugins/mcp. - Their application has at least one confidential...

9.1CVSS6.1AI score0.00013EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added yesterday3 views

Better Auth: OAuth refresh-token replay via missing client authentication on oidc-provider and mcp plugins

Am I affected? Users are affected if all of the following are true: - Their application uses better-auth and has enabled at least one of: oidcProvider imported from better-auth/plugins/oidc-provider, or mcp imported from better-auth/plugins/mcp. - Their application has at least one confidential...

6.1AI score0.00013EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added yesterday4 views

uutils coreutils: cp/install/mv/ln --suffix alone does not enable backup mode (silent data loss vs GNU)

determinebackupmode in src/uucore/src/lib/features/backupcontrol.rs only checks --backup/-b and returns BackupMode::None when only --suffix is given. GNU enables backup mode when --suffix is used alone defaulting to existing/numbered, or $VERSIONCONTROL. Affects cp, install, mv, ln which share th...

6AI score
Exploits0References3Affected Software1
OSV
OSV
added yesterday3 views

GHSA-FQF6-GXHH-2XHW uutils coreutils: cp/install/mv/ln --suffix alone does not enable backup mode (silent data loss vs GNU)

determinebackupmode in src/uucore/src/lib/features/backupcontrol.rs only checks --backup/-b and returns BackupMode::None when only --suffix is given. GNU enables backup mode when --suffix is used alone defaulting to existing/numbered, or $VERSIONCONTROL. Affects cp, install, mv, ln which share th...

7CVSS6AI score
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added yesterday3 views

Security Bulletin: Multiple Vulnerabilities in IBM API Connect

Summary Multiple vulnerabilities were addressed in IBM API Connect version v12.1.1.0 Vulnerability Details CVEID:CVE-2016-1000027 DESCRIPTION: Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution RCE issue if used for Java deserialization of untrusted data...

9.8CVSS7.5AI score0.51547EPSS
Exploits7Affected Software1
Nuclei
Nuclei
added yesterday77 views

Red Hat JBoss Enterprise Application Platform - Sensitive Information Disclosure

Red Hat JBoss Enterprise Application Platform 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 is susceptible to sensitive information disclosure. A remote attacker can obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true...

5CVSS7.2AI score0.53728EPSS
Exploits9References5
OSV
OSV
added yesterday3 views

PYSEC-2026-1612 Synapse's invalid device keys degrade federation functionality

Impact Lack of validation for device keys in Synapse before 1.138.3 and in Synapse 1.139.0 allow an attacker registered on the victim homeserver to degrade federation functionality, unpredictably breaking outbound federation to other homeservers. Patches Patched in Synapse 1.138.3, 1.138.4,...

5.3CVSS5.9AI score0.00434EPSS
Exploits0References12
PyPA
PyPA
added yesterday3 views

Authlib is vulnerable to Denial of Service via Oversized JOSE Segments

SummaryAuthlib’s JOSE implementation accepts unbounded JWS/JWT header and signature segments. A remote attacker can craft a token whose base64url‑encoded header or signature spans hundreds of megabytes. During verification, Authlib decodes and parses the full input before it is rejected, driving...

7.5CVSS6.1AI score0.00596EPSS
Exploits1References7Affected Software1
PyPA
PyPA
added yesterday3 views

Synapse's invalid device keys degrade federation functionality

ImpactLack of validation for device keys in Synapse before 1.138.3 and in Synapse 1.139.0 allow an attacker registered on the victim homeserver to degrade federation functionality, unpredictably breaking outbound federation to other homeservers. PatchesPatched in Synapse 1.138.3, 1.138.4, 1.139.1...

5.3CVSS5.9AI score0.00434EPSS
Exploits0References12Affected Software1
OSV
OSV
added yesterday4 views

PYSEC-2026-1203 Authlib is vulnerable to Denial of Service via Oversized JOSE Segments

Summary Authlib’s JOSE implementation accepts unbounded JWS/JWT header and signature segments. A remote attacker can craft a token whose base64url‑encoded header or signature spans hundreds of megabytes. During verification, Authlib decodes and parses the full input before it is rejected, driving...

7.5CVSS7.2AI score0.00596EPSS
Exploits1References7
PyPA
PyPA
added yesterday2 views

xgrammar vulnerable to denial of service by huge enum grammar

SummaryProvided grammar, would fit in a context window of most of the models, but takes minutes to process in 0.1.23. In testing with 0.1.16 the parser worked fine so this seems to be a regression caused by Earley parser. DetailsFull reproducer provider in the POC section. The resulting grammar i...

7.5CVSS5.9AI score0.00495EPSS
Exploits1References6Affected Software1
OSV
OSV
added yesterday3 views

PYSEC-2026-2055 xgrammar vulnerable to denial of service by huge enum grammar

Summary Provided grammar, would fit in a context window of most of the models, but takes minutes to process in 0.1.23. In testing with 0.1.16 the parser worked fine so this seems to be a regression caused by Earley parser. Details Full reproducer provider in the POC section. The resulting grammar...

6.9CVSS5.9AI score0.00495EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added yesterday3 views

PT-2026-56297

Am I affected? Users are affected if all of the following are true: - Their application uses better-auth and has enabled at least one of: oidcProvider imported from better-auth/plugins/oidc-provider, or mcp imported from better-auth/plugins/mcp. - Their application has at least one confidential...

9.1CVSS6.1AI score0.00013EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-56151

Excelize is a library written in pure Go providing a set of functions that allow you to write to and read from XLAM / XLSM / XLSX / XLTM / XLTX files. Supports reading and writing spreadsheet documents generated by Microsoft Excel™ 2007 and later. Supports complex components by high compatibility...

6AI score0.0007EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-56159

Excelize is a library written in pure Go providing a set of functions that allow you to write to and read from XLAM / XLSM / XLSX / XLTM / XLTX files. Supports reading and writing spreadsheet documents generated by Microsoft Excel™ 2007 and later. Supports complex components by high compatibility...

6AI score0.0007EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added yesterday3 views

Linux Distros Unpatched Vulnerability : CVE-2026-58403

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Hugo is a static site generator. From v0.123.0 through v0.163.0, Hugo's virtual filesystem is designed so that files under a mount cannot reach outside the moun...

6.5CVSS6AI score0.00371EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added yesterday2 views

Linux Distros Unpatched Vulnerability : CVE-2026-50135

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Hugo is a static site generator. From 0.123.0 to 0.161.1, a regression made RootMappingFs.statRoot use Stat follows symlinks instead of Lstat , so a direct...

6.9CVSS6AI score0.00359EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday8 views

PT-2026-56158

Excelize is a library written in pure Go providing a set of functions that allow you to write to and read from XLAM / XLSM / XLSX / XLTM / XLTX files. Supports reading and writing spreadsheet documents generated by Microsoft Excel™ 2007 and later. Supports complex components by high compatibility...

6AI score0.0007EPSS
Exploits0References2
Rows per page
Query Builder