Lucene search
K

103198 matches found

OpenVAS
OpenVAS
added 2026/03/30 12:0 a.m.8 views

Fedora: Security Advisory (FEDORA-2026-c5273647fa)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

3.7CVSS5.9AI score0.00187EPSS
Exploits0References3
CVE
CVE
added 2026/03/29 5:51 p.m.18 views

CVE-2026-0560

Summary of the vulnerability (CVE-2026-0560): In parisneo/lollms

7.5CVSS7.4AI score0.01765EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/29 1:15 a.m.4 views

CVE-2026-5021

A flaw has been found in Tenda F453 1.0.0.3. This affects the function fromPPTPUserSetting of the file /goform/PPTPUserSetting of the component httpd. This manipulation of the argument delno causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been...

9CVSS6.1AI score0.00632EPSS
Exploits1References5Affected Software1
EUVD
EUVD
added 2026/03/28 9:33 p.m.8 views

EUVD-2026-16939

HTTP::Session versions through 0.53 for Perl defaults to using insecurely generated session ids. HTTP::Session defaults to using HTTP::Session::ID::SHA1 to generate session ids using a SHA-1 hash seeded with the built-in rand function, the high resolution epoch time, and the PID. The PID will com...

5.8AI score0.0053EPSS
Exploits0References5
NVD
NVD
added 2026/03/28 7:16 p.m.6 views

CVE-2026-3256

HTTP::Session versions before 0.54 for Perl defaults to using insecurely generated session ids. HTTP::Session defaults to using HTTP::Session::ID::SHA1 to generate session ids using a SHA-1 hash seeded with the built-in rand function, the high resolution epoch time, and the PID. The PID will come...

9.8CVSS0.0053EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/28 11:58 a.m.3 views

CVE-2018-25221 EChat Server 3.1 Buffer Overflow via chat.ghp username Parameter

EChat Server 3.1 contains a buffer overflow vulnerability in the chat.ghp endpoint that allows remote attackers to execute arbitrary code by supplying an oversized username parameter. Attackers can send a GET request to chat.ghp with a malicious username value containing shellcode and ROP gadgets...

9.8CVSS6.8AI score0.00822EPSS
Exploits1References2
Veracode
Veracode
added 2026/03/28 5:23 a.m.8 views

Environment Variable Leak

changedetection.io is vulnerable to Environment Variable Leak. The vulnerability is due to the use of the jq env builtin in include filter expressions, where an authenticated user can leak sensitive environment variables including SALTEDPASS, PLAYWRIGHTDRIVERURL, HTTPPROXY, and any secrets passed...

8.3CVSS5.7AI score0.00475EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/28 12:0 a.m.6 views

PT-2026-28439

Name of the Vulnerable Software and Affected Versions HTTP::Session versions through 0.53 Description HTTP::Session for Perl, by default, uses insecurely generated session IDs. The software utilizes HTTP::Session::ID::SHA1 to create session IDs, employing a SHA-1 hash seeded with the built-in ran...

9.8CVSS5.8AI score0.0053EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2026/03/28 12:0 a.m.5 views

Fedora 43 : mongo-c-driver (2026-cc129df978)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-cc129df978 advisory. - Fix handling in HTTP response parser CVE-2026-4359 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...

3.7CVSS6AI score0.00187EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/03/28 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-33658

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1 Active Storage's proxy...

6.5CVSS5.8AI score0.00434EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/03/28 12:0 a.m.8 views

Fedora 42 : mongo-c-driver (2026-c5273647fa)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-c5273647fa advisory. - Fix handling in HTTP response parser CVE-2026-4359 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...

3.7CVSS6AI score0.00187EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/03/28 12:0 a.m.3 views

Fedora 44 : mongo-c-driver (2026-508009213f)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-508009213f advisory. - Fix handling in HTTP response parser CVE-2026-4359 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...

3.7CVSS6AI score0.00187EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/03/28 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2026-33871

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, a remote user can trigger a Denial of...

8.7CVSS6.8AI score0.01125EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/03/28 12:0 a.m.4 views

SUSE SLES15 / openSUSE 15 Security Update : python312 (SUSE-SU-2026:1107-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1107-1 advisory. Update to Python 3.12.13: - CVE-2025-6075: quadratic complexity in os.path.expandvars bsc1252974. - CVE-2025-11468:...

7.5CVSS7AI score0.01525EPSS
Exploits0References31
OSV
OSV
added 2026/03/27 10:30 p.m.1 views

GHSA-QM2M-28PF-HGJW OpenClaw: Gateway Plugin HTTP Auth Grants Unrestricted operator.admin Runtime Scope to All Callers

Summary Gateway Plugin HTTP auth: "gateway" Mints operator.admin Runtime Scope Affected Packages / Versions - Package: openclaw - Affected versions: = 2026.3.24 - First patched version: 2026.3.25 - Latest published npm version at verification time: 2026.3.24 Details Gateway-authenticated plugin...

8.6CVSS5.9AI score0.00298EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/27 10:1 p.m.20 views

CVE-2026-33981 Changedetection.io Discloses Environment Variables via jq env Builtin in Include Filters

changedetection.io is a free open source web page change detection tool. Prior to 0.54.7, the jq: and jqraw: include filter expressions allow use of the jq env builtin, which reads all process environment variables and stores them as the watch snapshot. An authenticated user or unauthenticated us...

8.3CVSS0.00475EPSS
Exploits1References3
CVE
CVE
added 2026/03/27 10:1 p.m.19 views

CVE-2026-33981

Technical details for CVE-2026-33981 are not publicly available in the provided documents. No affected products, impact, or remediation are identifiable here. Monitor for updates .

8.3CVSS5.9AI score0.00475EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/03/27 8:16 p.m.5 views

DEBIAN-CVE-2026-33871

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, a remote user can trigger a Denial of Service DoS against a Netty HTTP/2 server by sending a flood of CONTINUATION frames. The server's lack of a limit on the number of...

7.5CVSS8.4AI score0.01125EPSS
Exploits0References1
NVD
NVD
added 2026/03/27 8:16 p.m.4 views

CVE-2026-33870

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, Netty incorrectly parses quoted strings in HTTP/1.1 chunked transfer encoding extension values, enabling request smuggling attacks. Versions 4.1.132.Final and 4.2.10.Final fi...

7.5CVSS0.0064EPSS
Exploits1References22
NVD
NVD
added 2026/03/27 8:16 p.m.3 views

CVE-2026-33871

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, a remote user can trigger a Denial of Service DoS against a Netty HTTP/2 server by sending a flood of CONTINUATION frames. The server's lack of a limit on the number of...

8.7CVSS0.01125EPSS
Exploits0References19
Rows per page
Query Builder