Lucene search
+L

29 matches found

osv
osv
added 2 days ago2 views

OPENSUSE-SU-2026:21339-1 Security update for python-mistune

This update for python-mistune fixes the following issues - CVE-2026-59922: quadratic-time parsing on long runs of some markers in formatting.py can lead to DoS bsc1271117. - CVE-2026-59923: HTMLRenderer.safeurl does not block percent-encoded javascript URIs and allows for XSS bsc1271119. -...

7.5CVSS6.3AI score0.00366EPSS
Exploits8References19
nvd
nvd
added 2026/07/08 5:17 p.m.10 views

CVE-2026-59930

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the toc plugin and TableOfContents directive generate heading IDs as predictable tocN values without slugifying the heading text, allowing attacker-controlled id="tocN" content to collide with generated anchors and...

4.3CVSS0.00128EPSS
Exploits1References3
redhatcve
redhatcve
added 2026/06/05 7:46 p.m.10 views

CVE-2026-42526

In the AWS Secrets Manager and SSM Parameter Store secrets backends of apache-airflow-providers-amazon prior to 9.28.0, the team-scoping logic could resolve a connid containing a / e.g. "myteam/conn" to the same path as another team's team-scoped secret when the caller had no team context. A...

5.3CVSS5.4AI score0.00413EPSS
Exploits0References1
nvd
nvd
added 2026/05/19 8:16 p.m.19 views

CVE-2026-42526

In the AWS Secrets Manager and SSM Parameter Store secrets backends of apache-airflow-providers-amazon prior to 9.28.0, the team-scoping logic could resolve a connid containing a / e.g. "myteam/conn" to the same path as another team's team-scoped secret when the caller had no team context. A...

5.3CVSS0.00413EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/05/19 7:17 p.m.9 views

CVE-2026-42526

In the AWS Secrets Manager and SSM Parameter Store secrets backends of apache-airflow-providers-amazon prior to 9.28.0, the team-scoping logic could resolve a connid containing a / e.g. "myteam/conn" to the same path as another team's team-scoped secret when the caller had no team context. A...

5.3CVSS5.8AI score0.00413EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/05/19 12:0 a.m.13 views

PT-2026-42004

Name of the Vulnerable Software and Affected Versions apache-airflow-providers-amazon versions prior to 9.28.0 Description In the AWS Secrets Manager and SSM Parameter Store secrets backends, the team-scoping logic could resolve a conn id containing a / for example, "my team/conn" to the same pat...

5.3CVSS5.8AI score0.00413EPSS
Exploits0References10
github
github
added 2026/04/08 7:57 p.m.13 views

Laravel Passport: TokenGuard Authenticates Unrelated User for Client Credentials Tokens

Impact Authentication Bypass for clientcredentials tokens. the league/oauth2-server library sets the JWT sub claim to the client identifier since there's no user. The token guard then passes this value to retrieveById without validating it's actually a user identifier, potentially resolving an...

7.1CVSS5.8AI score0.00289EPSS
Exploits1References7Affected Software1
cvelist
cvelist
added 2026/02/10 6:5 p.m.29 views

CVE-2026-25612 Internal ResourceId collision may affect unrelated collections

The internal locking mechanism of the MongoDB server uses an internal encoding of the resources in order to choose what lock to take. Collections may inadvertently collide with one another in this representation causing unavailability between them due to conflicting locks...

7.1CVSS0.00199EPSS
Exploits0References2
redhatcve
redhatcve
added 2025/12/12 6:12 p.m.5 views

CVE-2025-14046

An improper neutralization of input vulnerability was identified in GitHub Enterprise Server that allowed user-supplied HTML to inject DOM elements with IDs that collided with server-initialized data islands. These collisions could overwrite or shadow critical application state objects used by...

8.6CVSS6.5AI score0.00326EPSS
Exploits0References1
euvd
euvd
added 2025/12/11 5:52 p.m.6 views

EUVD-2025-202752

An improper neutralization of input vulnerability was identified in GitHub Enterprise Server that allowed user-supplied HTML to inject DOM elements with IDs that collided with server-initialized data islands. These collisions could overwrite or shadow critical application state objects used by...

8.6CVSS5.9AI score0.00326EPSS
Exploits0References6
osv
osv
added 2025/11/27 8:16 p.m.4 views

OPENSUSE-SU-2025:20114-1 Security update for himmelblau

This update for himmelblau fixes the following issues: - Update to version 0.9.23+git.0.9776141: CVE-2025-59044: Fixed GID collision of same-name groups allowing privilege escalation bsc1250687 depsrust: bump the all-cargo-updates group CVE-2025-58160: tracing-subscriber: Fixed log pollution...

4.4CVSS6.1AI score0.00303EPSS
Exploits0References4
euvd
euvd
added 2025/10/07 12:30 a.m.9 views

EUVD-2015-3758

Malware in sbrugna...

4.3CVSS8.6AI score0.01683EPSS
Exploits0References5
euvd
euvd
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-2934

Malicious code in bioql PyPI...

7.5CVSS7.1AI score0.0028EPSS
Exploits1References4
euvd
euvd
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-23481

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00439EPSS
Exploits0References1
nvd
nvd
added 2025/09/09 11:15 p.m.8 views

CVE-2025-59044

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Himmelblau 0.9.x derives numeric GIDs for Entra ID groups from the group display name when himmelblau.conf idattrmap = name the default configuration. Because Microsoft Entra ID allows multiple groups with the same...

4.4CVSS0.00132EPSS
Exploits0References3
susecve
susecve
added 2025/08/30 11:21 p.m.5 views

SUSE CVE-2025-38677

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid out-of-boundary access in dnode page As Jiaming Zhang reported: dumpstack lib/dumpstack.c:94 inline dumpstacklvl+0x1c1/0x2a0 lib/dumpstack.c:120 printaddressdescription mm/kasan/report.c:378 inline...

7.1CVSS6.3AI score0.00151EPSS
Exploits0References3
susecve
susecve
added 2024/11/02 4:2 a.m.3 views

SUSE CVE-2024-9312

Authd, through version 0.3.6, did not sufficiently randomize user IDs to prevent collisions. A local attacker who can register user names could spoof another user's ID and gain their privileges...

6.4CVSS6.8AI score0.0028EPSS
Exploits1References6
nvd
nvd
added 2023/04/02 9:15 p.m.31 views

CVE-2023-1603

Permission bypass when importing or synchronizing entries in User vault in Devolutions Server 2022.3.13 and prior versions allows users with restricted rights to bypass entry permission via id collision...

6.5CVSS6.5AI score0.00618EPSS
Exploits0References1
osv
osv
added 2023/04/02 9:15 p.m.4 views

CVE-2023-1603

Permission bypass when importing or synchronizing entries in User vault in Devolutions Server 2022.3.13 and prior versions allows users with restricted rights to bypass entry permission via id collision...

6.5CVSS6.6AI score0.00618EPSS
Exploits0References1
prion
prion
added 2023/04/02 9:15 p.m.16 views

Authentication flaw

Permission bypass when importing or synchronizing entries in User vault in Devolutions Server 2022.3.13 and prior versions allows users with restricted rights to bypass entry permission via id collision...

4CVSS6.4AI score0.00618EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder