Lucene search
+L

2938 matches found

OSV
OSV
added 2026/05/18 5:47 p.m.5 views

GHSA-363W-HVWH-W7M6 Budibase: CouchDB Reduce Injection via Unsanitized Calculation Parameter in V1 Views API

Security Advisory: CouchDB Reduce Injection via Unsanitized Calculation Parameter in V1 Views API Affected Software: Budibase Affected Component: packages/server/src/api/controllers/view/viewBuilder.ts, packages/server/src/api/routes/view.ts CWE: CWE-94 Improper Control of Generation of Code...

6.5CVSS6AI score0.00263EPSS
Exploits0References4
OSV
OSV
added 2026/05/18 6:9 a.m.16 views

BIT-GITLAB-2026-1184 Deserialization of Untrusted Data in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 11.9 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to cause denial of service by uploading a specially crafted file due to improper validation...

7.5CVSS5.8AI score0.00331EPSS
Exploits0References4
Veracode
Veracode
added 2026/05/16 5:24 a.m.8 views

Server-Side Request Forgery (SSRF)

github.com/apache/skywalking-mcp is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper validation of the SW-URL header, which allows an attacker to supply arbitrary URLs and force the server to send requests to unintended internal or external resources...

7.1CVSS6AI score0.00346EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/05/15 9:11 a.m.7 views

BIT-GITLAB-2026-7471 Server-Side Request Forgery (SSRF) in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 18.8 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with control of a virtual registry upstream to make requests to internal hosts due to improper validation...

3.5CVSS5.8AI score0.00171EPSS
Exploits0References3
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2026/05/15 12:0 a.m.6 views

[20260708] - Core - XSS through language overrides

Improper validation leads to a generic XSS vector in the language override feature...

8.4CVSS5.9AI score0.00147EPSS
Exploits0Affected Software1
Snyk
Snyk
added 2026/05/14 9:25 p.m.8 views

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation due to improper validation of JWT aud and iss claims in the Windows MDM authentication flow. An attacker can enroll unauthorized devices by presenting a valid Microsoft-signed Azure AD token from any tenant. This is...

8.2CVSS5.5AI score0.00381EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/05/14 6:16 a.m.11 views

CVE-2026-1184

GitLab has remediated an issue in GitLab EE affecting all versions from 11.9 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to cause denial of service by uploading a specially crafted file due to improper validation...

7.5CVSS5.8AI score0.00331EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/14 5:37 a.m.5 views

CVE-2026-1184

GitLab has remediated an issue in GitLab EE affecting all versions from 11.9 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to cause denial of service by uploading a specially crafted file due to improper validation...

6.5CVSS5.8AI score0.00331EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.11 views

GitLab 代码问题漏洞

GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD continuous integration and delivery. There were code-related vulnerabilities in versions prior to GitLab EE...

3.5CVSS5.9AI score0.00171EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.11 views

GitLab 代码问题漏洞

GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD continuous integration and delivery. There were code-related vulnerabilities in versions of GitLab EE betwee...

7.5CVSS5.9AI score0.00331EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/12 5:22 p.m.10 views

Improper Validation of Syntactic Correctness of Input

Overview org.apache.tomcat:tomcat-coyote is a Tomcat Connectors and HTTP parser. Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input in the processing of HTTP/2 request headers. An attacker can cause unexpected behavior or potentially compromi...

9.8CVSS5.8AI score0.01339EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.19 views

PT-2026-40456

Name of the Vulnerable Software and Affected Versions Advanced Custom Fields: Extended versions prior to 0.9.2.4 Description The Advanced Custom Fields: Extended plugin for WordPress allows unauthenticated attackers to execute arbitrary shortcodes. This occurs because the software fails to proper...

6.5CVSS6.1AI score0.00381EPSS
Exploits0References6
Snyk
Snyk
added 2026/05/11 2:53 p.m.8 views

Improper Validation of Specified Quantity in Input

Overview oxidize-pdf is a Python bindings for oxidize-pdf — generate, parse, split, merge, and manipulate PDF files Affected versions of this package are vulnerable to Improper Validation of Specified Quantity in Input via the emission of non-finite color values in the content stream. An attacker...

5.3CVSS5.8AI score
Exploits0References2
EUVD
EUVD
added 2026/05/05 9:31 a.m.13 views

EUVD-2026-27237

Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...

5.8AI score0.00632EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/01 7:33 p.m.6 views

CVE-2026-31696

A flaw was found in the Linux kernel's rxrpc component. An unprivileged user can exploit this by providing an excessively large ticket length during key preparsing. This improper validation leads to an oversized token calculation when the key is subsequently read, triggering a system warning and...

7.8CVSS5.8AI score0.00129EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/29 8:44 p.m.9 views

Improper Validation of Array Index

Overview Affected versions of this package are vulnerable to Improper Validation of Array Index in the UpdatePathAttrs4ByteAs function when processing malformed BGP UPDATE messages containing both ASPATH and AS4PATH attributes. An attacker can cause the process to crash by sending a specially...

8.7CVSS5.8AI score0.00503EPSS
Exploits1References2
NVD
NVD
added 2026/04/28 10:16 a.m.6 views

CVE-2026-41603

Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...

8.2CVSS0.00571EPSS
Exploits0References12
Snyk
Snyk
added 2026/04/24 2:31 a.m.2 views

Improper Validation of Array Index

Overview Affected versions of this package are vulnerable to Improper Validation of Array Index in the podGCFromPod function when parsing the workflows.argoproj.io/pod-gc-strategy annotation. An attacker can cause the controller process to crash and enter a persistent crash loop by creating a...

8.3CVSS5.5AI score0.00377EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/04/24 12:0 a.m.5 views

Mattermost Server 10.11.x < 10.11.13 Improper Validation (MMSA-2026-00603)

The version of Mattermost Server installed on the remote host is affected by a vulnerability as referenced in the MMSA-2026-00603 advisory. - Mattermost versions 10.11.x prior to 10.11.13 fail to validate whether users were correctly owned by the correct Connected Workspace which allows a malicio...

2.7CVSS5.6AI score0.00167EPSS
Exploits0References2
OSV
OSV
added 2026/04/22 10:9 a.m.3 views

SUSE-SU-2026:21272-1 Security update for ignition

This update for ignition fixes the following issue: - CVE-2026-33186: Fixed an authorization bypass due to improper validation of the HTTP/2: path pseudo-header bsc1260251...

9.1CVSS5.4AI score0.01557EPSS
Exploits1References3
Rows per page
Query Builder