Lucene search
K

569 matches found

EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42892

phpMyFAQ before 4.1.5 applies inconsistent active=yes and publication-date filtering across its public FAQ API endpoints, allowing unauthenticated attackers to retrieve inactive draft or review-only FAQ content. Specifically, GET /api/v3.1/faq/categoryId/faqId returns the inactive FAQ title and...

6.9CVSS6.1AI score0.00214EPSS
Exploits0References2
NVD
NVD
added 2026/07/08 9:16 a.m.12 views

CVE-2026-57243

During the process of page opening and form formatting, a JavaScript reentrancy results in an inconsistent document status. Subsequently, with outdated page information, the application attempts to access invalid addresses, causing the application to crash...

6.1CVSS0.00107EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/07/02 12:3 a.m.4 views

DOMPurify: DOMPurify: Cross-Site Scripting (XSS) via inconsistent tag sanitization

A flaw was found in DOMPurify, a DOM-only cross-site scripting sanitizer. A remote attacker could exploit an inconsistency in how forbidden tags and attributes are handled when function-based tag additions are used. This allows malicious HTML, MathML, or SVG elements to bypass sanitization and...

6.1CVSS7.4AI score0.00313EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2026/07/01 7:52 p.m.7 views

CVE-2026-53353

A flaw was found in the Linux kernel's High-availability Seamless Redundancy HSR module. An incorrect assumption in the hsraddrisself function regarding the selfnode during device unregistration could lead to unexpected system behavior. This occurs because the selfnode is cleared before the devic...

5.5CVSS5.8AI score0.00156EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/07/01 11:9 a.m.6 views

DOMPurify: DOMPurify: Cross-Site Scripting (XSS) via inconsistent tag sanitization

A flaw was found in DOMPurify, a DOM-only cross-site scripting sanitizer. A remote attacker could exploit an inconsistency in how forbidden tags and attributes are handled when function-based tag additions are used. This allows malicious HTML, MathML, or SVG elements to bypass sanitization and...

6.1CVSS7.5AI score0.00313EPSS
Exploits1References7
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.7 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: fs: ntfs3: fixed an infinite loop in attrloadrunsrange when there are inconsistencies in metadata. We have identified a bug in the ntfs3 file system where a malformed NTFS image can cause an infinite loop. This occurs when an...

5.5CVSS5.7AI score0.00118EPSS
Exploits0References2
OSV
OSV
added 2026/06/16 9:35 p.m.3 views

CVE-2026-2604 Evolution-data-server: evolution data server: arbitrary file deletion via inconsistent uri handling

A flaw was found in evolution-data-server. Inconsistent comparison logic in the addressbook file backend allows a Flatpak application with D-Bus access to craft a malicious URI containing directory traversal sequences. This URI is stored without proper validation during contact creation or...

5.6CVSS6AI score0.00189EPSS
Exploits0References8
OSV
OSV
added 2026/06/09 11:44 p.m.2 views

CVE-2026-44505 Nimiq network-libp2p: Untrusted peer can wedge DHT

Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. network-libp2p handles kad get-record query progress in handledhtget network-libp2p/src/swarm.rs. Prior to version 1.4.0, when a peer returns a FoundRecord, the code verifies the record...

5.3CVSS5.9AI score0.00297EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.17 views

PT-2026-48330

Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. network-libp2p handles kad get-record query progress in handle dht get network-libp2p/src/swarm.rs. Prior to version 1.4.0, when a peer returns a FoundRecord, the code verifies the reco...

5.3CVSS5.5AI score0.00297EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.9 views

CVE-2025-46311

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2. An app may be able to access sensitive user data...

7.5CVSS5.4AI score0.00231EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:46 p.m.10 views

CVE-2026-28964

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 26.5 and iPadOS 26.5, visionOS 26.5. An app may be able to access sensitive user data...

7.5CVSS5.4AI score0.00325EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.11 views

CVE-2026-42285

A flaw was found in GoBGP 4.4.0. A crafted BGP UPDATE with inconsistent attribute lengths mishandles the withdraw state transition in AdjRib.Update, causing a nil pointer dereference and full process crash. Fixed in GoBGP 4.5.0. Mitigation Upgrade to GoBGP 4.5.0 or later...

7.5CVSS5.9AI score0.00418EPSS
Exploits1References5
NVD
NVD
added 2026/06/03 7:16 p.m.17 views

CVE-2026-8874

Version 3.0.7 of the Securly Chrome Extension downloads JSON files containing crisis alert keywords and filtering rules over unencrypted HTTP via the Fetch API. Other endpoints in the same extension correctly fetch IWF and CIPA data over HTTPS, demonstrating an inconsistent implementation of TLS...

7.1CVSS0.00138EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/03 6:3 p.m.34 views

CVE-2026-8874 CVE-2026-8874

Version 3.0.7 of the Securly Chrome Extension downloads JSON files containing crisis alert keywords and filtering rules over unencrypted HTTP via the Fetch API. Other endpoints in the same extension correctly fetch IWF and CIPA data over HTTPS, demonstrating an inconsistent implementation of TLS...

0.00138EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/28 3:0 a.m.10 views

CVE-2026-45894

A flaw was found in the Linux kernel's Intel VT-d Virtualization Technology for Directed I/O Scalable Mode. When a Process Address Space ID PASID table entry is being removed, the system may attempt to clear the entry before properly signaling to the hardware that the entry is no longer active...

7.8CVSS5.8AI score0.00149EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.12 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from data competition within the ADDADDR retransmission timer in mptcp pm, potentially leading to...

9.8CVSS5.8AI score0.00426EPSS
Exploits0References5
OSV
OSV
added 2026/05/27 2:54 p.m.2 views

CVE-2026-45022 go-git: Improper parsing of specially crafted objects may lead to inconsistent interpretation compared to upstream Git

go-git is an extensible git implementation library written in pure Go. Prior to 5.19.0 and 6.0.0-alpha.3, go-git may parse malformed Git objects in a way that differs from upstream Git. When commit or tag objects contain ambiguous or malformed headers, go-git’s decoded representation may expose...

7CVSS5.9AI score0.00159EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/27 12:57 p.m.45 views

CVE-2026-46064 ibmasm: fix heap over-read in ibmasm_send_i2o_message()

In the Linux kernel, the following vulnerability has been resolved: ibmasm: fix heap over-read in ibmasmsendi2omessage The ibmasmsendi2omessage function uses getdotcommandsize to compute the byte count for memcpytoio, but this value is derived from user-controlled fields in the dotcommandheader...

0.00126EPSS
Exploits0References8
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: rejecting new basechains after table flag updates When the “dormant” flag is toggled, hooks are disabled during the commit phase by iterating over existing and new chains in the table. The following...

5.5CVSS6.4AI score0.00226EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.10 views

NLnet Labs Unbound 安全漏洞

NLnet Labs Unbound is a high-performance DNS resolver open-sourced by NLnet Labs. Versions of NLnet Labs Unbound from 1.14.0 to 1.25.0 contain security vulnerabilities. These vulnerabilities stem from inconsistent locking mechanisms, and under certain conditions, they may lead to heap reclamation...

8.2CVSS5.8AI score0.00255EPSS
Exploits0References2
Rows per page
Query Builder