Lucene search
K

72721 matches found

Snyk
Snyk
added 2026/03/27 7:18 a.m.2 views

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation in the doKey function of Neo4jVectorFilterExpressionConverter when a user-controlled string is embedded as a filter expression key without proper escaping of backticks. An attacker can access internal resources...

8.7CVSS5.9AI score0.0025EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/27 1:21 a.m.2 views

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation. An attacker can gain unauthorized access to resources by sending specially crafted requests that result in cache key collisions, causing the system to reuse cached authorization results for different requests...

9.8CVSS5.9AI score0.00241EPSS
Exploits0References2
Amazon
Amazon
added 2026/03/27 12:0 a.m.7 views

Important: tomcat10

Issue Overview: mproper Input Validation vulnerability. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0-M1 through 9.0.112. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through...

9.1CVSS6.9AI score0.00498EPSS
Exploits0
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.6 views

ocaml 输入验证错误漏洞

OCaml is an open-source functional programming language and its compiler developed by OCaml. Versions of ocaml 4.14.3 and earlier contained a vulnerability related to input validation errors. This vulnerability stemmed from integer overflows in Bigarray.reshape, which could lead to arbitrary memo...

5.9CVSS5.9AI score0.00114EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.8 views

Mastodon 输入验证错误漏洞

Mastodon is an open-source social networking server based on ActivityPub, developed by Mastodon. Versions of Mastodon prior to 4.5.8, 4.4.15, and 4.3.21 contained a vulnerability related to input validation errors. This vulnerability stemmed from improper handling of URL-encoded path segments in...

6.1CVSS5.8AI score0.00515EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.8 views

PT-2026-28325

Name of the Vulnerable Software and Affected Versions Spring AI versions 1.0.0 through 1.0.4 Spring AI versions 1.1.0 through 1.1.3 Description Spring AI’s spring-ai-bedrock-converse component has a Server-Side Request Forgery SSRF issue within the BedrockProxyChatModel. This occurs when handling...

8.6CVSS5.9AI score0.00353EPSS
Exploits0References11
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.6 views

Statamic 输入验证错误漏洞

Statamic is a powerful flat-file CMS built using Laravel by Statamic Inc. It allows all content, templates, assets, and settings to be stored in files rather than in a database. Versions of Statamic 5.73.16 and earlier, as well as 6.7.2 and earlier, had an input validation vulnerability. This...

6.1CVSS5.8AI score0.00177EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/03/27 12:0 a.m.2 views

Cisco Nexus 3000 9000 Series Switches Intermediate System-to-Intermediate System DoS (cisco-sa-n39k-isis-dos-JhJA8Rfx)

According to its self-reported version, Cisco NX-OS Software is affected by a vulnerability. - A vulnerability in the Intermediate System-to-Intermediate System IS-IS feature of Cisco NX-OS Software for Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode...

7.4CVSS5.9AI score0.00266EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.3 views

PT-2026-28571

Name of the Vulnerable Software and Affected Versions Handlebars versions 4.0.0 through 4.7.8 Description Handlebars templates containing decorator syntax referencing an unregistered decorator e.g., n can cause a Denial of Service. The compiled template calls lookupPropertydecorators, "n", which...

7.5CVSS5.9AI score0.00602EPSS
Exploits1References15
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.5 views

PT-2026-28573

Name of the Vulnerable Software and Affected Versions Handlebars versions 4.0.0 through 4.7.8 Description The Handlebars CLI precompiler bin/handlebars / lib/precompiler.js concatenates user-controlled strings – template file names and several CLI options – directly into the JavaScript it emits...

8.2CVSS6.1AI score0.00291EPSS
Exploits1References16
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.4 views

PT-2026-28569

Name of the Vulnerable Software and Affected Versions Handlebars versions 4.0.0 through 4.7.8 Description Handlebars allows Remote Code Execution RCE through a crafted Abstract Syntax Tree AST object. The Handlebars.compile function accepts either a template string or a pre-parsed AST. When an AS...

9.8CVSS6.3AI score0.01739EPSS
Exploits2References274
Tenable Nessus
Tenable Nessus
added 2026/03/27 12:0 a.m.5 views

Squid < 7.5 Multiple Vulnerabilities

The version of Squid on the remote host is prior to 7.5. It is, therefore, affected by multiple vulnerabilities: - Due to heap Use-After-Free, Squid is vulnerable to Denial of Service when handling ICP traffic. This attack is limited to Squid deployments that explicitly enable ICP support...

9.2CVSS6AI score0.08942EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.7 views

globaleaks-whistleblowing-software 输入验证错误漏洞

globaleaks-whistleblowing-software is an open-source anonymous whistleblowing platform developed by GLOBALEAKS. Versions of globaleaks-whistleblowing-software prior to version 5.0.89 contained a vulnerability related to input validation. This vulnerability stemmed from insufficient validation of...

5.1CVSS5.8AI score0.00196EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/03/26 9:20 p.m.41 views

CVE-2026-33671 Picomatch has a ReDoS vulnerability via extglob quantifiers

Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to Regular Expression Denial of Service ReDoS when processing crafted extglob patterns. Certain patterns using extglob quantifiers such as + and , especially when combined with overlapping...

7.5CVSS0.00412EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/26 8:34 p.m.1 views

CVE-2026-3622 Denial-of-Service Vulnerability in UPnP Component of TP Link's TL-WR841N

The vulnerability exists in the UPnP component of TL-WR841N v14, where improper input validation leads to an out-of-bounds read, potentially causing a crash of the UPnP service. Successful exploitation can cause the UPnP service to crash, resulting in a Denial-of-Service condition. This...

7.1CVSS5.9AI score0.00355EPSS
Exploits0References3
CVE
CVE
added 2026/03/26 8:34 p.m.13 views

CVE-2026-3622

CVE-2026-3622 affects TL-WR841N v14's UPnP component, where improper input validation triggers an out-of-bounds read that can crash the UPnP service and cause a Denial-of-Service. Affected builds include EN_0.9.1 4.19 Build 260303 Rel.42399n (V14_260303) and US_0.9.1.4.19 Build 260312 Rel. 49108n...

7.5CVSS5.8AI score0.00355EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/03/26 6:35 p.m.4 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS due to insufficient validation of incoming request size in the webhook endpoint. An attacker can disrupt service availability by sending oversized requests to the endpoint. Details Denial of Service DoS describes a...

6.9CVSS6AI score0.00344EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/26 6:30 p.m.7 views

EUVD-2026-15958

n8n Vulnerable to LDAP Filter Injection in LDAP Node...

6.3CVSS5.8AI score0.00245EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/26 5:0 p.m.4 views

CVE-2026-2745

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 7.11 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to bypass WebAuthn two-factor authentication and gain unauthorized access to user accounts due to inconsisten...

8.1CVSS5.8AI score0.00276EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 5:0 p.m.4 views

CVE-2026-20108

A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user...

5.4CVSS6AI score0.00162EPSS
Exploits0References1
Rows per page
Query Builder