Lucene search
K

72898 matches found

RedHat Linux
RedHat Linux
added 2026/03/23 5:49 p.m.4 views

valkey: Valkey: Denial of Service via invalid clusterbus packet

A flaw was found in Valkey, a distributed key-value database. A malicious actor with access to the Valkey clusterbus port can exploit an input validation vulnerability by sending a specially crafted invalid clusterbus packet. This lack of validation for clusterbus ping extension packets can lead ...

7.5CVSS5.7AI score0.00552EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/03/23 3:26 p.m.4 views

gimp: GIMP: Remote Code Execution via out-of-bounds write in XWD file parsing

A flaw was found in GIMP. The specific flaw exists within the parsing of XWD files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the conte...

7.8CVSS6AI score0.00566EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/03/23 3:26 p.m.2 views

gimp: GIMP: Remote Code Execution via out-of-bounds write in XWD file parsing

A flaw was found in GIMP. The specific flaw exists within the parsing of XWD files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the conte...

7.8CVSS6AI score0.00566EPSS
Exploits0References6
NCSC
NCSC
added 2026/03/23 1:43 p.m.5 views

Vulnerabilities fixed in Citrix Netscaler ADC and Netscaler Gateway

Citrix has fixed vulnerabilities in their software related to insufficient input validation and a race condition in session management. The input validation vulnerability occurs because the software does not correctly check for input sizes or limits, which can lead to memory overreads. This can...

9.8CVSS5.8AI score0.83996EPSS
Exploits7References1
Microsoft CVE
Microsoft CVE
added 2026/03/23 7:45 a.m.5 views

Chromium: CVE-2026-4451 Insufficient validation of untrusted input in Navigation

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

8.8CVSS5.8AI score0.00253EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/03/23 5:29 a.m.3 views

CVE-2025-10679 ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More <= 2.2.12 - Unauthenticated Limited Remote Code Execution

The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress is vulnerable to arbitrary method calls in all versions up to, and including, 2.2.12. This is due to insufficient input validation in the bulkTenReviews function that...

7.3CVSS6.6AI score0.00447EPSS
Exploits0References5
CVE
CVE
added 2026/03/23 5:29 a.m.13 views

CVE-2025-10679

The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More WordPress plugin (up to v2.2.12) is vulnerable due to insufficient input validation in the bulkTenReviews function, allowing user-controlled data to be passed to a variable function call ...

7.3CVSS6.6AI score0.00447EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/23 5:29 a.m.7 views

CVE-2025-10679

The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress is vulnerable to arbitrary method calls in all versions up to, and including, 2.2.12. This is due to insufficient input validation in the bulkTenReviews function that...

7.3CVSS6.6AI score0.00447EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/03/23 2:43 a.m.7 views

cpython: IMAP command injection in user-controlled commands

A flaw was found in the imaplib module in the Python standard library. The imaplib module does not reject control characters, such as newlines, in user-controlled input passed to IMAP commands. This issue allows an attacker to inject additional commands to be executed in the IMAP server...

5.9CVSS7AI score0.00315EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/03/23 2:17 a.m.7 views

cpython: IMAP command injection in user-controlled commands

A flaw was found in the imaplib module in the Python standard library. The imaplib module does not reject control characters, such as newlines, in user-controlled input passed to IMAP commands. This issue allows an attacker to inject additional commands to be executed in the IMAP server...

5.9CVSS7AI score0.00315EPSS
Exploits0References7
Redos
Redos
added 2026/03/23 12:0 a.m.5 views

ROS-20260323-73-0025

A vulnerability in the hwmon component of the Linux kernel is related to buffer copying without input data validation. Exploitation of the vulnerability allows an attacker to cause a denial of service...

7.8CVSS6AI score0.00153EPSS
Exploits0
Redos
Redos
added 2026/03/23 12:0 a.m.8 views

ROS-20260323-73-0031

A vulnerability in the ksmbdsmb2checkmessage function of the fs/smb/server/smb2misc.c module of the Linux kernel SMB server support is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

5.5CVSS5.8AI score0.00135EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.4 views

PT-2026-30912

Name of the Vulnerable Software and Affected Versions Cockpit versions prior to 360 Description The remote login feature in Cockpit fails to validate or sanitize user-supplied hostnames and usernames passed from the web interface to the SSH client. An attacker with network access to the web servi...

10CVSS6.4AI score0.142EPSS
Exploits3References48
CNNVD
CNNVD
added 2026/03/23 12:0 a.m.8 views

Droplet Agent 安全漏洞

Droplet Agent is an open-source tool developed by DigitalOcean for managing and monitoring DigitalOcean Droplets. Versions of Droplet Agent prior to 1.3.2 contain security vulnerabilities. These vulnerabilities stem from the fault diagnosis executor component failing to properly validate inputs...

8.8CVSS6.6AI score0.02502EPSS
Exploits2References4
CNNVD
CNNVD
added 2026/03/23 12:0 a.m.7 views

Tiki 安全漏洞

Tiki is a set of open-source content management and portal applications developed by the Tiki community. It can be used to create web applications, portals, intranets, extranets, etc. Version 21.2 of Tiki contains a security vulnerability, which stems from insufficient input validation of the...

5.4CVSS5.6AI score0.00195EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/03/23 12:0 a.m.2 views

Siemens SIMATIC S7-1500 Improper Input Validation (CVE-2025-38451)

In the Linux kernel, the following vulnerability has been resolved: md/md-bitmap: fix GPF in bitmapgetstats The commit message of commit 6ec1f0239485 md/md-bitmap: fix stats collection for external bitmaps states: Remove the external bitmap check as the statistics should be available regardless o...

5.5CVSS5.9AI score0.00147EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.4 views

PT-2026-31702

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.15 through 11.0.19 Apache Tomcat versions 10.1.50 through 10.1.52 Apache Tomcat versions 9.0.113 through 9.0.115 Description Improper Input Validation occurs due to an incomplete fix of a previous security issue...

7.5CVSS8.6AI score0.15831EPSS
Exploits5References81
OPENSUSE Linux
OPENSUSE Linux
added 2026/03/23 12:0 a.m.7 views

Security update for chromium (important)

openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2026:0094-1 Rating: important References: 1259964 Cross-References: CVE-2026-4439 CVE-2026-4440 CVE-2026-4441 CVE-2026-4442 CVE-2026-4443 CVE-2026-4444 CVE-2026-4445 CVE-2026-4446 CVE-2026-4447 CVE-2026-4448...

8.8CVSS7.2AI score0.00415EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/03/23 12:0 a.m.7 views

WordPress plugin ReviewX 代码注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.3CVSS6AI score0.00447EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.3 views

PT-2026-27144

Name of the Vulnerable Software and Affected Versions cgltf versions prior to 1.15 Description cgltf versions prior to 1.15 contain an integer overflow issue in the cgltf validate function when validating sparse accessors. This allows attackers to trigger out-of-bounds reads by providing speciall...

8.4CVSS6AI score0.00125EPSS
Exploits0References6
Rows per page
Query Builder