Lucene search
K

72893 matches found

CVE
CVE
added 2026/03/19 7:30 p.m.16 views

CVE-2026-32238

OpenEMR CVE-2026-32238: A command injection vulnerability in the backup functionality affects versions prior to 8.0.0.2 due to insufficient input validation. An authenticated attacker could exploit this weakness. The issue is fixed in version 8.0.0.2. Remediation: upgrade to 8.0.0.2 or apply the ...

9.1CVSS5.8AI score0.01889EPSS
Exploits3References2Affected Software1
OSV
OSV
added 2026/03/19 7:30 p.m.9 views

CVE-2026-32238 OpenEMR has Remote Code Execution in backup functionality

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.2 contain a Command injection vulnerability in the backup functionality that can be exploited by authenticated attackers. The vulnerability exists due to insufficient...

9.1CVSS5.9AI score0.01889EPSS
Exploits3References4
Snyk
Snyk
added 2026/03/19 7:13 p.m.6 views

Improper Validation of Specified Quantity in Input

Overview fast-xml-parser is a Validate XML, Parse XML, Build XML without C/C++ based libraries Affected versions of this package are vulnerable to Improper Validation of Specified Quantity in Input in the DocTypeReader component when the maxEntityCount or maxEntitySize configuration options are...

8.2CVSS5.8AI score0.00449EPSS
Exploits1References2
EUVD
EUVD
added 2026/03/19 6:31 p.m.3 views

EUVD-2026-13145

Improper Validation of Specified Quantity in Input CWE-1284 in the Timelion visualization plugin in Kibana can lead Denial of Service via Excessive Allocation CAPEC-130. The vulnerability allows an authenticated user to send a specially crafted Timelion expression that overwrites internal series...

6.5CVSS5.8AI score0.0027EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/19 5:47 p.m.4 views

Ella Core panics on invalid PDU Session IDs in NGAP messages

Summary Ella Core panics when processing NGAP messages with invalid PDU Session IDs outside of 1-15. Impact An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required. Fix Added PDU...

7.5CVSS5.8AI score0.00393EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/19 5:14 p.m.3 views

CVE-2026-26940 Improper Validation of Specified Quantity in Input in Kibana Leading to Denial of Service

Improper Validation of Specified Quantity in Input CWE-1284 in the Timelion visualization plugin in Kibana can lead Denial of Service via Excessive Allocation CAPEC-130. The vulnerability allows an authenticated user to send a specially crafted Timelion expression that overwrites internal series...

6.5CVSS5.8AI score0.0027EPSS
Exploits0References1
Snyk
Snyk
added 2026/03/19 5:14 p.m.3 views

Improper Validation of Specified Quantity in Input

Overview kibana is an open source Apache Licensed, browser-based analytics and search dashboard for Elasticsearch. Affected versions of this package are vulnerable to Improper Validation of Specified Quantity in Input via the Timelion visualization plugin when processing specially crafted Timelio...

7.1CVSS5.9AI score0.0027EPSS
Exploits0References2
CVE
CVE
added 2026/03/19 5:14 p.m.16 views

CVE-2026-26940

The CVE concerns Kibana’s Timelion visualization plugin, where improper validation of a specified quantity (input) by an authenticated user can cause a Denial of Service through excessive allocation. The underlying issue is validated quantity handling leading to overwriting internal series data p...

6.5CVSS5.8AI score0.0027EPSS
Exploits0References1Affected Software1
Elastic
Elastic
added 2026/03/19 4:59 p.m.9 views

Kibana 8.19.13, 9.2.7, 9.3.2 Security Update (ESA-2026-20)

Improper Validation of Specified Quantity in Input in Kibana Leading to Denial of Service Improper Validation of Specified Quantity in Input CWE-1284 in the Timelion visualization plugin in Kibana can lead Denial of Service via Excessive Allocation CAPEC-130. The vulnerability allows an...

6.5CVSS5.7AI score0.0027EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2026/03/19 3:31 p.m.8 views

Duplicate Advisory: pgproto3: Negative field length panics in DataRow.Decode

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-jqcq-xjh3-6g23. This link is maintained to preserve external references. Original Description A flaw was found in pgproto3. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow...

5.7AI score0.00086EPSS
Exploits0References8Affected Software1
NVD
NVD
added 2026/03/19 3:16 p.m.5 views

CVE-2026-4427

Rejected reason: Duplicate of CVE-2026-32286...

0.00086EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2026/03/19 3:16 p.m.3 views

CVE-2026-4427

Rejected reason: Duplicate of CVE-2026-32286...

5.8AI score0.00086EPSS
Exploits0References7
GithubExploit
GithubExploit
added 2026/03/19 2:44 p.m.158 views

Exploit for Improper Input Validation in Adobe Commerce

SessionReaper-CVE-2025-54...

9.1CVSS5.8AI score0.96742EPSS
Exploits9
Cvelist
Cvelist
added 2026/03/19 2:24 p.m.20 views

CVE-2026-4427

...

0.00086EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/19 2:23 p.m.4 views

CVE-2026-4427

A flaw was found in pgproto3. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow message with a negative field length. This input validation vulnerability can lead to a denial of service DoS due to a slice bounds out of range panic...

7.5CVSS5.7AI score0.00086EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/03/19 12:13 p.m.7 views

gimp: GIMP: Remote Code Execution via out-of-bounds write in XWD file parsing

A flaw was found in GIMP. The specific flaw exists within the parsing of XWD files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the conte...

7.8CVSS5.9AI score0.00566EPSS
Exploits0References6
SUSE Linux
SUSE Linux
added 2026/03/19 10:27 a.m.5 views

Security update for tomcat

This update for tomcat fixes the following issues: Update to Tomcat 9.0.115: CVE-2025-66614: client certificate verification bypass due to virtual host mapping bsc1258371. CVE-2026-24733: improper input validation on HTTP/0.9 requests bsc1258385. CVE-2026-24734: certificate revocation bypass due ...

8.7CVSS5.7AI score0.00498EPSS
Exploits0References12
EUVD
EUVD
added 2026/03/19 3:30 a.m.3 views

EUVD-2026-13031

OpenClaw versions prior to 2026.2.19 tools.exec.safeBins contains an input validation bypass vulnerability that allows attackers to execute unintended filesystem operations through sort output flags or recursive grep flags. Attackers with command execution access can leverage sort -o flag for...

7.1CVSS6.1AI score0.0014EPSS
Exploits0References4
OSV
OSV
added 2026/03/19 3:30 a.m.1 views

GHSA-GGM6-H3MX-CMMP Duplicate Advisory: safeBins stdin-only bypass via sort output and recursive grep flags

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-4685-c5cp-vp95. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.19 tools.exec.safeBins contains an input validation bypass vulnerability that allow...

3.6CVSS6.2AI score0.0014EPSS
Exploits0References4
OSV
OSV
added 2026/03/19 2:16 a.m.3 views

CVE-2026-31996

OpenClaw versions prior to 2026.2.19 tools.exec.safeBins contains an input validation bypass vulnerability that allows attackers to execute unintended filesystem operations through sort output flags or recursive grep flags. Attackers with command execution access can leverage sort -o flag for...

7.1CVSS6.2AI score
Exploits0References3
Rows per page
Query Builder