Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:33 p.m.9 views

CVE-2026-45307

Speakr is a personal, self-hosted web application designed for transcribing audio recordings. Prior to 0.8.20-alpha, the issafeurl helper used to validate post-login redirect targets applied urljoinrequest.hosturl, target before parsing, while the controller passed the raw target to redirect. A...

6.1CVSS5.5AI score0.00153EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/27 8:10 a.m.11 views

Security Bulletin: IBM Maximo Application Suite - Predict Component was using vulnerable library werkzeug-3.1.4 which is vulnerable to CVE-2026-21860

Summary IBM Maximo Application Suite - Predict Component was using vulnerable library werkzeug-3.1.4-py3-none-any.whl which is vulnerable to CVE-2026-21860. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-21860 DESCRIPTION: Werkzeug is a...

6.3CVSS5.8AI score0.00424EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/01/08 7:15 p.m.4 views

CVE-2026-21860

Werkzeug is a comprehensive WSGI web application library. Prior to version 3.1.5, Werkzeug's safejoin function allows path segments with Windows device names that have file extensions or trailing spaces. On Windows, there are special device names such as CON, AUX, etc that are implicitly present...

6.3CVSS0.00424EPSS
Exploits0References2
CVE
CVE
added 2025/12/30 9:3 p.m.60 views

CVE-2025-61594

The CVE concerns the URI Ruby module. In versions ≤0.12.4 (Ruby 3.2), ≤0.13.2 (Ruby 3.3), and ≤1.0.3 (Ruby 3.4), using the + operator to join URIs could leak passwords from the original URI, bypassing a prior fix for CVE-2025-27221 and exposing credentials. Mitigations are available in fixed rele...

7.5CVSS6.5AI score0.0051EPSS
Exploits0References4Affected Software1
RedHat Linux
RedHat Linux
added 2022/03/22 10:23 a.m.3 views

mariadb: crash in Used_tables_and_const_cache::used_tables_and_const_cache_join

A flaw was found in MariaDB. An issue in the component, Usedtablesandconstcache::usedtablesandconstcachejoin, of the MariaDB Server v10.7 allows attackers to cause a denial of service DoS via specially crafted SQL statements, impacting availability...

7.5CVSS7.4AI score0.01644EPSS
Exploits1References4
OSV
OSV
added 2021/04/14 7:15 a.m.6 views

UBUNTU-CVE-2020-36323

In the standard library in Rust before 1.52.0, there is an optimization for joining strings that can cause uninitialized bytes to be exposed or the program to crash if the borrowed string changes after its length is checked...

8.2CVSS7.2AI score0.02025EPSS
Exploits0References4
OSV
OSV
added 2019/01/23 7:29 p.m.4 views

ALPINE-CVE-2019-6706

Lua 5.3.5 has a use-after-free in luaupvaluejoin in lapi.c. For example, a crash outcome might be achieved by an attacker who is able to trigger a debug.upvaluejoin call in which the arguments have certain relationships...

7.5CVSS7AI score0.17224EPSS
Exploits5References1
Rows per page
Query Builder