Lucene search
K

297 matches found

Github Security Blog
Github Security Blog
added 2026/04/30 5:27 p.m.30 views

Gotenberg has ExifTool stdin argument injection via metadata value newlines (bypass of key sanitization fix)

Vulnerability Details CWE: CWE-20 - Improper Input Validation The metadata value sanitization introduced in v8.30.1 commit 405f106 only validates metadata KEYS via safeKeyPattern regex. Metadata VALUES are passed unsanitized to go-exiftool SetString, which writes them as fmt.Fprintlne.stdin,...

10CVSS5.6AI score0.00611EPSS
Exploits1References5Affected Software1
Snyk
Snyk
added 2026/04/17 10:32 p.m.2 views

Insecure Default Initialization of Resource

Overview @openclaw/feishu is an OpenClaw Feishu/Lark channel plugin community maintained by @m1heng Affected versions of this package are vulnerable to Insecure Default Initialization of Resource via improper validation of the encryptKey configuration and blank callback tokens. An attacker can ga...

9.8CVSS5.8AI score0.00718EPSS
Exploits1References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/16 1:4 p.m.6 views

Security Bulletin: IBM SOAR QRadar Plugin App is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM SOAR QRadar Plugin App has addressed the applicable CVEs with an update. Vulnerability Details CVEID:CVE-2026-26007 DESCRIPTION: cryptography is a package...

8.2CVSS5.8AI score0.00341EPSS
Exploits0Affected Software1
SUSE Linux
SUSE Linux
added 2026/04/15 1:36 p.m.5 views

Security update for bind

This update for bind fixes the following issues: Security issues: CVE-2026-1519: maliciously crafted DNSSEC-validated zone can lead to denial of service bsc1260805. CVE-2026-3104: memory leak in code preparing DNSSEC proofs of non-existence allows for DoS bsc1260567. CVE-2026-3119: authenticated...

8.7CVSS5.8AI score0.01545EPSS
Exploits0References18
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/14 3:1 p.m.10 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an Insufficient Verification of Data Authenticity in cryptography [CVE-2026-26007]

Summary IBM Watson Speech Services Cartridge is vulnerable to an Insufficient Verification of Data Authenticity in cryptography, due to a condition where the publickeyfromnumbers or EllipticCurvePublicNumbers.publickey, EllipticCurvePublicNumbers.publickey, loadderpublickey and loadpempublickey...

8.2CVSS6.4AI score0.00341EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2026/04/09 9:32 p.m.23 views

CVE-2025-13914 Apstra: SSH host key validation vulnerability for managed devices

A Key Exchange without Entity Authentication vulnerability in the SSH implementation of Juniper Networks Apstra allows a unauthenticated, MITM attacker to impersonate managed devices. Due to insufficient SSH host key validation an attacker can perform a machine-in-the-middle attack on the SSH...

8.7CVSS0.00303EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/09 9:32 p.m.6 views

CVE-2025-13914 Apstra: SSH host key validation vulnerability for managed devices

A Key Exchange without Entity Authentication vulnerability in the SSH implementation of Juniper Networks Apstra allows a unauthenticated, MITM attacker to impersonate managed devices. Due to insufficient SSH host key validation an attacker can perform a machine-in-the-middle attack on the SSH...

8.7CVSS5.8AI score0.00303EPSS
Exploits0References1
CVE
CVE
added 2026/04/09 9:32 p.m.14 views

CVE-2025-13914

CVE-2025-13914 concerns Juniper Networks Apstra SSH host key validation, described as a Key Exchange without Entity Authentication vulnerability. The issue enables an unauthenticated attacker to perform a man-in-the-middle attack on SSH connections from Apstra to managed devices, allowing imperso...

8.7CVSS5.9AI score0.00303EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/09 9:32 p.m.3 views

CVE-2025-13914

A Key Exchange without Entity Authentication vulnerability in the SSH implementation of Juniper Networks Apstra allows a unauthenticated, MITM attacker to impersonate managed devices. Due to insufficient SSH host key validation an attacker can perform a machine-in-the-middle attack on the SSH...

8.7CVSS5.9AI score0.00303EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.8 views

PT-2026-31796

Name of the Vulnerable Software and Affected Versions Juniper Networks Apstra versions prior to 6.1.1 Description A Key Exchange without Entity Authentication issue exists in the SSH implementation of Juniper Networks Apstra. This allows an unauthenticated, man-in-the-middle MITM attacker to...

8.7CVSS5.8AI score0.00303EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/04/08 3:4 p.m.8 views

LobeHub: Unauthenticated authentication bypass on `webapi` routes via forgeable `X-lobe-chat-auth` header

Summary The webapi authentication layer trusts a client-controlled X-lobe-chat-auth header that is only XOR-obfuscated, not signed or otherwise authenticated. Because the XOR key is hardcoded in the repository, an attacker can forge arbitrary auth payloads and bypass authentication on protected...

7.1CVSS6.2AI score0.00126EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 2026/04/08 12:30 a.m.5 views

EUVD-2026-19969

Issue summary: Applications using RSASVE key encapsulation to establish a secret encryption key can send contents of an uninitialized memory buffer to a malicious peer. Impact summary: The uninitialized buffer might contain sensitive data from the previous execution of the application process whi...

7.5CVSS6AI score0.00981EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/04/08 12:0 a.m.9 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006830)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006830 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetpipapo: do not free live element Pablo reports a crash with large batches of...

5.9CVSS6.8AI score0.01287EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/07 11:9 p.m.4 views

Improper Check for Unusual or Exceptional Conditions

Overview Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions via the RSASVE encapsulation process. An attacker can obtain sensitive information by supplying an invalid RSA public key and triggering the use of uninitialized memory contents as...

8.2CVSS5.8AI score0.00981EPSS
Exploits0References2
OSV
OSV
added 2026/04/07 10:16 p.m.6 views

DEBIAN-CVE-2026-31790

Issue summary: Applications using RSASVE key encapsulation to establish a secret encryption key can send contents of an uninitialized memory buffer to a malicious peer. Impact summary: The uninitialized buffer might contain sensitive data from the previous execution of the application process whi...

7.5CVSS8.1AI score0.00981EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/04/07 10:0 p.m.6 views

CVE-2026-31790

Issue summary: Applications using RSASVE key encapsulation to establish a secret encryption key can send contents of an uninitialized memory buffer to a malicious peer. Impact summary: The uninitialized buffer might contain sensitive data from the previous execution of the application process whi...

7.5CVSS6AI score0.00981EPSS
Exploits0
Cvelist
Cvelist
added 2026/04/07 2:30 p.m.19 views

CVE-2026-35462 Papra Does Not Reject Expired API Keys

Papra is a minimalistic document management and archiving platform. Prior to 26.4.0, API keys with an expiresAt date are never validated against the current time during authentication. Any API key — regardless of its expiration date — is accepted indefinitely, allowing a user whose key has expire...

4.3CVSS0.00239EPSS
Exploits1References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/06 10:16 a.m.8 views

Security Bulletin: There is a vulnerability in cryptography-46.0.3-cp311-abi3-manylinux_2_34_x86_64.whl used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-26007)

Summary There is a vulnerability in cryptography-46.0.3-cp311-abi3-manylinux234x8664.whl used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-26007 DESCRIPTION: cryptography is a package designed to expose cryptographic primitives and recipes...

8.2CVSS5.9AI score0.00341EPSS
Exploits0Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/27 10:21 p.m.2 views

CVE-2026-33996

LibJWT is a C JSON Web Token Library. Starting in version 3.0.0 and prior to version 3.3.0, the JWK parsing for RSA-PSS did not protect against a NULL value when expecting to parse JSON string values. A specially crafted JWK file could exploit this behavior by using integers in places where the...

5.8CVSS5.9AI score0.0015EPSS
Exploits0References3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/27 8:20 a.m.8 views

Security Bulletin: IBM Maximo Application Suite - Predict Component was using vulnerable library cryptography-46.0.3 which is vulnerable to CVE-2026-26007

Summary IBM Maximo Application Suite - Predict Component was using vulnerable library cryptography-46.0.3-cp311-abi3-manylinux234x8664.whl which is vulnerable to CVE-2026-26007. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-26007 DESCRIPTION...

8.2CVSS5.9AI score0.00341EPSS
Exploits0Affected Software1
Rows per page
Query Builder