Lucene search
K

297 matches found

Github Security Blog
Github Security Blog
added 2026/02/10 9:27 p.m.34 views

cryptography Vulnerable to a Subgroup Attack Due to Missing Subgroup Validation for SECT Curves

Vulnerability Summary The publickeyfromnumbers or EllipticCurvePublicNumbers.publickey, EllipticCurvePublicNumbers.publickey, loadderpublickey and loadpempublickey functions do not verify that the point belongs to the expected prime-order subgroup of the curve. This missing validation allows an...

8.2CVSS5.6AI score0.00341EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/05 12:0 a.m.9 views

PT-2026-6658

Name of the Vulnerable Software and Affected Versions SandboxJS versions prior to 0.8.29 Description SandboxJS, a JavaScript sandboxing library, has a sandbox escape issue. This is due to a mismatch between the key used for validation and the key used for property access. The key, intended to be ...

10CVSS6.3AI score0.00489EPSS
Exploits1References15
OSV
OSV
added 2026/02/02 1:54 p.m.17 views

CLSA-2026-1770040438 kernel: Fix of 14 CVEs

efivarfs: Fix slab-out-of-bounds in efivarfsdcompare CVE-2025-39817 - scsi: ses: Fix possible descptr out-of-bounds accesses CVE-2023-53675 - ipv6: Fix out-of-bounds access in ipv6findtlv CVE-2023-53705 - libceph: fix potential use-after-free in havemonandosdmap CVE-2025-68285 - scsi: lpfc: Fix...

7.8CVSS6AI score0.00225EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/01/28 3:14 p.m.19 views

Important: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

7.8CVSS7AI score0.00319EPSS
Exploits0References14
Tenable Nessus
Tenable Nessus
added 2026/01/28 12:0 a.m.7 views

RHEL 9 : kernel (RHSA-2026:1494)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:1494 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: mac80211: fix potential double...

7.8CVSS7.2AI score0.00319EPSS
Exploits0References28
RedHat Linux
RedHat Linux
added 2026/01/26 4:39 p.m.7 views

kernel: Linux kernel (openvswitch): Denial of Service and limited data exposure via improper key length validation

A flaw was found in the Linux kernel's openvswitch virtual environment. A local attacker with low privileges could exploit improper data and key length validation in the set action. This could lead to a denial of service, making the system unresponsive, and potentially result in limited informati...

7.8CVSS5.8AI score0.00179EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/01/26 2:32 p.m.13 views

Moderate: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

7.8CVSS6.8AI score0.00319EPSS
Exploits0References12
Vulnrichment
Vulnrichment
added 2025/12/20 1:47 p.m.3 views

CVE-2025-7733 WP JobHunt <= 7.7 - Authenticated (Candidate+) Insecure Direct Object Reference

The WP JobHunt plugin for WordPress, used by the JobCareer theme, is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 7.7 via the 'csupdateapplicationstatuscallback' due to missing validation on a user controlled key. This makes it possible for authenticated...

4.3CVSS5.6AI score0.00171EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/12/03 12:0 a.m.6 views

WordPress plugin HUSKY 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

4.3CVSS6.3AI score0.00224EPSS
Exploits0References3
OSV
OSV
added 2025/12/01 8:38 p.m.5 views

BIT-FLUENT-BIT-2025-12978 CVE-2025-12978

Fluent Bit inhttp, insplunk, and inelasticsearch input plugins contain a flaw in the tagkey validation logic that fails to enforce exact key-length matching. This allows crafted inputs where a tag prefix is incorrectly treated as a full match. A remote attacker with authenticated or exposed acces...

5.4CVSS7.1AI score0.00348EPSS
Exploits0References2
EUVD
EUVD
added 2025/11/24 3:30 p.m.6 views

EUVD-2025-198807

Fluent Bit inhttp, insplunk, and inelasticsearch input plugins contain a flaw in the tagkey validation logic that fails to enforce exact key-length matching. This allows crafted inputs where a tag prefix is incorrectly treated as a full match. A remote attacker with authenticated or exposed acces...

5.4CVSS6.6AI score0.00348EPSS
Exploits0References2
NVD
NVD
added 2025/11/24 3:15 p.m.5 views

CVE-2025-12978

Fluent Bit inhttp, insplunk, and inelasticsearch input plugins contain a flaw in the tagkey validation logic that fails to enforce exact key-length matching. This allows crafted inputs where a tag prefix is incorrectly treated as a full match. A remote attacker with authenticated or exposed acces...

5.4CVSS0.00348EPSS
Exploits0References1
OSV
OSV
added 2025/11/24 2:42 p.m.5 views

CVE-2025-12978 CVE-2025-12978

Fluent Bit inhttp, insplunk, and inelasticsearch input plugins contain a flaw in the tagkey validation logic that fails to enforce exact key-length matching. This allows crafted inputs where a tag prefix is incorrectly treated as a full match. A remote attacker with authenticated or exposed acces...

5.4CVSS6.4AI score0.00348EPSS
Exploits0References3
CVE
CVE
added 2025/11/24 2:42 p.m.19 views

CVE-2025-12978

Fluent Bit’s input plugins in_http, in_splunk, and in_elasticsearch have a flaw in tag_key validation that does not enforce exact key-length matching. This lets crafted tag prefixes be treated as full matches, enabling a remote attacker with access to those endpoints to manipulate tags and redire...

5.4CVSS6.7AI score0.00348EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/11/24 2:42 p.m.4 views

CVE-2025-12978 CVE-2025-12978

Fluent Bit inhttp, insplunk, and inelasticsearch input plugins contain a flaw in the tagkey validation logic that fails to enforce exact key-length matching. This allows crafted inputs where a tag prefix is incorrectly treated as a full match. A remote attacker with authenticated or exposed acces...

6.7AI score0.00348EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/24 2:42 p.m.14 views

CVE-2025-12978 CVE-2025-12978

Fluent Bit inhttp, insplunk, and inelasticsearch input plugins contain a flaw in the tagkey validation logic that fails to enforce exact key-length matching. This allows crafted inputs where a tag prefix is incorrectly treated as a full match. A remote attacker with authenticated or exposed acces...

0.00348EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/24 12:0 a.m.8 views

PT-2025-47924

Name of the Vulnerable Software and Affected Versions Fluent Bit in http, in splunk, and in elasticsearch input plugins affected versions not specified Description The input plugins in http, in splunk, and in elasticsearch within Fluent Bit have a flaw in how they validate the tag key. The...

5.4CVSS7AI score0.00348EPSS
Exploits0References10
CNNVD
CNNVD
added 2025/11/24 12:0 a.m.7 views

Fluent Bit 安全漏洞

Fluent Bit is an open source log processing and analyzing system written in C by Fluent Open Source. A security vulnerability exists in Fluent Bit that stems from a flaw in the tagkey validation logic, which could cause logs to redirect to an unintended destination...

5.4CVSS6.7AI score0.00348EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/11/20 9:37 p.m.11 views

CVE-2025-12770

The New User Approve plugin for WordPress is vulnerable to unauthorized data disclosure in all versions up to, and including, 3.0.9 due to insufficient API key validation using loose equality comparison. This makes it possible for unauthenticated attackers to retrieve personally identifiable...

5.3CVSS5.7AI score0.00263EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/19 6:31 a.m.8 views

EUVD-2025-198127

The New User Approve plugin for WordPress is vulnerable to unauthorized data disclosure in all versions up to, and including, 3.0.9 due to insufficient API key validation using loose equality comparison. This makes it possible for unauthenticated attackers to retrieve personally identifiable...

5.3CVSS5.3AI score0.00263EPSS
Exploits0References5
Rows per page
Query Builder