Lucene search
+L

697 matches found

osv
osv
added 2026/03/18 6:16 a.m.9 views

UBUNTU-CVE-2026-32596

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.2, Glances web server runs without authentication by default when started with glances -w, exposing REST API with sensitive system information including process command-lines containing credentials passwords, API keys,...

8.7CVSS5.8AI score0.0155EPSS
Exploits1References4
attackerkb
attackerkb
added 2026/03/18 5:18 a.m.2 views

CVE-2026-32596

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.2, Glances web server runs without authentication by default when started with glances -w, exposing REST API with sensitive system information including process command-lines containing credentials passwords, API keys,...

8.7CVSS5.8AI score0.0155EPSS
Exploits1References4Affected Software1
ubuntu
ubuntu
added 2026/03/16 10:15 p.m.15 views

USN-8101-1: Vim vulnerabilities

Rahul Hoysala discovered that Vim did not correctly handle certain tag resolutions. An attacker could possibly use this issue to cause a denial of service. CVE-2026-25749 It was discovered that Vim did not correctly handle processing certain specialKey commands. An attacker could possibly use thi...

7.8CVSS6AI score0.01162EPSS
Exploits1
ptsecurity
ptsecurity
added 2026/03/14 12:0 a.m.8 views

PT-2026-25844

Name of the Vulnerable Software and Affected Versions Glances versions prior to 4.5.2 Description Glances, a system cross-platform monitoring tool, has an issue where the web server runs without authentication by default when started with glances -w. This exposes a REST API containing sensitive...

8.7CVSS5.9AI score0.0155EPSS
Exploits1References28
snyk
snyk
added 2026/03/03 9:52 p.m.4 views

Arbitrary Command Injection

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Arbitrary Command Injection via the renderEnvLines process. An attacker can execute arbitrary commands with the privileges of the gateway service user by injecting newline characters and...

8.6CVSS6AI score0.01075EPSS
Exploits1References2
vulnrichment
vulnrichment
added 2026/03/03 8:28 p.m.2 views

CVE-2026-1713 IBM MQ is affected by an authority vulnerablility

IBM MQ 9.1.0.0 through 9.1.0.33 LTS, 9.2.0.0 through 9.2.0.40 LTS, 9.3.0.0 through 9.3.0.36 LTS, 9.30.0 through 9.3.5.1 CD, 9.4.0.0 through 9.4.0.17 LTS, and 9.4.0.0 through 9.4.4.1 CD...

5.9AI score0.00114EPSS
Exploits0References1
alpinelinux
alpinelinux
added 2026/02/27 10:2 p.m.3 views

CVE-2026-28419

Vim is an open source, command line text editor. Prior to version 9.2.0075, a heap-based buffer underflow exists in Vim's Emacs-style tags file parsing logic. When processing a malformed tags file where a delimiter appears at the start of a line, Vim attempts to read memory immediately preceding...

6.6CVSS6AI score0.00168EPSS
Exploits0References4
snyk
snyk
added 2026/02/25 6:17 a.m.3 views

Cross-site Scripting (XSS)

Overview bugsink is a Self-hosted Error Tracking Affected versions of this package are vulnerable to Cross-site Scripting XSS in the pygmentizelines function. An attacker who can can submit events to a Bugsink project and convince a user to interact in the web UI with a stacktrace containing a...

9.3CVSS5.7AI score0.00286EPSS
Exploits1References2
osv
osv
added 2026/01/30 3:41 p.m.7 views

CLEANSTART-2026-IA37596 net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines

Multiple security vulnerabilities affect the consul-k8s-fips package. The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. See references for individual vulnerability details...

9.8CVSS5.8AI score0.00778EPSS
Exploits0References8
osv
osv
added 2026/01/29 7:16 p.m.8 views

CVE-2025-15542

Improper handling of exceptional conditions in VX800v v1.0 in SIP processing allows an attacker to flood the device with crafted INVITE messages, blocking all voice lines and causing a denial of service on incoming calls...

5.3CVSS5.8AI score0.00252EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/01/29 6:6 p.m.4 views

CVE-2025-15542

Improper handling of exceptional conditions in VX800v v1.0 in SIP processing allows an attacker to flood the device with crafted INVITE messages, blocking all voice lines and causing a denial of service on incoming calls...

6.3CVSS5.9AI score0.00252EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/01/29 12:0 a.m.7 views

PT-2026-5321

Name of the Vulnerable Software and Affected Versions VX800v version 1.0 Description A flaw exists in the handling of exceptional conditions during SIP processing. An attacker can send specially crafted INVITE messages to flood the device, leading to a denial of service by blocking all voice line...

6.3CVSS5.9AI score0.00252EPSS
Exploits0References5
cvelist
cvelist
added 2026/01/27 1:43 p.m.33 views

CVE-2026-1485 Glib: glib: local denial of service via buffer underflow in content type parsing

A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access...

2.8CVSS0.00139EPSS
Exploits1References3
broadcom
broadcom
added 2026/01/27 12:0 a.m.18 views

Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service

CVE-2019-9704 Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service daemon crash via a large crontab file because the calloc return value is not checked. CVE-2019-9705 Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of...

5.5CVSS5.9AI score0.00354EPSS
Exploits0
nodejsblog
nodejsblog
added 2026/01/13 12:0 a.m.26 views

Tuesday, January 13, 2026 Security Releases

Tuesday, January 13, 2026 Security Releases Security releases available Updates are now available for the 25.x, 24.x, 22.x, and 20.x Node.js release lines to address: 3 high severity issues. 4 medium severity issues. 1 low severity issue. This security release includes the following dependency...

10CVSS7.2AI score0.03782EPSS
Exploits3
redhatcve
redhatcve
added 2026/01/09 10:15 a.m.8 views

CVE-2019-2245

Possible integer underflow can happen when calculating length of elementary stream map from invalid packet length which is later used to read from input buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT,...

10CVSS7.5AI score0.00988EPSS
Exploits0References1
packetstormnews
packetstormnews
added 2026/01/07 12:0 a.m.5 views

Python Site-Specific Hook Persistence

This Metasploit module leverages Python's startup mechanism, where some files can be automatically processed during the initialization of the Python interpreter. One of those files are startup hooks site-specific, dist-packages. If these files are present in site-specific or dist-packages...

6.9AI score
Exploits0
euvd
euvd
added 2026/01/06 3:21 a.m.7 views

EUVD-2026-1093

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.9.5 via the hash function due to use of a hardcoded fall-back salt. This makes it possible for...

6.5CVSS5.4AI score0.00182EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2025/12/27 10:52 p.m.1 views

CVE-2025-68972

In GnuPG through 2.4.8, if a signed message has \f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds although an "invalid armor" message is printed...

5.9CVSS6.6AI score0.00104EPSS
Exploits0References3
cve
cve
added 2025/12/27 10:52 p.m.507 views

CVE-2025-68972

CVE-2025-68972 affects GnuPG/gnupg2 <= 2.4.8, where a signed message ending a plaintext line with the form feed (\f) can allow an adversary to craft a modified message that still passes signature verification, with an “invalid armor” message printed during verification. Connected advisories in...

5.9CVSS6.6AI score0.00104EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder