Lucene search
K

682 matches found

CNNVD
CNNVD
added 2026/04/29 12:0 a.m.8 views

MyBB Recent threads 跨站脚本漏洞

MyBB Recent threads is a plugin provided by MyBB Corporation that displays the latest topic lists on forums. Version 17.0 of MyBB Recent threads contains a cross-site scripting vulnerability. This vulnerability stems from persistent cross-site scripting, allowing attackers to inject malicious...

7.2CVSS5.9AI score0.00261EPSS
Exploits1References1
NVD
NVD
added 2026/04/22 5:16 p.m.7 views

CVE-2026-35343

The cut utility in uutils coreutils incorrectly handles the -s only-delimited option when a newline character is specified as the delimiter. The implementation fails to verify the onlydelimited flag in the cutfieldsnewlinechardelim function, causing the utility to print non-delimited lines that...

3.3CVSS0.00135EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/22 4:7 p.m.6 views

CVE-2026-35343 uutils coreutils cut Inconsistent Output Suppression with Newline Delimiters

The cut utility in uutils coreutils incorrectly handles the -s only-delimited option when a newline character is specified as the delimiter. The implementation fails to verify the onlydelimited flag in the cutfieldsnewlinechardelim function, causing the utility to print non-delimited lines that...

3.3CVSS5.8AI score0.00135EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.4 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013579)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013579 advisory. In the Linux kernel, the following vulnerability has been resolved: serial: sc16is7xx: setup GPIO controller later in probe The GPIO controller component of the...

5.5AI score0.00175EPSS
Exploits0References4
Schneier on Security
Schneier on Security
added 2026/04/15 10:47 a.m.9 views

Defense in Depth, Medieval Style

This article on the walls of Constantinople is fascinating. The system comprised four defensive lines arranged in formidable layers: The brick-lined ditch, divided by bulkheads and often flooded, 15­-20 meters wide and up to 7 meters deep. A low breastwork, about 2 meters high, enabling defenders...

5.8AI score
Exploits0
Snyk
Snyk
added 2026/04/14 11:38 a.m.12 views

Malicious Package

Overview tailwind-lines-clamp is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/14 11:38 a.m.5 views

Malicious code in tailwind-lines-clamp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8d3d215fb943fe734ea49a73d1d0f503c465c829b5f5b5327ca3d83eaa0e377a The package tailwind-lines-clamp was found to contain malicious code. Source: ghsa-malware...

5.7AI score
Exploits0References1
OSV
OSV
added 2026/04/14 11:38 a.m.4 views

MAL-2026-2655 Malicious code in tailwind-lines-clamp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8d3d215fb943fe734ea49a73d1d0f503c465c829b5f5b5327ca3d83eaa0e377a The package tailwind-lines-clamp was found to contain malicious code. Source: ghsa-malware...

5.7AI score
Exploits0References1
CVE
CVE
added 2026/04/08 8:5 p.m.25 views

CVE-2026-39414

CVE-2026-39414 affects MinIO’s S3 Select CSV parsing. The CSV reader’s nextSplit() calls ReadBytes('\n') without a size limit, causing unbounded buffering and memory exhaustion (OOM) when processing long lines; a file with no newline can trigger a single large allocation. This can be exploited by...

7.1CVSS5.8AI score0.00485EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.4 views

PT-2026-31016

Name of the Vulnerable Software and Affected Versions OpenTelemetry-Go versions 1.36.0 through 1.40.0 Description The OpenTelemetry-Go implementation is susceptible to a remote request amplification issue due to the way it handles multi-value baggage headers. Specifically, the extractMultiBaggage...

9.8CVSS6AI score0.00868EPSS
Exploits1References429
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.8 views

SEPPmail Secure Email Gateway 安全漏洞

SEPPmail Secure Email Gateway is an email security gateway developed by the German company SEPPmail. Versions of SEPPmail Secure Email Gateway prior to version 15.0.3 contained security vulnerabilities. These vulnerabilities stemmed from a flaw that allowed attackers to hide security labels for...

5.3CVSS5.8AI score0.00189EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/29 12:0 a.m.3 views

PT-2026-28496

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.17 Description OpenClaw creates session transcript JSONL files with overly broad default permissions, allowing local users to read transcript contents. An attacker with local access can read these transcript...

8.4CVSS5.9AI score0.0012EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/03/26 3:8 p.m.3 views

CVE-2026-33268

Nanoleaf Lines 12.3.2 does not authenticate firmware file uploads. A remote, unauthenticated attacker can upload firmware files on the device and consume storage resources. Fixed in 12.3.6...

6.9CVSS5.8AI score0.0034EPSS
Exploits0References1
OSV
OSV
added 2026/03/25 9:3 p.m.3 views

GHSA-V3RJ-XJV7-4JMQ smol-toml: Denial of Service via TOML documents containing thousands of consecutive commented lines

Summary An attacker can send a maliciously crafted TOML to cause the parser to crash, because of a stack overflow caused by thousands of consecutive commented lines. The library uses recursion internally while parsing to skip over commented lines, which can be exploited to crash an application th...

5.3CVSS6.2AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/03/25 9:3 p.m.7 views

smol-toml: Denial of Service via TOML documents containing thousands of consecutive commented lines

Summary An attacker can send a maliciously crafted TOML to cause the parser to crash, because of a stack overflow caused by thousands of consecutive commented lines. The library uses recursion internally while parsing to skip over commented lines, which can be exploited to crash an application th...

6.1AI score
Exploits0References3Affected Software1
NVD
NVD
added 2026/03/25 3:16 p.m.4 views

CVE-2026-33268

Nanoleaf Lines 12.3.2 does not authenticate firmware file uploads. A remote, unauthenticated attacker can upload firmware files on the device and consume storage resources. Fixed in 12.3.6...

6.9CVSS0.0034EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/25 2:21 p.m.4 views

CVE-2026-33268

Nanoleaf Lines 12.3.2 does not authenticate firmware file uploads. A remote, unauthenticated attacker can upload firmware files on the device and consume storage resources. Fixed in 12.3.6...

6.9CVSS5.8AI score0.0034EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/25 2:21 p.m.2 views

CVE-2026-33268 Nanoleaf Lines unauthenticated firmware file store

Nanoleaf Lines 12.3.2 does not authenticate firmware file uploads. A remote, unauthenticated attacker can upload firmware files on the device and consume storage resources. Fixed in 12.3.6...

6.9CVSS5.8AI score0.0034EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/25 2:21 p.m.25 views

CVE-2026-33268 Nanoleaf Lines unauthenticated firmware file store

Nanoleaf Lines 12.3.2 does not authenticate firmware file uploads. A remote, unauthenticated attacker can upload firmware files on the device and consume storage resources. Fixed in 12.3.6...

6.9CVSS0.0034EPSS
Exploits0References3
CVE
CVE
added 2026/03/25 2:21 p.m.15 views

CVE-2026-33268

Nanoleaf Lines (firmware 12.3.2) is affected by CVE-2026-33268 due to unauthenticated firmware uploads, allowing a remote attacker to upload firmware and consume storage resources. The issue is network-accessible with no required privileges and could impact availability and, to a lesser extent, i...

6.9CVSS5.8AI score0.0034EPSS
Exploits0References3
Rows per page
Query Builder