Lucene search
K

2430 matches found

CVE
CVE
added 2026/05/04 5:37 p.m.21 views

CVE-2026-42140

The CVE covers the PlantUML Macro used in XWiki, where the vulnerability lies in the server parameter not being validated. Prior to version 2.4.1, an attacker can supply an arbitrary URL (including internal addresses) to the server parameter, causing the XWiki server to attempt to connect for ren...

4.4CVSS5.8AI score0.00151EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/04 5:37 p.m.37 views

CVE-2026-42140 Server-Side Request Forgery (SSRF) in PlantUML Macro via 'server' parameter

PlantUML Macro is a macro for rendering UML diagrams from simple textual schemes. Prior to version 2.4.1, the PlantUML Macro is vulnerable to Server-Side Request Forgery SSRF. The macro allows users to specify an alternative PlantUML server via the server parameter. However, the application does...

4.4CVSS0.00151EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.8 views

PT-2026-36886

Name of the Vulnerable Software and Affected Versions PlantUML Macro versions prior to 2.4.1 Description PlantUML Macro, used for rendering UML diagrams from textual schemes, contains a Server-Side Request Forgery SSRF flaw. The application fails to validate the URL provided through the server...

4.4CVSS5.8AI score0.00151EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.10 views

PlantUML Macro 代码问题漏洞

PlantUML Macro is an open-source tool developed by XWiki Contrib that generates chart images from textual definitions. Versions of PlantUML Macro prior to 2.4.1 had code vulnerabilities; these vulnerabilities stemmed from the lack of validation of the URLs provided by server parameters, which cou...

4.4CVSS5.9AI score0.00151EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/04 12:0 a.m.7 views

RHCOS 4 : OpenShift Container Platform 4.1 jenkins-2-plugins (RHSA-2019:1636)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:1636 advisory. - jenkins-credentials-plugin: Certificate file read vulnerability in Credentials Plugin SECURITY-1322 CVE-2019-10320 -...

9.9CVSS5.8AI score0.01999EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/05/01 2:14 p.m.27 views

CVE-2026-31756 usb: dwc2: gadget: Fix spin_lock/unlock mismatch in dwc2_hsotg_udc_stop()

In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: gadget: Fix spinlock/unlock mismatch in dwc2hsotgudcstop dwc2gadgetexitclockgating internally calls callgadget macro, which expects hsotg-lock to be held since it does spinunlock/spinlock around the gadget driver...

0.00095EPSS
Exploits0References7
OSV
OSV
added 2026/04/27 1:45 p.m.12 views

JLSEC-2026-201

A stack-use-after-scope issue discovered in expandmmacparams function in preproc.c in nasm before 2.15.04 allows remote attackers to cause a denial of service via crafted asm file...

5.5CVSS5.3AI score0.00382EPSS
Exploits1References2
NVD
NVD
added 2026/04/22 8:16 p.m.9 views

CVE-2026-34065

nimiq-primitives contains primitives e.g., block, account, transaction to be used in Nimiq's Rust implementation. Prior to version 1.3.0, an untrusted p2p peer can cause a node to panic by announcing an election macro block whose validators set contains an invalid compressed BLS voting key. Hashi...

7.5CVSS0.00372EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/22 7:45 p.m.33 views

CVE-2026-34065 nimiq-primitives: Node crash due to missing interlink validation in election macro block proposals

nimiq-primitives contains primitives e.g., block, account, transaction to be used in Nimiq's Rust implementation. Prior to version 1.3.0, an untrusted p2p peer can cause a node to panic by announcing an election macro block whose validators set contains an invalid compressed BLS voting key. Hashi...

7.5CVSS0.00372EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/22 7:45 p.m.6 views

CVE-2026-34065 nimiq-primitives: Node crash due to missing interlink validation in election macro block proposals

nimiq-primitives contains primitives e.g., block, account, transaction to be used in Nimiq's Rust implementation. Prior to version 1.3.0, an untrusted p2p peer can cause a node to panic by announcing an election macro block whose validators set contains an invalid compressed BLS voting key. Hashi...

7.5CVSS5.7AI score0.00372EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/22 7:45 p.m.4 views

CVE-2026-34065

nimiq-primitives contains primitives e.g., block, account, transaction to be used in Nimiq's Rust implementation. Prior to version 1.3.0, an untrusted p2p peer can cause a node to panic by announcing an election macro block whose validators set contains an invalid compressed BLS voting key. Hashi...

7.5CVSS5.7AI score0.00372EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/04/22 7:45 p.m.24 views

CVE-2026-34065

CVE-2026-34065 affects nimiq-primitives in Nimiq’s Rust implementation. Before version 1.3.0, an untrusted p2p peer could cause a node to panic by announcing an election macro block whose validators set includes an invalid compressed BLS voting key. Hashing the election macro header hashes the va...

7.5CVSS5.7AI score0.00372EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/22 7:19 p.m.11 views

nimiq-primitives: Node crash due to missing interlink validation in election macro block proposals

Impact An untrusted p2p peer can cause a node to panic by announcing an election macro block whose validators set contains an invalid compressed BLS voting key. Hashing an election macro header hashes validators and reaches Validators::votingkeys, which calls validator.votingkey.uncompress.unwrap...

7.5CVSS5.8AI score0.00372EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/04/22 7:19 p.m.3 views

GHSA-7C4J-2M43-2MGH nimiq-primitives: Node crash due to missing interlink validation in election macro block proposals

Impact An untrusted p2p peer can cause a node to panic by announcing an election macro block whose validators set contains an invalid compressed BLS voting key. Hashing an election macro header hashes validators and reaches Validators::votingkeys, which calls validator.votingkey.uncompress.unwrap...

7.5CVSS5.8AI score0.00372EPSS
Exploits0References6
EUVD
EUVD
added 2026/04/22 7:19 p.m.3 views

EUVD-2026-25062

nimiq-primitives: Node crash due to missing interlink validation in election macro block proposals...

7.5CVSS5.7AI score0.00372EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.11 views

PT-2026-34546

Impact An untrusted p2p peer can cause a node to panic by announcing an election macro block whose validators set contains an invalid compressed BLS voting key. Hashing an election macro header hashes validators and reaches Validators::voting keys, which calls validator.voting key.uncompress.unwr...

7.5CVSS5.8AI score0.00372EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.8 views

PT-2026-34383

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the ksmbd module where the smb2 calc max out buf len function used a hardcoded magic number for the hdr2 len argument instead of the correct offset of the Buffer field...

9.8CVSS8AI score0.00502EPSS
Exploits0
OSV
OSV
added 2026/04/17 3:8 p.m.8 views

CLSA-2026-1776438517 gstreamer1-plugins-bad-free: Fix of CVE-2026-3082

CVE-2026-3082: fix heap-based buffer overflow in JPEG parser READBYTES macro by adding sizeofbuf bounds check...

7.8CVSS7.3AI score0.00787EPSS
Exploits0References1
Fedora
Fedora
added 2026/04/16 11:42 p.m.10 views

[SECURITY] Fedora 44 Update: kf6-kcoreaddons-6.25.0-1.fc44

KCoreAddons provides classes built on top of QtCore to perform various tasks such as manipulating mime types, autosaving files, creating backup files, generating random sequences, performing text manipulations such as macro replacement, accessing user information and many more...

5.8AI score
Exploits0
Cvelist
Cvelist
added 2026/04/14 8:37 p.m.22 views

CVE-2026-24893 openITCOCKPIT has Authenticated Command Injection Leading to Remote Code Execution via Host Address Macro Expansion

openITCOCKPIT is an open source monitoring tool built for different monitoring engines. openITCOCKPIT Community Edition prior to version 5.5.2 contains a command injection vulnerability that allows an authenticated user with permission to add or modify hosts to execute arbitrary OS commands on th...

8.8CVSS0.01398EPSS
Exploits0References3
Rows per page
Query Builder