Lucene search
+L

18 matches found

astralinux
astralinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Chromium

The incorrect security UI in the Browser UI of Google Chrome prior to version 97.0.4692.71 allowed a remote attacker to display a missing URL or an incorrect URL through a crafted URL...

4.3CVSS6.8AI score0.01114EPSS
Exploits1References2
cnnvd
cnnvd
added 2026/04/06 12:0 a.m.7 views

vLLM 代码问题漏洞

vLLM is an open-source solution designed for LLM-based models, featuring high throughput and memory-efficient reasoning and service engines. Versions of vLLM prior to 0.16.0 to 0.19.0 contained code vulnerabilities. These vulnerabilities stemmed from a lack of URL validation in the...

5.4CVSS5.9AI score0.00246EPSS
Exploits1References2
github
github
added 2026/04/01 11:21 p.m.8 views

PraisonAI: SSRF via Unvalidated api_base in passthrough() Fallback

Summary passthrough and apassthrough in praisonai accept a caller-controlled apibase parameter that is concatenated with endpoint and passed directly to httpx.Client.request when the litellm primary path raises AttributeError. No URL scheme validation, private IP filtering, or domain allowlist is...

7.7CVSS5.9AI score0.00337EPSS
Exploits1References3Affected Software1
osv
osv
added 2026/03/27 3:47 p.m.2 views

GHSA-89V5-38XR-9M4J Postiz has Multiple SSRF Vectors - Webhooks, RSS Feed, URL Loader

Summary Postiz has multiple SSRF vulnerabilities where user-provided URLs are fetched server-side without any IP validation or SSRF protection. Vulnerable Code 1. Webhook Send Endpoint Most Critical apps/backend/src/api/routes/webhooks.controller.ts lines 58-70: typescript async sendWebhook@Body...

7.8CVSS6AI score
Exploits0References5
attackerkb
attackerkb
added 2026/03/24 7:53 a.m.4 views

CVE-2026-32642

Incorrect Authorization CWE-863 vulnerability in Apache Artemis, Apache ActiveMQ Artemis exists when an application using the OpenWire protocol attempts to create a non-durable JMS topic subscription on an address that doesn't exist with an authenticated user which has the "createDurableQueue"...

2.3CVSS5.8AI score0.0047EPSS
Exploits0References2Affected Software2
attackerkb
attackerkb
added 2026/03/18 11:11 p.m.2 views

CVE-2026-32255

Kan is an open-source project management tool. In versions 0.5.4 and below, the /api/download/attatchment endpoint has no authentication and no URL validation. The Attachment Download endpoint accepts a user-supplied URL query parameter and passes it directly to fetch server-side, and returns the...

8.6CVSS5.8AI score0.10069EPSS
Exploits0References4Affected Software1
nessus
nessus
added 2026/01/15 12:0 a.m.3 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003132)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003132 advisory. A missing address check in the callers of the showopcodes in the Linux kernel allows an attacker to dump the kernel memory at an arbitrary kernel address into the...

7CVSS7.2AI score0.00528EPSS
Exploits1References9
cnvd
cnvd
added 2024/12/04 12:0 a.m.12 views

Unspecified Vulnerability in Mozilla Firefox (CNVD-2024-48568)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox, which stems from the fact that under certain circumstances, navigating to a web page can result in a missing address in the location URL bar. No...

5.4CVSS5.3AI score0.00294EPSS
Exploits0References1
bdu_fstec
bdu_fstec
added 2024/11/06 12:0 a.m.6 views

The vulnerability of the handle_mmio() function in the Linux operating system allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the handlemmio function in the arch/x86/coco/tdx/tdx.c module of the Linux operating system’s kernel is related to the lack of address validation. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the...

7.8CVSS7.2AI score0.00247EPSS
Exploits0References18Affected Software6
redhat
redhat
added 2022/10/18 9:6 a.m.7 views

nodejs-got: missing verification of requested URLs allows redirects to UNIX sockets

A flaw was found in the got package for node.js. Requested URLs are not verified and allow open redirection to a local UNIX socket...

5.3CVSS7.1AI score0.01855EPSS
Exploits0References6
cnnvd
cnnvd
added 2021/09/07 12:0 a.m.3 views

0xRACER 输入验证错误漏洞

0xRACER is a new team-based pool lottery game. 0xRACER is vulnerable to an input validation error stemming from a lack of target address validation in the destroycontract function of 0xRACER version 1.0, which could be exploited by an attacker to steal a token from a victim user via a carefully...

7.5CVSS5.6AI score0.01173EPSS
Exploits1References2
redhat
redhat
added 2021/03/25 1:41 p.m.3 views

Mozilla: Malicious extensions could have spoofed popup information

The Mozilla Foundation Security Advisory describes this issue as: A malicious extension could have opened a popup window lacking an address bar. The title of the popup lacking an address bar should not be fully controllable, but in this situation was. This could have been used to spoof a website...

6.5CVSS7.3AI score0.01113EPSS
Exploits0References5
redhat
redhat
added 2021/03/25 12:56 p.m.4 views

Mozilla: Malicious extensions could have spoofed popup information

The Mozilla Foundation Security Advisory describes this issue as: A malicious extension could have opened a popup window lacking an address bar. The title of the popup lacking an address bar should not be fully controllable, but in this situation was. This could have been used to spoof a website...

6.5CVSS7.3AI score0.01113EPSS
Exploits0References5
redhat
redhat
added 2021/03/25 12:39 p.m.2 views

Mozilla: Malicious extensions could have spoofed popup information

The Mozilla Foundation Security Advisory describes this issue as: A malicious extension could have opened a popup window lacking an address bar. The title of the popup lacking an address bar should not be fully controllable, but in this situation was. This could have been used to spoof a website...

6.5CVSS7.3AI score0.01113EPSS
Exploits0References5
redhat
redhat
added 2021/03/25 12:24 p.m.2 views

Mozilla: Malicious extensions could have spoofed popup information

The Mozilla Foundation Security Advisory describes this issue as: A malicious extension could have opened a popup window lacking an address bar. The title of the popup lacking an address bar should not be fully controllable, but in this situation was. This could have been used to spoof a website...

6.5CVSS7.3AI score0.01113EPSS
Exploits0References5
zdt
zdt
added 2018/09/18 12:0 a.m.28 views

Linux 4.18 - Arbitrary Kernel Read into dmesg via Missing Address Check in segfault Handler

Exploit for linux platform in category dos / poc There is a missing address check in both showopcodes callers. showopcodes is mostly used by the kernel to print the raw instruction bytes surrounding an instruction that generated an unexpected exception; however, sometimes it is also used to print...

0.7AI score
Exploits0
exploitpack
exploitpack
added 2018/09/13 12:0 a.m.15 views

Linux 4.18 - Arbitrary Kernel Read into dmesg via Missing Address Check in segfault Handler

Linux 4.18 - Arbitrary Kernel Read into dmesg via Missing Address Check in segfault Handler There is a missing address check in both showopcodes callers. showopcodes is mostly used by the kernel to print the raw instruction bytes surrounding an instruction that generated an unexpected exception;...

1AI score
Exploits0
openvas
openvas
added 2015/04/21 12:0 a.m.27 views

Google Chrome Multiple Vulnerabilities-02 (Apr 2015) - Windows

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...

7.5CVSS6.5AI score0.02702EPSS
Exploits4References5
Rows per page
Query Builder