Lucene search
K

811 matches found

Patchstack
Patchstack
added 2026/05/01 9:31 a.m.7 views

WordPress Mixed Media Gallery Blocks plugin <= 3.2.4.4 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin SimpLy Gallery versions = 3.2.4.4...

6.1CVSS5.8AI score0.00276EPSS
Exploits0References1Affected Software1
Snyk
Snyk
added 2026/04/30 6:20 p.m.7 views

Incorrect Authorization

Overview @clerk/nextjs is a Clerk SDK for NextJS Affected versions of this package are vulnerable to Incorrect Authorization through the createProtect and createCheckAuthorization functions. An attacker can gain access to protected pages or handlers by supplying a single auth.protect or has call...

7.6CVSS5.8AI score0.00246EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/30 6:20 p.m.4 views

Incorrect Authorization

Overview @clerk/shared is an Internal package utils used by the Clerk SDKs Affected versions of this package are vulnerable to Incorrect Authorization through the createProtect and createCheckAuthorization functions. An attacker can gain access to protected pages or handlers by supplying a single...

7.6CVSS5.8AI score0.00246EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/29 12:0 a.m.7 views

Insufficiently Protected Credentials

Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials via improper handling of proxy authentication during redirects when distinct proxies are configured for different URL schemes. An attacker can obtain sensitive proxy credentials by intercepting traff...

8.2CVSS5.8AI score0.00639EPSS
Exploits1References2
OSV
OSV
added 2026/04/25 5:49 a.m.10 views

OESA-2026-2043 openssl security update

Security Fixes: Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side. Impact summary: A use after free can have a range of...

9.8CVSS6.8AI score0.01059EPSS
Exploits0References7
OSV
OSV
added 2026/04/25 5:49 a.m.10 views

OESA-2026-2042 openssl security update

Security Fixes: Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side. Impact summary: A use after free can have a range of...

9.8CVSS6.8AI score0.01059EPSS
Exploits0References7
OSV
OSV
added 2026/04/24 3:59 p.m.8 views

GHSA-V638-38FC-RHFV AWS Encryption SDK for Python: Key commitment policy bypass via shared key cache

Summary AWS Encryption SDK ESDK for Python is a client-side encryption library. An issue exists where, under certain circumstances, a specific cryptographic algorithm downgrade in the caching layer might allow an authenticated local threat actor to bypass key commitment policy enforcement via a...

5.7CVSS5.7AI score0.00096EPSS
Exploits0References7
EUVD
EUVD
added 2026/04/24 12:19 a.m.10 views

EUVD-2026-25368

Kirby is an open-source content management system. Kirby's Xml::value method has special handling for blocks. If the input value is already valid CDATA, it is not escaped a second time but allowed to pass through. However, prior to versions 4.9.0 and 5.4.0, it was possible to trick this check int...

6.9CVSS5.1AI score0.00346EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/04/23 1:25 a.m.7 views

SUSE CVE-2026-31484

In the Linux kernel, the following vulnerability has been resolved: iouring/fdinfo: fix OOB read in SQEMIXED wrap check iouringshowfdinfo iterates over pending SQEs and, for 128-byte SQEs on an IORINGSETUPSQEMIXED ring, needs to detect when the second half of the SQE would be past the end of the...

7.1CVSS5.6AI score0.00117EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/04/22 6:51 p.m.7 views

CVE-2026-31484

A flaw was found in the Linux kernel. A local user could potentially exploit an out-of-bounds read vulnerability in the iouring/fdinfo component, specifically within the iouringshowfdinfo function. This issue arises from an incorrect wrap check when processing 128-byte Submission Queue Entries SQ...

7.1CVSS5.7AI score0.00117EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/22 3:31 p.m.6 views

EUVD-2026-24847

In the Linux kernel, the following vulnerability has been resolved: iouring/fdinfo: fix OOB read in SQEMIXED wrap check iouringshowfdinfo iterates over pending SQEs and, for 128-byte SQEs on an IORINGSETUPSQEMIXED ring, needs to detect when the second half of the SQE would be past the end of the...

5.6AI score0.00117EPSS
Exploits0References3
NVD
NVD
added 2026/04/22 2:16 p.m.10 views

CVE-2026-31484

In the Linux kernel, the following vulnerability has been resolved: iouring/fdinfo: fix OOB read in SQEMIXED wrap check iouringshowfdinfo iterates over pending SQEs and, for 128-byte SQEs on an IORINGSETUPSQEMIXED ring, needs to detect when the second half of the SQE would be past the end of the...

7.1CVSS0.00117EPSS
Exploits0References2
OSV
OSV
added 2026/04/22 1:54 p.m.3 views

CVE-2026-31484 io_uring/fdinfo: fix OOB read in SQE_MIXED wrap check

In the Linux kernel, the following vulnerability has been resolved: iouring/fdinfo: fix OOB read in SQEMIXED wrap check iouringshowfdinfo iterates over pending SQEs and, for 128-byte SQEs on an IORINGSETUPSQEMIXED ring, needs to detect when the second half of the SQE would be past the end of the...

7.1CVSS6.5AI score0.00117EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.5 views

PT-2026-34389

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An out-of-bounds read exists in the io uring show fdinfo function. The issue occurs during the iteration over pending submission queue entries SQEs on an IORING SETUP SQE MIXED ring. Whe...

7.1CVSS5.2AI score0.00117EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.9 views

openSUSE 16 Security Update : Botan (openSUSE-SU-2026:20566-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20566-1 advisory. This update for Botan fixes the following issue: - CVE-2026-32884: Certificate validation bypass due to mixed-case Common Name in X.509 certificates...

5.9CVSS5.8AI score0.00158EPSS
Exploits0References3
NVD
NVD
added 2026/04/20 4:16 p.m.5 views

CVE-2026-3219

pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such as installing "incorrect" files according to the filename of the archive. New behavior only proceeds wit...

4.6CVSS0.00144EPSS
Exploits0References3
OSV
OSV
added 2026/04/20 8:27 a.m.6 views

OPENSUSE-SU-2026:20566-1 Security update for Botan

This update for Botan fixes the following issue: - CVE-2026-32884: Certificate validation bypass due to mixed-case Common Name in X.509 certificates bsc1261993...

5.9CVSS5.8AI score0.00158EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/20 12:0 a.m.11 views

GNU C Library 安全漏洞

The GNU C Library is an open-source, free C-language compiler program published by the GNU community under the LGPL license. Versions of the GNU C Library 2.43 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the use of the ungetwc function on character sets with...

7.5CVSS5.8AI score0.00345EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/04/16 12:0 a.m.9 views

PT-2026-33365

Cryptomator is an open-source client-side encryption application for cloud storage. Version 1.19.1 contains a logic flaw in CheckHostTrustController.getAuthority that allows an attacker to bypass the security fix for CVE-2026-32303. The method hardcodes the URI scheme based on port number, causin...

7.6CVSS5.8AI score0.0011EPSS
Exploits1References5
OSV
OSV
added 2026/04/14 8:5 p.m.8 views

GHSA-4P64-V8F5-R2GX Multiple security fixes in justhtml

Summary justhtml 1.16.0 fixes multiple security issues in sanitization, serialization, and programmatic DOM handling. Most of these issues affected one of these advanced paths rather than ordinary parsed HTML with the default safe settings: - programmatic DOM input to sanitize or sanitizedom -...

5.3CVSS5.9AI score
Exploits0References2
Rows per page
Query Builder