Lucene search
K

101 matches found

Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.12 views

PT-2026-48467

Name of the Vulnerable Software and Affected Versions Erlang/OTP versions 26.0 through 29.0.1 Erlang/OTP version 28.5.0.1 and earlier Erlang/OTP version 27.3.4.12 and earlier ssl versions 11.0 through 11.7.1 ssl version 11.6.0.1 and earlier ssl version 11.2.12.8 and earlier Description An issue i...

7.5CVSS6AI score0.00194EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2026/05/26 9:29 p.m.12 views

CVE-2026-42012

A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted certificate that contains Uniform Resource Identifier URI or Service SRV Subject Alternative Names SANs. This could cause the certificate validation process to incorrectly fall back to...

7.1CVSS5.8AI score0.00354EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: virtiofs: added a check for the filesystem context source name In certain scenarios, for example during fuzz testing, the source name may be NULL, which could lead to a kernel panic. Therefore, an additional check for the source...

5.5CVSS6.1AI score0.00164EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Ansible

A flaw was discovered in the solariszone module from the Ansible Community modules. When setting the name of the zone on the Solaris host, the zone name is checked by listing the process with the ‘ps’ command on the remote machine. An attacker could exploit this flaw by creating a malicious zone...

7.3CVSS7.3AI score0.00418EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/01 12:0 a.m.8 views

Apache MINA 代码问题漏洞

Apache MINA is a web application framework developed by the Apache Foundation in the United States. This product is primarily used for developing high-performance and highly scalable web applications. There were code vulnerabilities in versions of Apache MINA from 2.1.0 to 2.1.11, as well as in...

9.8CVSS6.9AI score0.00902EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/04/17 12:0 a.m.5 views

PT-2026-33466

Name of the Vulnerable Software and Affected Versions ByteDance DeerFlow versions prior to commit 2176b2b Description An issue exists in bootstrap-mode custom-agent creation where the validation of the agent name is bypassed. This allows attackers to use absolute paths or traversal-style values a...

9.1CVSS5.9AI score0.00356EPSS
Exploits0References7
OSV
OSV
added 2026/03/26 8:4 p.m.5 views

CVE-2026-33644 Lychee has SSRF bypass via DNS rebinding — PhotoUrlRule only validates IP addresses, not hostnames resolving to internal IPs

Lychee is a free, open-source photo-management tool. Prior to version 7.5.2, the SSRF protection in PhotoUrlRule.php can be bypassed using DNS rebinding. The IP validation check line 86-89 only activates when the hostname is an IP address. When a domain name is used, filtervar$host,...

2.3CVSS5.9AI score0.00217EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/03/13 8:48 p.m.7 views

CVE-2026-32627

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.37.2, when a cpp-httplib client is configured with a proxy and setfollowlocationtrue, any HTTPS redirect it follows will have TLS certificate and hostname verification silently disabled on the new...

8.7CVSS5.6AI score0.00179EPSS
Exploits1References2Affected Software1
Hewlett-Packard
Hewlett-Packard
added 2026/03/02 12:0 a.m.15 views

SIP Service Providers – Possible Impersonation of Poly Voice Device

An embedded test key and certificate could be extracted from a Poly Voice device using specialized reverse engineering tools. This extracted certificate could be accepted by a SIP service provider if the service provider does not perform proper validation of the device certificate. Service...

8.2CVSS5.9AI score0.00098EPSS
Exploits0Affected Software3
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.5 views

Azure Linux 3.0 Security Update: kernel (CVE-2025-37773)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-37773 advisory. - In the Linux kernel, the following vulnerability has been resolved: virtiofs: add filesystem context source...

5.5CVSS6.7AI score0.00164EPSS
Exploits0References2
OSV
OSV
added 2026/01/21 4:13 p.m.6 views

GHSA-FQCV-8859-86X2 CoreShop Vulnerable to SQL Injection via Admin customer-company-modifier

SQL Injection in CustomerTransformerController Summary An error-based SQL Injection vulnerability was identified in the CustomerTransformerController within the CoreShop admin panel. The affected endpoint improperly interpolates user-supplied input into a SQL query, leading to database error...

6.9CVSS6.2AI score0.00381EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/01/21 4:13 p.m.9 views

CoreShop Vulnerable to SQL Injection via Admin customer-company-modifier

SQL Injection in CustomerTransformerController Summary An error-based SQL Injection vulnerability was identified in the CustomerTransformerController within the CoreShop admin panel. The affected endpoint improperly interpolates user-supplied input into a SQL query, leading to database error...

6.9CVSS6.2AI score0.00381EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/21 12:0 a.m.7 views

PT-2026-3891

Name of the Vulnerable Software and Affected Versions CoreShop versions prior to 4.1.9 Description An error-based SQL Injection issue exists in the CustomerTransformerController within the CoreShop admin panel. The affected endpoint improperly incorporates user-supplied input into a SQL query,...

6.9CVSS5.9AI score0.00381EPSS
Exploits0References6
OSV
OSV
added 2025/12/11 6:35 p.m.6 views

CLSA-2025-1765478108 Fix CVE(s): CVE-2025-11839, CVE-2025-11840

SECURITY UPDATE: remove abort call in debug format printing code - debian/patches/CVE-2025-11839.patch: remove call to abort in the debug format printing code, allowing display of fuzzed input files to complete without triggering an abort - CVE-2025-11839 SECURITY UPDATE: fix SEGV in vfinfo -...

5.5CVSS5.8AI score0.00251EPSS
Exploits2References1
OSV
OSV
added 2025/12/09 5:25 p.m.6 views

CLSA-2025-1765289777 Fix CVE(s): CVE-2025-11839, CVE-2025-11840

SECURITY UPDATE: remove abort call in debug format printing code - debian/patches/CVE-2025-11839.patch: remove call to abort in the debug format printing code, allowing display of fuzzed input files to complete without triggering an abort - CVE-2025-11839 SECURITY UPDATE: fix SEGV in vfinfo -...

5.5CVSS5.8AI score0.00251EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2025/11/28 12:0 a.m.7 views

PT-2025-48316

Name of the Vulnerable Software and Affected Versions MISP versions prior to 2.5.24 Description The software contains flawed logic when validating uploaded files, specifically concerning the tmp name parameter. This issue resides in the app/Controller/EventsController.php file. Recommendations...

8.2CVSS6.6AI score0.00315EPSS
Exploits0References8
CVE
CVE
added 2025/11/28 12:0 a.m.25 views

CVE-2025-66384

CVE-2025-66384 affects MISP before v2.5.24. The vulnerability is due to flawed logic in app/Controller/EventsController.php when validating uploaded files, related to tmp_name. Impact is partial and includes high integrity impact per the CVSS data; exploitation details are not provided in the con...

8.2CVSS6.5AI score0.00315EPSS
Exploits0References2
OSV
OSV
added 2025/11/26 3:52 p.m.2 views

SUSE-SU-2025:4264-1 Security update for ruby2.5

This update for ruby2.5 fixes the following issues: - CVE-2024-35221: Fixed remote DoS via YAML manifest bsc1225905 - CVE-2024-47220: Fixed HTTP request smuggling in WEBrick bsc1230930 - CVE-2024-49761: Fixed ReDOS vulnerability by updating REXML to 3.3.9 bsc1232440 - CVE-2025-24294: Fixed denial...

8.7CVSS7AI score0.01429EPSS
Exploits0References18
AstraLinux
AstraLinux
added 2025/11/01 10:54 a.m.4 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: Check governor before using governor-name The commit 96ffcdf239de “PM / devfreq: Remove redundant governorname from struct devfreq” removes governorname and uses governor-name to replace it. However, devfreq-governo...

5.5CVSS5.8AI score0.00146EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2016-1429

Malware in sbrugna...

7.8CVSS7.7AI score0.03235EPSS
Exploits1References14
Rows per page
Query Builder