Lucene search
K

101 matches found

NVD
NVD
added last week8 views

CVE-2026-13372

Incorrect link resolution by display name in the custom PowerShell VPN editor in Devolutions Remote Desktop Manager 2026.2.5 through 2026.2.11 allows an authenticated attacker with write access to a shared workspace to execute a PowerShell script in another user's context via a display name...

7.2CVSS0.00278EPSS
Exploits0References1
Cvelist
Cvelist
added last week34 views

CVE-2026-13372

Incorrect link resolution by display name in the custom PowerShell VPN editor in Devolutions Remote Desktop Manager 2026.2.5 through 2026.2.11 allows an authenticated attacker with write access to a shared workspace to execute a PowerShell script in another user's context via a display name...

0.00278EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.8 views

PT-2026-52892

Name of the Vulnerable Software and Affected Versions Devolutions Remote Desktop Manager versions 2026.2.5 through 2026.2.11 Description An issue exists in the custom PowerShell VPN editor where incorrect link resolution by display name allows an authenticated attacker with write access to a shar...

7.2CVSS5.9AI score0.00278EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/15 5:27 p.m.8 views

Improper Check for Unusual or Exceptional Conditions

Overview protobufjs-cli is a Translates between file formats and generates static code as well as TypeScript definitions. Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions in the schema-derived names that collide with runtime-significant...

6.9CVSS5.6AI score0.00238EPSS
Exploits0References2
OSV
OSV
added 2026/05/29 1:35 p.m.9 views

OESA-2026-2500 expat security update

expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial. Security Fixes: In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via...

7.5CVSS5.7AI score0.00428EPSS
Exploits1References2
OSV
OSV
added 2026/05/22 1:21 p.m.8 views

OESA-2026-2432 expat security update

expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial. Security Fixes: In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via...

7.5CVSS5.8AI score0.00428EPSS
Exploits1References2
OSV
OSV
added 2026/05/21 10:26 a.m.5 views

CLSA-2026-1779359157 Fix CVE(s): CVE-2026-45186

SECURITY UPDATE: Denial of service via quadratic attribute-name collision check in libexpat before 2.8.1 - debian/patches/CVE-2026-45186.patch: introduce per-element defaultAttsNames hash table and use it for O1 attribute collision detection in defineAttribute - CVE-2026-45186...

7.5CVSS5.8AI score0.00428EPSS
Exploits1References1
OSV
OSV
added 2026/05/19 9:49 a.m.6 views

CLSA-2026-1779184141 expat: Fix of CVE-2026-45186

CVE-2026-45186: fix quadratic complexity in attribute name collision check...

7.5CVSS5.7AI score0.00428EPSS
Exploits1References1
OSV
OSV
added 2026/05/19 9:46 a.m.6 views

CLSA-2026-1779183996 expat: Fix of CVE-2026-45186

CVE-2026-45186: fix quadratic complexity in attribute name collision check...

7.5CVSS5.7AI score0.00428EPSS
Exploits1References1
OSV
OSV
added 2026/05/19 9:42 a.m.9 views

CLSA-2026-1779183767 expat: Fix of CVE-2026-45186

CVE-2026-45186: fix quadratic complexity in attribute name collision check...

7.5CVSS5.7AI score0.00428EPSS
Exploits1References1
OSV
OSV
added 2026/05/19 9:38 a.m.6 views

CLSA-2026-1779183482 Fix CVE(s): CVE-2026-45186

SECURITY UPDATE: denial of service via On^2 attribute name collision check with moderately sized crafted XML input - debian/patches/CVE-2026-45186.patch: replace linear scan in defineAttribute with O1 hash table lookup using new ELEMENTTYPE.defaultAttsNames field in expat/lib/xmlparse.c -...

7.5CVSS5.8AI score0.00428EPSS
Exploits1References1
OSV
OSV
added 2026/05/18 6:53 p.m.6 views

CLSA-2026-1779130424 expat: Fix of CVE-2026-45186

CVE-2026-45186: fix quadratic complexity in attribute name collision check...

7.5CVSS5.7AI score0.00428EPSS
Exploits1References1
OSV
OSV
added 2026/05/18 6:36 p.m.5 views

CLSA-2026-1779129362 Fix CVE(s): CVE-2026-45186

SECURITY UPDATE: fix quadratic complexity in attribute name collision check - debian/patches/CVE-2026-45186.patch: fix quadratic complexity in attribute name collision check - CVE-2026-45186...

7.5CVSS5.7AI score0.00428EPSS
Exploits1References1
OSV
OSV
added 2026/05/18 6:33 p.m.6 views

CLSA-2026-1779129222 Fix CVE(s): CVE-2026-45186

SECURITY UPDATE: fix quadratic complexity in attribute name collision check - debian/patches/CVE-2026-45186.patch: fix quadratic complexity in attribute name collision check - CVE-2026-45186...

7.5CVSS5.7AI score0.00428EPSS
Exploits1References1
Snyk
Snyk
added 2026/05/18 5:35 p.m.12 views

Uncaught Exception

Overview org.webjars.npm:multiparty is a multipart/form-data parser which supports streaming Affected versions of this package are vulnerable to Uncaught Exception through the parsing of multipart/form-data requests containing field names that collide with inherited Object.prototype properties. A...

8.7CVSS5.8AI score0.00473EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/18 5:35 p.m.13 views

Uncaught Exception

Overview multiparty is a multipart/form-data parser which supports streaming Affected versions of this package are vulnerable to Uncaught Exception through the parsing of multipart/form-data requests containing field names that collide with inherited Object.prototype properties. An attacker can...

8.7CVSS5.8AI score0.00473EPSS
Exploits1References2
OSV
OSV
added 2026/05/12 10:16 a.m.8 views

DEBIAN-CVE-2026-8161

[email protected] and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a field name that collides with an inherited Object.prototype property such as proto, constructor, or toString, the parser invokes .push on the inherited...

7.5CVSS5.8AI score0.00473EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2026/05/12 8:50 a.m.11 views

CVE-2026-8161

[email protected] and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a field name that collides with an inherited Object.prototype property such as proto, constructor, or toString, the parser invokes .push on the inherited...

7.5CVSS5.8AI score0.00473EPSS
Exploits1
OSV
OSV
added 2026/05/10 7:16 a.m.5 views

ALPINE-CVE-2026-45186

In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input...

7.5CVSS5.3AI score0.00428EPSS
Exploits1References1
NVD
NVD
added 2026/05/10 7:16 a.m.16 views

CVE-2026-45186

In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input...

7.5CVSS0.00428EPSS
Exploits1References11
Rows per page
Query Builder