Lucene search
K

3903 matches found

SUSE CVE
SUSE CVE
added 2026/03/26 2:43 p.m.5 views

SUSE CVE-2026-23398

In the Linux kernel, the following vulnerability has been resolved: icmp: fix NULL pointer dereference in icmptagvalidation icmptagvalidation unconditionally dereferences the result of rcudereferenceinetprotosproto without checking for NULL. The inetprotos array is sparse -- only about 15 of 256...

5.9CVSS5.8AI score0.00114EPSS
Exploits2References19
UbuntuCve
UbuntuCve
added 2026/03/26 11:16 a.m.6 views

CVE-2026-23398

In the Linux kernel, the following vulnerability has been resolved: icmp: fix NULL pointer dereference in icmptagvalidation icmptagvalidation unconditionally dereferences the result of rcudereferenceinetprotosproto without checking for NULL. The inetprotos array is sparse -- only about 15 of 256...

5.5CVSS5.7AI score0.00114EPSS
Exploits2References8
Vulnrichment
Vulnrichment
added 2026/03/25 11:40 p.m.6 views

CVE-2026-33933 Reflected XSS via Unescaped contextName Parameter in Custom Template Editor

OpenEMR is a free and open source electronic health records and medical practice management application. Starting in version 7.0.2.1 and prior to version 8.0.0.3, a reflected cross-site scripting XSS vulnerability in the custom template editor allows an attacker to execute arbitrary JavaScript in...

6.1CVSS5.9AI score0.00271EPSS
Exploits1References4
EUVD
EUVD
added 2026/03/25 11:40 p.m.2 views

EUVD-2026-16040

OpenEMR is a free and open source electronic health records and medical practice management application. Starting in version 7.0.2.1 and prior to version 8.0.0.3, a reflected cross-site scripting XSS vulnerability in the custom template editor allows an attacker to execute arbitrary JavaScript in...

6.1CVSS5.9AI score0.00271EPSS
Exploits1References4
OSV
OSV
added 2026/03/25 11:40 p.m.3 views

CVE-2026-33933 Reflected XSS via Unescaped contextName Parameter in Custom Template Editor

OpenEMR is a free and open source electronic health records and medical practice management application. Starting in version 7.0.2.1 and prior to version 8.0.0.3, a reflected cross-site scripting XSS vulnerability in the custom template editor allows an attacker to execute arbitrary JavaScript in...

6.1CVSS6AI score0.00271EPSS
Exploits1References6
NVD
NVD
added 2026/03/25 7:16 p.m.4 views

CVE-2026-33720

n8n is an open source workflow automation platform. Prior to version 2.8.0, when the N8NSKIPAUTHONOAUTHCALLBACK environment variable is set to true, the OAuth callback handler skips ownership verification of the OAuth state parameter. This allows an attacker to trick a victim into completing an...

6.3CVSS0.0018EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/25 6:6 p.m.7 views

CVE-2026-33720

n8n is an open source workflow automation platform. Prior to version 2.8.0, when the N8NSKIPAUTHONOAUTHCALLBACK environment variable is set to true, the OAuth callback handler skips ownership verification of the OAuth state parameter. This allows an attacker to trick a victim into completing an...

6.3CVSS5.8AI score0.0018EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2026/03/25 10:27 a.m.4 views

CVE-2026-23327

In the Linux kernel, the following vulnerability has been resolved: cxl/mbox: validate payload size before accessing contents in cxlpayloadfromuserallowed cxlpayloadfromuserallowed casts and dereferences the input payload without first verifying its size. When a raw mailbox command is sent with a...

7.1CVSS5.3AI score0.00124EPSS
Exploits0
Rosalinux
Rosalinux
added 2026/03/22 9:2 p.m.7 views

Advisory ROSA-SA-2026-3235

software: expat 2.7.4 OS: ROSA-CHROME unaffected versions = expat-2.7.4-1 affected versions expat-2.7.4-1 CVE-ID: CVE-2026-24515 BDU-ID: None CVE-Crit: LOW CVE-DESC.: In libexpat before 2.7.4, the XMLExternalEntityParserCreate function does not copy custom handler data of unknown encoding...

2.9CVSS7AI score0.0017EPSS
Exploits0
Rosalinux
Rosalinux
added 2026/03/22 6:39 p.m.8 views

Advisory ROSA-SA-2026-3224

software: tpm2-tools 5.5.1 OS: ROSA-CHROME unaffected versions = tpm2-tools-5.5.1-1 affected versions tpm2-tools-5.5.1-1 CVE-ID: CVE-2024-29039 BDU-ID: 2025-16174 CVE-Crit: CRITICAL CVE-DESC.: A vulnerability in the tpm2 checkquote component of the Trusted Platform Module tpm2-tools repository fo...

9CVSS6.4AI score0.00984EPSS
Exploits1
Snyk
Snyk
added 2026/03/20 8:45 p.m.5 views

Information Exposure

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Information Exposure via the watch parameter in LiveQuery subscriptions targeting protected fields. An attacker can infer...

6.3CVSS5.8AI score0.00316EPSS
Exploits0References2
OSV
OSV
added 2026/03/18 5:26 p.m.4 views

GHSA-46FP-8F5P-PF2M Improper detection of disallowed URIs by Loofah `allowed_uri?`

Summary Loofah::HTML5::Scrub.alloweduri? does not correctly reject javascript: URIs when the scheme is split by HTML entity-encoded control characters such as carriage return, line feed, or tab. Details The alloweduri? method strips literal control characters before decoding HTML entities. Payloa...

6.9CVSS5.5AI score
Exploits0References2
Snyk
Snyk
added 2026/03/18 4:41 a.m.4 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass in the proxy module due to blindly trusting ExternalIPs/LoadBalancer IPs. An attacker can redirect cluster-wide network traffic or disrupt DNS services by assigning arbitrary external IPs or loadBalancer IPs withou...

7.1CVSS6AI score0.00297EPSS
Exploits1References2
OSV
OSV
added 2026/03/18 3:3 a.m.6 views

CVE-2026-31898 jsPDF has a PDF Object Injection via FreeText color

jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.2.1, user control of arguments of the createAnnotation method allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsanitized input to the following method, a user can inje...

8.1CVSS6AI score0.00356EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/03/18 12:0 a.m.6 views

PT-2026-26200

Impact A specially crafted Socket.IO packet can make the server wait for a large number of binary attachments and buffer them, which can be exploited to make the server run out of memory. Patches | Version range | Used by | Fixed version |...

8.7CVSS6AI score0.00514EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/03/16 4:7 p.m.23 views

CVE-2026-4270 AWS API MCP File Access Restriction Bypass

Improper Protection of Alternate Path exists in the no-access and workdir feature of the AWS API MCP Server versions = 0.2.14 and 1.3.9 on all platforms may allow the bypass of intended file access restriction and expose arbitrary local file contents in the MCP client application context. To...

6.8CVSS0.00131EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/16 12:6 a.m.2 views

Malicious Package

Overview spectral-corsair-my-backdoor is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.8AI score
Exploits0References2
OpenVAS
OpenVAS
added 2026/03/16 12:0 a.m.7 views

Huawei EulerOS: Security Advisory for gnupg2 (EulerOS-SA-2026-1554)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS5.8AI score0.00129EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2026/03/16 12:0 a.m.6 views

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2026-1487)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.1CVSS5.8AI score0.015EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/03/13 3:47 p.m.5 views

OpenClaw: Channel commands could bypass account-scoped `configWrites` restrictions

Summary In affected versions of openclaw, channel-initiated config mutations were authorized against the originating account's configWrites policy but did not consistently re-check the targeted account scope. An authorized sender on one account could mutate protected sibling-account configuration...

5.9AI score
Exploits0References3Affected Software1
Rows per page
Query Builder