Lucene search
K

126601 matches found

OSV
OSV
added 2026/04/03 3:47 a.m.1 views

GHSA-2FR7-CC4F-WH98 OpenSTAManager: SQL Injection via Aggiornamenti Module

Description The Aggiornamenti Updates module in OpenSTAManager query'SET FOREIGNKEYCHECKS=0'; // Line 69: FK checks DISABLED $errors = ; $executed = 0; foreach $queries as $query try $dbo-query$query; // Line 76: DIRECT EXECUTION ++$executed; catch Exception $e $errors = $query.' - '.$e-getMessag...

8.8CVSS6.4AI score0.00668EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/04/03 3:47 a.m.12 views

OpenSTAManager: SQL Injection via Aggiornamenti Module

Description The Aggiornamenti Updates module in OpenSTAManager query'SET FOREIGNKEYCHECKS=0'; // Line 69: FK checks DISABLED $errors = ; $executed = 0; foreach $queries as $query try $dbo-query$query; // Line 76: DIRECT EXECUTION ++$executed; catch Exception $e $errors = $query.' - '.$e-getMessag...

8.8CVSS6.5AI score0.00668EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/03 3:28 a.m.15 views

Go JOSE Panics in JWE decryption

Impact Decrypting a JSON Web Encryption JWE object will panic if the alg field indicates a key wrapping algorithm one ending in KW, with the exception of A128GCMKW, A192GCMKW, and A256GCMKW and the encryptedkey field is empty. The panic happens when cipher.KeyUnwrap in keywrap.go attempts to...

7.5CVSS6AI score0.00283EPSS
Exploits0References4Affected Software3
Snyk
Snyk
added 2026/04/03 3:28 a.m.5 views

Uncaught Exception

Overview Affected versions of this package are vulnerable to Uncaught Exception in the cipher.KeyUnwrap function when decrypting a JSON Web Encryption JWE object with a key wrapping algorithm ending in 'KW', except for 'A128GCMKW', 'A192GCMKW', and 'A256GCMKW' and the encryptedkey field is empty...

8.7CVSS5.9AI score0.00283EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/03 3:28 a.m.2 views

Uncaught Exception

Overview Affected versions of this package are vulnerable to Uncaught Exception in the cipher.KeyUnwrap function when decrypting a JSON Web Encryption JWE object with a key wrapping algorithm ending in 'KW', except for 'A128GCMKW', 'A192GCMKW', and 'A256GCMKW' and the encryptedkey field is empty...

8.7CVSS5.9AI score0.00283EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/03 3:28 a.m.4 views

Uncaught Exception

Overview Affected versions of this package are vulnerable to Uncaught Exception in the cipher.KeyUnwrap function when decrypting a JSON Web Encryption JWE object with a key wrapping algorithm ending in 'KW', except for 'A128GCMKW', 'A192GCMKW', and 'A256GCMKW' and the encryptedkey field is empty...

8.7CVSS5.9AI score0.00283EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/03 3:28 a.m.1 views

Uncaught Exception

Overview Affected versions of this package are vulnerable to Uncaught Exception in the cipher.KeyUnwrap function when decrypting a JSON Web Encryption JWE object with a key wrapping algorithm ending in 'KW', except for 'A128GCMKW', 'A192GCMKW', and 'A256GCMKW' and the encryptedkey field is empty...

8.7CVSS5.9AI score0.00283EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/03 3:28 a.m.3 views

Uncaught Exception

Overview Affected versions of this package are vulnerable to Uncaught Exception in the cipher.KeyUnwrap function when decrypting a JSON Web Encryption JWE object with a key wrapping algorithm ending in 'KW', except for 'A128GCMKW', 'A192GCMKW', and 'A256GCMKW' and the encryptedkey field is empty...

8.7CVSS5.9AI score0.00283EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/03 3:28 a.m.3 views

Uncaught Exception

Overview Affected versions of this package are vulnerable to Uncaught Exception in the cipher.KeyUnwrap function when decrypting a JSON Web Encryption JWE object with a key wrapping algorithm ending in 'KW', except for 'A128GCMKW', 'A192GCMKW', and 'A256GCMKW' and the encryptedkey field is empty...

8.7CVSS5.9AI score0.00283EPSS
Exploits0References2
OSV
OSV
added 2026/04/03 3:28 a.m.1 views

GHSA-78H2-9FRX-2JM8 Go JOSE Panics in JWE decryption

Impact Decrypting a JSON Web Encryption JWE object will panic if the alg field indicates a key wrapping algorithm one ending in KW, with the exception of A128GCMKW, A192GCMKW, and A256GCMKW and the encryptedkey field is empty. The panic happens when cipher.KeyUnwrap in keywrap.go attempts to...

7.5CVSS6AI score0.00283EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/03 12:0 a.m.5 views

PT-2026-30251

nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, the discovery handler accepts a peer-controlled limit during handshake and stores it unchanged. The immediate HandshakeAck path then honors lim...

7.5CVSS5.9AI score0.00461EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/03 12:0 a.m.6 views

PT-2026-30255

nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, two peer-facing consensus request handlers assume that the history index is always available and call blockchain.history store.history...

5.3CVSS5.9AI score0.0052EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/03 12:0 a.m.6 views

PT-2026-30275

Summary A Server Side Request Forgery SSRF vulnerability in download bytes from url allows any actor who can control batch input JSON to make the vLLM batch runner issue arbitrary HTTP/HTTPS requests from the server, without any URL validation or domain restrictions. This can be used to target...

5.4CVSS6.1AI score0.00246EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2026/04/03 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-25834

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 allows Algorithm Downgrade. CVE-2026-25834 Note that Nessus relies on the presence of the package as reported by the vendo...

6.5CVSS5.7AI score0.00135EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/03 12:0 a.m.6 views

PT-2026-30280

Summary fast-jwt does not validate the crit Critical Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that fast-jwt does not understand, the library accepts the token instead of rejecting it. This violates the MUST requirement in the RFC. ---...

7.5CVSS5.9AI score0.00244EPSS
Exploits2References6
Packet Storm News
Packet Storm News
added 2026/04/03 12:0 a.m.4 views

Apple Live Caller ID Privacy Concerns

Apple's oblivious HTTP relay for Live Caller ID Lookup iOS 18+ routes traffic through 14 third-party endpoints across six countries. These include an anonymous Delaware LLC sharing data with OpenAI, a Russian endpoint Yandex, and a Swiss GmbH whose privacy policy names "The Legal Entity to be...

5.9AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/03 12:0 a.m.5 views

PT-2026-30281

Commit ce53491 March 24 fixed command injection via system packages in Dockerfile templates and images.py by adding shlex.quote. However, the cloud deployment path in src/bentoml/ internal/cloud/deployment.py was not included in the fix. Line 1648 interpolates system packages directly into a shel...

7.8CVSS6.4AI score0.00315EPSS
Exploits2References5
OpenVAS
OpenVAS
added 2026/04/03 12:0 a.m.5 views

SUSE: Security Advisory (SUSE-SU-2026:20923-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS5.9AI score0.00816EPSS
Exploits3References12
Positive Technologies
Positive Technologies
added 2026/04/03 12:0 a.m.4 views

PT-2026-30254

nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, an elected validator proposer can send an election macro block whose header.interlink does not match the canonical next interlink. Honest...

4.9CVSS5.8AI score0.00187EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/03 12:0 a.m.7 views

PT-2026-30282

Summary The Dockerfile generation function generate containerfile in src/bentoml/ internal/container/generate.py uses an unsandboxed jinja2.Environment with the jinja2.ext.do extension to render user-provided dockerfile template files. When a victim imports a malicious bento archive and runs...

8.8CVSS6.5AI score0.00392EPSS
Exploits1References4
Rows per page
Query Builder