Lucene search
K

126701 matches found

UbuntuCve
UbuntuCve
added 2026/03/31 8:16 p.m.3 views

CVE-2026-2950

Impact: Lodash versions 4.17.23 and earlier are vulnerable to prototype pollution in the .unset and .omit functions. The fix for CVE-2025-13465: https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg only guards against string key members, so an attacker can bypass the check by...

6.5CVSS5.9AI score0.00317EPSS
Exploits0References2
OSV
OSV
added 2026/03/31 8:16 p.m.5 views

UBUNTU-CVE-2026-2950

Impact: Lodash versions 4.17.23 and earlier are vulnerable to prototype pollution in the .unset and .omit functions. The fix for CVE-2025-13465: https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg only guards against string key members, so an attacker can bypass the check by...

6.5CVSS5.8AI score0.00317EPSS
Exploits0References4
F5 Networks
F5 Networks
added 2026/03/31 7:50 p.m.7 views

K000160560: OpenSSL vulnerability CVE-2025-69420

Security Advisory Description Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Respons...

7.5CVSS5.9AI score0.00768EPSS
Exploits1
Malwarebytes
Malwarebytes
added 2026/03/31 7:40 p.m.5 views

Asking AI for personal advice is a bad idea, Stanford study shows

Stanford computer scientists just proved what therapists already suspected: AI chatbots will agree with almost anything you say to keep you happy. The researchers caught these systems validating dangerous decisions just to maintain user engagement. That's a worrying development, especially given...

5.9AI score
Exploits0
F5 Networks
F5 Networks
added 2026/03/31 7:20 p.m.8 views

K000160559: BIND vulnerability CVE-2026-3104

Security Advisory Description A specially crafted domain can be used to cause a memory leak in a BIND resolver simply by querying this domain. This issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1. BIND 9 versions 9.18.0 through 9.18.4...

7.5CVSS5.9AI score0.00698EPSS
Exploits0
F5 Networks
F5 Networks
added 2026/03/31 7:19 p.m.6 views

K000160558: OpenSSL vulnerability CVE-2025-69419

Security Advisory Description Issue summary: Calling PKCS12getfriendlyname function on a maliciously crafted PKCS12 file with a BMPString UTF-16BE friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The out-of-bounds write ca...

7.4CVSS6AI score0.00444EPSS
Exploits1
Cvelist
Cvelist
added 2026/03/31 7:18 p.m.20 views

CVE-2026-2950 lodash vulnerable to Prototype Pollution via array path bypass in `_.unset` and `_.omit`

Impact: Lodash versions 4.17.23 and earlier are vulnerable to prototype pollution in the .unset and .omit functions. The fix for CVE-2025-13465: https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg only guards against string key members, so an attacker can bypass the check by...

6.5CVSS0.00317EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/03/31 7:18 p.m.5 views

CVE-2026-2950

Impact: Lodash versions 4.17.23 and earlier are vulnerable to prototype pollution in the .unset and .omit functions. The fix for CVE-2025-13465: https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg only guards against string key members, so an attacker can bypass the check by...

6.5CVSS5.3AI score0.00317EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/03/31 7:18 p.m.6 views

CVE-2026-2950

Impact: Lodash versions 4.17.23 and earlier are vulnerable to prototype pollution in the .unset and .omit functions. The fix for CVE-2025-13465: https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg only guards against string key members, so an attacker can bypass the check by...

7.9CVSS5.9AI score0.01535EPSS
Exploits0References2Affected Software4
CVE
CVE
added 2026/03/31 7:18 p.m.53 views

CVE-2026-2950

CVE-2026-2950 affects lodash ≤ 4.17.23, enabling prototype pollution via array-wrapped path segments in _.unset and _.omit. The attack can delete properties from built-in prototypes (Object.prototype, Number.prototype, String.prototype) without overwriting behavior. The issue is patched in lodash...

6.5CVSS6.5AI score0.00317EPSS
Exploits0References1Affected Software4
Vulnrichment
Vulnrichment
added 2026/03/31 7:18 p.m.0 views

CVE-2026-2950 lodash vulnerable to Prototype Pollution via array path bypass in `_.unset` and `_.omit`

Impact: Lodash versions 4.17.23 and earlier are vulnerable to prototype pollution in the .unset and .omit functions. The fix for CVE-2025-13465: https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg only guards against string key members, so an attacker can bypass the check by...

6.5CVSS6.5AI score0.00317EPSS
Exploits0References1
F5 Networks
F5 Networks
added 2026/03/31 7:14 p.m.6 views

K000160557: OpenSSL vulnerability CVE-2025-69418

Security Advisory Description Issue summary: When using the low-level OCB API directly with AES-NI or other hardware-accelerated code paths, inputs whose length is not a multiple of 16 bytes can leave the final partial block unencrypted and unauthenticated. Impact summary: The trailing 1-15 bytes...

4CVSS5.8AI score0.00115EPSS
Exploits1
F5 Networks
F5 Networks
added 2026/03/31 7:6 p.m.6 views

K000160556: OpenSSL vulnerability CVE-2026-22796

Security Advisory Description Issue summary: A type confusion vulnerability exists in the signature verification of signed PKCS7 data where an ASN1TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing malformed PKCS7 data...

5.3CVSS5.9AI score0.00502EPSS
Exploits1
F5 Networks
F5 Networks
added 2026/03/31 7:2 p.m.5 views

K000160555: OpenSSL vulnerability CVE-2026-22795

Security Advisory Description Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS12 file. Impact summary: An application processing a malformed PKCS12 file can be caused to dereference an invalid or NULL pointer on memory read, resulting ...

5.5CVSS5.8AI score0.00144EPSS
Exploits1
F5 Networks
F5 Networks
added 2026/03/31 6:57 p.m.6 views

K000160554: OpenSSL vulnerability CVE-2025-69421

Security Advisory Description Issue summary: Processing a malformed PKCS12 file can trigger a NULL pointer dereference in the PKCS12itemdecryptd2iex function. Impact summary: A NULL pointer dereference can trigger a crash which leads to Denial of Service for an application processing PKCS12 files...

7.5CVSS6.2AI score0.00844EPSS
Exploits1
F5 Networks
F5 Networks
added 2026/03/31 6:52 p.m.6 views

K000160552: OpenSSL vulnerability CVE-2025-68160

Security Advisory Description Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes can trigger a heap-based out-of-bounds write. Impact summary: This out-of-bounds write can cause memory corruption which typicall...

4.7CVSS6.4AI score0.00152EPSS
Exploits1
F5 Networks
F5 Networks
added 2026/03/31 6:49 p.m.6 views

K000160551: OpenSSL vulnerability CVE-2025-66199

Security Advisory Description Issue summary: A TLS 1.3 connection using certificate compression can be forced to allocate a large buffer before decompression without checking against the configured certificate size limit. Impact summary: An attacker can cause per-connection memory allocations of ...

5.9CVSS6.8AI score0.00403EPSS
Exploits1
NVD
NVD
added 2026/03/31 6:16 p.m.16 views

CVE-2025-62184

Pega Platform versions 8.1.0 through 25.1.0 are affected by a Stored Cross-site Scripting vulnerability in a user interface component. Requires an administrative user and given extensive access rights, impact to Confidentiality is low and Integrity is none...

4.8CVSS0.00258EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/31 5:52 p.m.3 views

EUVD-2025-209147

Pega Platform versions 8.1.0 through 25.1.0 are affected by a Stored Cross-site Scripting vulnerability in a user interface component. Requires an administrative user and given extensive access rights, impact to Confidentiality is low and Integrity is none...

4.8CVSS5.9AI score0.00258EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/31 5:52 p.m.27 views

CVE-2025-62184 Pega Platform versions 8.1.0 through 25.1.0 are affected by a Stored Cross-site Scripting vulnerability in a user interface component.

Pega Platform versions 8.1.0 through 25.1.0 are affected by a Stored Cross-site Scripting vulnerability in a user interface component. Requires an administrative user and given extensive access rights, impact to Confidentiality is low and Integrity is none...

4.8CVSS0.00258EPSS
Exploits0References1
Rows per page
Query Builder