Lucene search
+L

257 matches found

NVD
NVD
added yesterday7 views

CVE-2026-7189

Insertion of sensitive information into sent data vulnerability in Proliz Software Ltd. Co. Proliz's OBS allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Proliz's OBS: before v3.6.0...

7.5CVSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday5 views

CVE-2026-7189

Insertion of sensitive information into sent data vulnerability in Proliz Software Ltd. Co. Proliz's OBS allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Proliz's OBS: before v3.6.0...

7.5CVSS5.2AI score
Exploits0References2
CVE
CVE
added yesterday8 views

CVE-2026-7189

CVE-2026-7189 affects Proliz OBS prior to v3.6.0. The issue is an insertion of sensitive information into sent data caused by functionality not being properly constrained by ACLs, enabling a network-remote impact with high confidentiality risk and low integrity impact. Affected component: Proliz ...

7.5CVSS5.2AI score
Exploits0References1
Cvelist
Cvelist
added yesterday14 views

CVE-2026-7189 Sensitive Data Exposure in Proliz's OBS

Insertion of sensitive information into sent data vulnerability in Proliz Software Ltd. Co. Proliz's OBS allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Proliz's OBS: before v3.6.0...

7.5CVSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/02 2:54 p.m.36 views

CVE-2026-56004 obs-service-tar_scm: command injection via mercurial handler

A shellcode injection in the mercurial handler of the obs tarscm source service before version 0.12.4 could be used by attackers able to provide a service file to execute code as the source service or the local user checking out the malicious services...

10CVSS0.00375EPSS
Exploits0References1
OSV
OSV
added 2026/07/02 2:54 p.m.5 views

CVE-2026-56004 obs-service-tar_scm: command injection via mercurial handler

A shellcode injection in the mercurial handler of the obs tarscm source service before version 0.12.4 could be used by attackers able to provide a service file to execute code as the source service or the local user checking out the malicious services...

10CVSS6.1AI score0.00375EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.16 views

PT-2026-55256

Name of the Vulnerable Software and Affected Versions obs tar scm source service versions prior to 0.12.4 Description A shellcode injection exists in the mercurial handler of the source service. Attackers who can provide a crafted service file can execute arbitrary code as the source service or t...

10CVSS6.2AI score0.00375EPSS
Exploits0References6
OSV
OSV
added 2026/05/20 11:2 p.m.10 views

MAL-2026-4201 Malicious code in obs-migrate (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ecb04d891693e925c9055e0b5c5844ebb6cf8c210000e9905bf892ab7d0674d7 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

5.9AI score
Exploits0References1
EUVD
EUVD
added 2026/04/02 8:31 p.m.4 views

EUVD-2026-18417

Rack's improper unfolding of folded multipart headers preserves CRLF in parsed parameter values...

4.8CVSS5.8AI score0.00227EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/02 5:10 p.m.21 views

CVE-2026-26962 Rack: Header injection in multipart requests

Rack is a modular Ruby web server interface. From version 3.2.0 to before version 3.2.6, Rack::Multipart::Parser unfolds folded multipart part headers incorrectly. When a multipart header contains an obs-fold sequence, Rack preserves the embedded CRLF in parsed parameter values such as filename o...

4.8CVSS0.00227EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/04/02 5:10 p.m.4 views

CVE-2026-26962

Rack is a modular Ruby web server interface. From version 3.2.0 to before version 3.2.6, Rack::Multipart::Parser unfolds folded multipart part headers incorrectly. When a multipart header contains an obs-fold sequence, Rack preserves the embedded CRLF in parsed parameter values such as filename o...

6.5CVSS5.2AI score0.00227EPSS
Exploits0
OSV
OSV
added 2026/04/02 5:10 p.m.2 views

CVE-2026-26962 Rack: Header injection in multipart requests

Rack is a modular Ruby web server interface. From version 3.2.0 to before version 3.2.6, Rack::Multipart::Parser unfolds folded multipart part headers incorrectly. When a multipart header contains an obs-fold sequence, Rack preserves the embedded CRLF in parsed parameter values such as filename o...

4.8CVSS5.8AI score0.00227EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.6 views

PT-2026-29923

Summary Rack::Multipart::Parser unfolds folded multipart part headers incorrectly. When a multipart header contains an obs-fold sequence, Rack preserves the embedded CRLF in parsed parameter values such as filename or name instead of removing the folded line break during unfolding. As a result,...

4.8CVSS5.8AI score0.00227EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.7 views

PT-2026-29841

Name of the Vulnerable Software and Affected Versions Rack versions 3.2.0 through 3.2.5 Description Rack’s Rack::Multipart::Parser incorrectly unfolds folded multipart part headers. When a multipart header contains an obs-fold sequence, Rack preserves the embedded CRLF in parsed parameter values...

7.5CVSS5.7AI score0.0043EPSS
Exploits0References47
OPENSUSE Linux
OPENSUSE Linux
added 2026/03/30 12:0 a.m.10 views

Security update for obs-service-recompress, obs-service-tar_scm (moderate)

openSUSE Security Update: Security update for obs-service-recompress, obs-service-tarscm Announcement ID: openSUSE-SU-2026:0109-1 Rating: moderate References: 1076410 1082696 1105361 1107507 1107944 1127353 1127907 1138377 1168573 1212476 1216361 927120 967265 Cross-References: CVE-2018-12473...

9.8CVSS7AI score0.01817EPSS
Exploits0References13
Fedora
Fedora
added 2026/03/28 12:19 a.m.9 views

[SECURITY] Fedora 44 Update: rust-reqsign-huaweicloud-obs-3.0.0-1.fc44

Huawei Cloud OBS signing implementation for reqsign...

5.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/03/15 12:0 a.m.12 views

openSUSE 16 Security Update : osc, obs-scm-bridge (openSUSE-SU-2026:20361-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20361-1 advisory. Changes in osc: - 1.24.0 - Command-line: - Add '--target-owner' option to 'git-obs repo fork' command - Add '--self' parameter to fix 'no matching paren...

7.3CVSS6AI score0.00209EPSS
Exploits0References4
OPENSUSE Linux
OPENSUSE Linux
added 2026/03/14 12:0 a.m.10 views

Security update for osc, obs-scm-bridge (moderate)

openSUSE security update: security update for osc, obs-scm-bridge ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20361-1 Rating: moderate References: bsc1230469 bsc1247410 Cross-References: CVE-2024-22038 CVSS scores: CVE-2024-22038 SUSE : 7.3...

7.3CVSS6AI score0.00209EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/18 8:21 a.m.11 views

CVE-2025-14347

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Proliz Software Ltd. OBS Student Affairs Information System0 allows Reflected XSS.This issue affects OBS Student Affairs Information System0: before 26.5009...

6.3CVSS6.4AI score0.00178EPSS
Exploits0References1
NVD
NVD
added 2025/12/17 9:15 a.m.8 views

CVE-2025-14347

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Proliz Software Ltd. OBS Student Affairs Information System0 allows Reflected XSS. This issue affects OBS Student Affairs Information System0: before 26.5009...

6.3CVSS0.00178EPSS
Exploits0References2
Rows per page
Query Builder