Lucene search
K

19531 matches found

OSV
OSV
added 2026/06/23 5:16 p.m.4 views

UBUNTU-CVE-2025-61025

An issue in the sslrqstget component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

7.5CVSS5.9AI score0.0035EPSS
Exploits0References2
OSV
OSV
added 2026/06/23 5:16 p.m.3 views

UBUNTU-CVE-2025-61019

An issue in the sqlokeypartbest component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

7.5CVSS5.9AI score0.0035EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/23 4:8 p.m.3 views

Security Bulletin: DNS Rebinding TOCTOU Bypass of SSRF Protection in Langflow OSS URL Component

Summary Langflow OSS contains DNS rebinding TOCTOU vulnerability bypassing SSRF protection. URL component validates URLs with validateurlforssrf but fetches via RecursiveUrlLoader performing independent DNS resolution, creating exploitable TOCTOU window. Maintainers fixed identical issue in...

7.1CVSS5.8AI score0.00146EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2026/06/23 3:45 p.m.9 views

EUVD-2026-38476

n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, three EE endpoints used by the Dynamic Credentials feature accepted any authenticated n8n session without performing per-resource ownership or scope checks on the target workflow or credential. An...

8.9CVSS6AI score0.00343EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/23 3:33 p.m.5 views

CVE-2026-54314

n8n is an open source workflow automation platform. Prior to 2.24.0, the Compression node's Decompress operation expanded attacker-controlled archives into memory without enforcing limits on decompressed output size. An unauthenticated attacker could send a small compressed archive to a public...

6.3CVSS5.9AI score0.00375EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/23 3:31 p.m.6 views

EUVD-2026-38459

n8n is an open source workflow automation platform. Prior to 2.24.0, an authenticated user with workflow edit access could supply a malicious filter value in the MongoDB node's Find And Replace operation. The value was not validated before being passed to MongoDB as a query filter, allowing...

6.5CVSS5.8AI score0.0026EPSS
Exploits0References1
Filippo.io
Filippo.io
added 2026/06/23 1:0 p.m.18 views

Vulnerability Reports Are Not Special Anymore

A requirement for staying sane while working in public as an open source maintainer is realizing that every issue, PR, and piece of feedback is a present, not an obligation. You can accept it, ignore it, and use it partially or not at all. Except… For years, as lead of the Go Security team at the...

5.9AI score
Exploits0
Vulnrichment
Vulnrichment
added 2026/06/23 12:0 a.m.5 views

CVE-2025-61018

An issue in the sqloplacedtset component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

5.9AI score0.00482EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/23 12:0 a.m.32 views

CVE-2025-61023

An issue in the stcompare component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

0.00482EPSS
Exploits0References1
CVE
CVE
added 2026/06/23 12:0 a.m.8 views

CVE-2025-61029

CVE-2025-61029 describes a DoS in the sqlo_untry component of openlink virtuoso-opensource (v7.2.11). The issue arises from handling crafted SQL statements in that component, enabling an attacker to disrupt service. Connected sources confirm the affected product/version and impact (Denial of Serv...

7.5CVSS5.9AI score0.0035EPSS
Exploits0References1
CVE
CVE
added 2026/06/23 12:0 a.m.14 views

CVE-2025-61023

The CVE-2025-61023 entry concerns openlink virtuoso-opensource, specifically the st_compare component in version 7.2.11. Multiple connected sources confirm that a flaw in st_compare can be exploited by sending crafted SQL statements, resulting in a Denial of Service (DoS) that can render the serv...

7.5CVSS5.9AI score0.00482EPSS
Exploits0References4
CVE
CVE
added 2026/06/23 12:0 a.m.6 views

CVE-2025-61021

The CVE-2025-61021 entry concerns openlink virtuoso-opensource v7.2.11, specifically the sqlo_natural_join_cond component. The issue enables Denial of Service via crafted SQL statements. Public details across connected documents confirm the affected product/version and the root cause (sqlo_natura...

7.5CVSS5.9AI score0.0035EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.9 views

PT-2026-51540

Name of the Vulnerable Software and Affected Versions openlink virtuoso-opensource version 7.2.11 Description A flaw in the sqlo natural join cond component allows attackers to trigger a Denial of Service DoS by using specially crafted SQL statements. Recommendations At the moment, there is no...

7.5CVSS5.8AI score0.0035EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/23 12:0 a.m.4 views

CVE-2025-61019

An issue in the sqlokeypartbest component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

5.9AI score0.0035EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/23 12:0 a.m.31 views

CVE-2025-61019

An issue in the sqlokeypartbest component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

0.0035EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/23 12:0 a.m.31 views

CVE-2025-61021

An issue in the sqlonaturaljoincond component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

0.0035EPSS
Exploits0References1
CVE
CVE
added 2026/06/23 12:0 a.m.12 views

CVE-2025-61022

The vulnerability CVE-2025-61022 affects OpenLink Virtuoso Open-Source (v7.2.11) in the sqlo_tb_col_preds component. It allows an attacker to cause a Denial of Service via crafted SQL statements. Public references in the connected documents confirm the DoS impact, but there are no details about e...

7.5CVSS5.9AI score0.0035EPSS
Exploits0References1
CVE
CVE
added 2026/06/23 12:0 a.m.8 views

CVE-2025-61025

CVE-2025-61025 affects openlink virtuoso-opensource 7.2.11, specifically the sslr_qst_get component. The issue allows a Denial of Service via crafted SQL statements. The CVSSv3.1 vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H with a base score of 7.5 (HIGH). Connected sources identify the...

7.5CVSS5.9AI score0.0035EPSS
Exploits0References1
CVE
CVE
added 2026/06/23 12:0 a.m.9 views

CVE-2025-61019

The data shows a vulnerability in virtuoso-opensource (openlink) version 7.2.11 affecting the sqlo_key_part_best component. The issue allows an attacker to trigger a Denial of Service (DoS) via crafted SQL statements, with the root cause located in sqlo_key_part_best. The CVE entry is consistentl...

7.5CVSS5.9AI score0.0035EPSS
Exploits0References1
CVE
CVE
added 2026/06/23 12:0 a.m.6 views

CVE-2025-61018

CVE-2025-61018 affects OpenLink Virtuoso Open-Source v7.2.11, specifically the sqlo_place_dt_set component. The issue allows attackers to cause a Denial of Service via crafted SQL statements. The connected documents confirm the affected product/version and the DoS impact, but do not provide explo...

7.5CVSS5.9AI score0.00482EPSS
Exploits0References4
Rows per page
Query Builder