Lucene search
K

9318 matches found

OSV
OSV
added 2026/05/29 7:43 p.m.19 views

GHSA-W5PP-99CH-QJ29 go-git: Malformed Git object data may cause panics or resource exhaustion

Impact Several denial-of-service issues were identified in go-git when parsing maliciously crafted Git repository data. An attacker may craft a malicious .pack, .idx or loose objects that causes an application using an affected version of go-git to panic or consume excessive resources. This can...

6.5CVSS5.7AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/29 7:43 p.m.45 views

go-git: Malformed Git object data may cause panics or resource exhaustion

Impact Several denial-of-service issues were identified in go-git when parsing maliciously crafted Git repository data. An attacker may craft a malicious .pack, .idx or loose objects that causes an application using an affected version of go-git to panic or consume excessive resources. This can...

5.7AI score
Exploits0References2Affected Software2
Microsoft KB
Microsoft KB
added 2026/05/29 2:0 p.m.27 views

Description of the security update for SharePoint Server 2016: May 12, 2026 (KB5002868)

Description of the security update for SharePoint Server 2016: May 12, 2026 KB5002868 Summary Important: If you're currently running SharePoint Workflow Manager, you must install the SharePoint Workflow Manager KB5002799 to your farm before you install this cumulative update. If you're currently...

8.8CVSS5.9AI score0.03219EPSS
Exploits3
OSV
OSV
added 2026/05/29 9:30 a.m.6 views

SUSE-SU-2026:2110-1 Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following issues - CVE-2026-22007: APIs in the specified component can lead to an unauthorized read access bsc1262490. - CVE-2026-22013: unauthenticated attacker with network access can access to critical data bsc1262494. - CVE-2026-22016: APIs in the...

9.8CVSS7.3AI score0.00702EPSS
Exploits0References16
RedhatCVE
RedhatCVE
added 2026/05/28 8:13 p.m.12 views

CVE-2026-8180

IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a potential denial of service in the asperahttpd component. An unauthenticated user can cause...

7.5CVSS5.8AI score0.00319EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/27 5:27 p.m.10 views

EUVD-2026-32612

Cinny is a Matrix client. Prior to 4.10.3, A remote authenticated attacker who shares a room with a victim and has permissions to create room emotes for example in a DM can cause the victim's client to send their Matrix access token to an attacker-controlled server. This occurs when the victim...

7.1CVSS5.9AI score0.00302EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/27 5:27 p.m.42 views

CVE-2026-42553 Cinny: Access token disclosure via invalidated emoji pack avatar URL in service worker

Cinny is a Matrix client. Prior to 4.10.3, A remote authenticated attacker who shares a room with a victim and has permissions to create room emotes for example in a DM can cause the victim's client to send their Matrix access token to an attacker-controlled server. This occurs when the victim...

7.1CVSS0.00302EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/27 5:27 p.m.10 views

CVE-2026-42553

Cinny is a Matrix client. Prior to 4.10.3, A remote authenticated attacker who shares a room with a victim and has permissions to create room emotes for example in a DM can cause the victim's client to send their Matrix access token to an attacker-controlled server. This occurs when the victim...

7.1CVSS5.9AI score0.00302EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/05/27 5:27 p.m.40 views

CVE-2026-42553

Cinny (Matrix client) before version 4.10.3 is affected by a token-disclosure vulnerability in two parts: (1) EmojiBoard fallback uses an untrusted pack.meta.avatar as a MXC URL, enabling an attacker-controlled HTTP(S) URL in a malicious emote pack; (2) the service worker attaches the user’s Auth...

7.1CVSS5.9AI score0.00302EPSS
Exploits0References2
CVE
CVE
added 2026/05/27 1:21 p.m.23 views

CVE-2026-9035

IBM Aspera High-Speed Transfer Endpoint (versions 3.7.4–4.4.7 Fix Pack 1) and IBM Aspera High-Speed Transfer Server (same range) are affected by an arbitrary file read in the asperahttpd component. The issue allows an authenticated user to access files in the server’s local storage that should be...

6.5CVSS5.9AI score0.00325EPSS
Exploits0References1Affected Software2
EUVD
EUVD
added 2026/05/27 1:21 p.m.13 views

EUVD-2026-32503

IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a potential arbitrary file read in the asperahttpd component. An authenticated user may be ab...

6.5CVSS5.9AI score0.00325EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 1:20 p.m.9 views

CVE-2026-8180

IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a potential denial of service in the asperahttpd component. An unauthenticated user can cause...

7.5CVSS5.8AI score0.00319EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2026/05/27 1:20 p.m.41 views

CVE-2026-8180 Multiple vulnerabilities in Aspera applications.

IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a potential denial of service in the asperahttpd component. An unauthenticated user can cause...

7.5CVSS0.00319EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 1:17 p.m.9 views

CVE-2026-8179

IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a buffer overflow in the asperahttpd component. This vulnerability could allow an authenticat...

8.8CVSS6.5AI score0.00401EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2026/05/27 1:17 p.m.40 views

CVE-2026-8179 Multiple vulnerabilities in Aspera applications.

IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a buffer overflow in the asperahttpd component. This vulnerability could allow an authenticat...

8.8CVSS0.00401EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 1:17 p.m.9 views

CVE-2026-8175

IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a buffer overflow in the asperahttpd component. This vulnerability could be exploited to caus...

9.8CVSS6.4AI score0.0058EPSS
Exploits0References2Affected Software2
OSV
OSV
added 2026/05/27 11:53 a.m.17 views

SUSE-SU-2026:2092-1 Security update for go1.26-openssl

This update for go1.26-openssl fixes the following issues Security issues: - CVE-2026-33811: net: crash when handling long CNAME response bsc1264508. - CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1264506. - CVE-2026-39817: cmd/go: 'go tool...

7.5CVSS6AI score0.00813EPSS
Exploits0References25
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.16 views

PT-2026-43991

IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a potential arbitrary file read in the asperahttpd component. An authenticated user may be ab...

6.5CVSS5.9AI score0.00325EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.11 views

IBM Aspera High-Speed Transfer Endpoint和IBM Aspera High-Speed Transfer Server 路径遍历漏洞

IBM Aspera High-Speed Transfer Endpoint and IBM Aspera High-Speed Transfer Server are products of American International Business Machines Corporation IBM. IBM Aspera High-Speed Transfer Endpoint is a high-speed file transfer and data exchange node service. IBM Aspera High-Speed Transfer Server i...

6.5CVSS5.8AI score0.00325EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.18 views

Amazon Linux 2023 : golang, golang-bin, golang-misc (ALAS2023-2026-1743)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1743 advisory. When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. CVE-2026-33811 When processing HTTP/2 SETTINGS frames, transport...

7.5CVSS7.6AI score0.00813EPSS
Exploits0References22
Rows per page
Query Builder