Lucene search
K

2189 matches found

OpenVAS
OpenVAS
added 2026/04/14 12:0 a.m.9 views

Debian: Security Advisory (DLA-4530-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.2AI score0.00787EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/13 12:0 a.m.9 views

Amazon Linux 2023 : sudo, sudo-devel, sudo-logsrvd (ALAS2023-2026-1559)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1559 advisory. In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal error and can lead to privilege escalation...

7.8CVSS5.8AI score0.00173EPSS
Exploits0References4
Wolfi
Wolfi
added 2026/04/11 2:52 a.m.7 views

CVE-2026-26962 vulnerabilities

Vulnerabilities for packages: ruby3.4-rails, ruby3.2-rails...

6.5CVSS6.1AI score0.00227EPSS
Exploits0
Chainguard
Chainguard
added 2026/04/10 2:13 a.m.11 views

CVE-2022-28108 vulnerabilities

Vulnerabilities for packages: hadoop-fips...

9.3CVSS7.2AI score0.11675EPSS
Exploits6
Snyk
Snyk
added 2026/04/09 3:13 p.m.7 views

Cross-site Scripting (XSS)

Overview org.webjars.npm:rrweb-snapshot is a rrweb's component to take a snapshot of DOM, aka DOM serializer Affected versions of this package are vulnerable to Cross-site Scripting XSS via the rrweb-snapshot process. An attacker can execute arbitrary web scripts or inject malicious HTML by...

6.1CVSS5.9AI score0.00239EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/09 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-31842

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Tinyproxy through 1.11.3 is vulnerable to HTTP request parsing desynchronization due to a case-sensitive comparison of the Transfer-Encoding header in src/reqs....

8.7CVSS5.9AI score0.00899EPSS
Exploits1References3
Snyk
Snyk
added 2026/04/07 9:10 p.m.4 views

Missing Report of Error Condition

Overview github.com/sigstore/cosign/cmd/cosign/cli/verify is a package that aims to make signatures invisible infrastructure. Affected versions of this package are vulnerable to Missing Report of Error Condition in the verify-blob-attestation module when used without --check-claims flag. An...

6.9CVSS5.8AI score0.00241EPSS
Exploits0References2
Wolfi
Wolfi
added 2026/04/07 1:48 a.m.11 views

GHSA-C427-H43C-VF67 vulnerabilities

Vulnerabilities for packages: kubeflow-pipelines-visualization-server, checkov, py3-cassandra-medusa, kserve, dask-kubernetes, open-webui, airflow...

6.1AI score
Exploits0
CBLMariner
CBLMariner
added 2026/04/06 11:43 p.m.7 views

CVE-2026-25541 affecting package rust for versions less than 1.90.0-6

CVE-2026-25541 affecting package rust for versions less than 1.90.0-6. A patched version of the package is available...

7.5CVSS5.9AI score0.00559EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/04/05 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-34601

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. In xmldom versions 0.6.0 and prior and @xmldom/xmldom...

7.5CVSS5.9AI score0.00472EPSS
Exploits0References3
Wolfi
Wolfi
added 2026/03/25 7:48 p.m.12 views

GHSA-46XP-26XH-HPQH vulnerabilities

Vulnerabilities for packages: docker-machine-driver-harvester...

5.8AI score
Exploits0
Chainguard
Chainguard
added 2026/03/25 1:17 a.m.7 views

GHSA-9XRJ-H377-FR87 vulnerabilities

Vulnerabilities for packages: ruby3.2-rails, gitlab-rails-ce-fips, gitlab-rails-ce, ruby3.4-rails...

6.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/03/23 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-33347

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - league/commonmark is a PHP Markdown parser. From version 2.3.0 to before version 2.8.2, the DomainFilteringAdapter in the Embed extension is vulnerable to an...

6.3CVSS6.1AI score0.00241EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/19 11:0 p.m.4 views

Embedded Malicious Code

Overview @emilgroup/partner-sdk is an A new version of the package Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised as the result of Trivy's GitHub Actions compromise and a malicious versions were released on NPM...

9.8CVSS5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/18 12:54 p.m.7 views

Malicious code in internal-api-insights (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7b02a86affbdb1f89c5fff800bc1a2c78125d1536f84ed7caa8507f14d0ebf5c The package internal-api-insights was found to contain malicious code...

5.8AI score
Exploits0
CBLMariner
CBLMariner
added 2026/03/10 10:56 p.m.7 views

CVE-2025-58190 affecting package gh for versions less than 2.62.0-13

CVE-2025-58190 affecting package gh for versions less than 2.62.0-13. A patched version of the package is available...

5.3CVSS5.8AI score0.00482EPSS
Exploits1
Snyk
Snyk
added 2026/03/10 10:37 p.m.4 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview django-unicorn is an A magical full-stack framework for Django. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via unvalidated attribute access within the action parsers that fail to enforce visibility...

6.9CVSS5.8AI score0.0021EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/03/10 12:0 a.m.17 views

Linux Distros Unpatched Vulnerability : CVE-2026-31802

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - node-tar is a full-featured Tar for Node.js. Prior to version 7.5.11, tar npm can be tricked into creating a symlink that points outside the extraction director...

8.2CVSS6.6AI score0.00253EPSS
Exploits4References2
PyPA
PyPA
added 2026/03/07 4:15 p.m.12 views

PYSEC-2026-121

pyLoad is a free and open-source download manager written in Python. From version 0.5.0b3.dev13 to 0.5.0b3.dev96, the editpackage function implements insufficient sanitization for the packfolder parameter. The current protection relies on a single-pass string replacement of "../", which can be...

7.1CVSS5.7AI score0.00517EPSS
Exploits1References1Affected Software1
Wolfi
Wolfi
added 2026/03/05 7:48 a.m.7 views

GHSA-HFPC-8R3F-GW53 vulnerabilities

Vulnerabilities for packages: efs-utils, nushell, zizmor, linkerd2-proxy, deno, rustls-ffi, lychee, py3-xet-core, linkerd-network-validator, zed, linkerd2, zellij, cargo-audit, ztunnel, parseable, linkerd-extension-init, uv, buck2, ntpd-rs, rustup, pixi...

6.1AI score
Exploits0
Rows per page
Query Builder