Lucene search
K

76 matches found

Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.9 views

PT-2026-39722

Name of the Vulnerable Software and Affected Versions Python affected versions not specified Description The xml.parsers.expat and xml.etree.ElementTree modules use insufficient entropy for Expat hash-flooding protection. This allows a specially crafted XML document to trigger hash flooding, a...

9.8CVSS5.8AI score0.00087EPSS
Exploits0References23
Packet Storm News
Packet Storm News
added 2026/03/25 12:0 a.m.3 views

XSStrike 3.1.6

XSStrike is a cross site scripting detection suite equipped with four hand written parsers, an intelligent payload generator, a powerful fuzzing engine and an incredibly fast crawler. Instead of injecting payloads and checking it works like all the other tools do, XSStrike analyses the response...

5.2AI score
Exploits0
OSV
OSV
added 2025/09/03 6:19 p.m.3 views

CLSA-2025-1756923561 clamav: Fix of 8 CVEs

Update to 1.0.9 LTS version - CVE-2025-20260: Fixed a possible buffer overflow write bug in the PDF file parser - CVE-2025-20128: Fixed a possible buffer overflow read bug in the OLE2 file parser - CVE-2024-20506: Changed the logging module to disable following symlinks on Linux and Unix systems...

9.8CVSS7.1AI score0.08586EPSS
Exploits5References1
OSV
OSV
added 2025/07/24 11:46 a.m.2 views

SUSE-SU-2025:20507-1 Security update for gstreamer-plugins-base

This update for gstreamer-plugins-base fixes the following issues: - CVE-2025-47807: Fixed NULL-pointer dereference in SubRip subtitle parser bsc1244403 - CVE-2025-47808: Fixed NULL-pointer dereference in TMPlayer subtitle parser bsc1244404 - CVE-2025-47806: Fixed Stack buffer overflow in SubRip...

5.6CVSS7.5AI score0.00448EPSS
Exploits3References7
SUSE CVE
SUSE CVE
added 2025/02/14 5:41 a.m.1 views

SUSE CVE-2024-7254

Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf Lite parser, or...

7.5CVSS7.7AI score0.00134EPSS
Exploits0References9
Gitee
Gitee
added 2024/12/20 4:39 p.m.114 views

PEASS-ng

PEASS-ng - Privilege Escalation Awesome Scripts SUITE new generation Basic Tutorial Here you will find privilege escalation tools for Windows and Linux/Unix\ and MacOS. These tools search for possible local privilege escalation paths that you could exploit and print them to you with nice colors s...

7AI score
Exploits0
Github Security Blog
Github Security Blog
added 2024/11/20 9:38 p.m.26 views

Litestar allows unbounded resource consumption (DoS vulnerability)

Summary Litestar offers multiple methods to return a parsed representation of the request body, as well as extractors that rely on those parsers to map request content to structured data types. Multiple of those parsers do not have size limits when reading the request body into memory, which allo...

8.2CVSS6.8AI score0.00445EPSS
Exploits1References7Affected Software2
OSV
OSV
added 2024/11/12 10:15 p.m.1 views

DEBIAN-CVE-2024-11168

The urllib.parse.urlsplit and urlparse functions improperly validated bracketed hosts , allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser...

6.3CVSS6.4AI score0.00552EPSS
Exploits0References1
NVD
NVD
added 2024/07/16 12:15 p.m.22 views

CVE-2022-48776

In the Linux kernel, the following vulnerability has been resolved: mtd: parsers: qcom: Fix missing free for pparts in cleanup Mtdpart doesn't free pparts when a cleanup function is declared. Add missing free for pparts in cleanup function for smem to fix the leak...

5.5CVSS0.00027EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2024/07/16 12:15 p.m.12 views

CVE-2022-48776

In the Linux kernel, the following vulnerability has been resolved: mtd: parsers: qcom: Fix missing free for pparts in cleanup Mtdpart doesn't free pparts when a cleanup function is declared. Add missing free for pparts in cleanup function for smem to fix the leak...

5.5CVSS5.8AI score0.00027EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2024/07/16 11:13 a.m.15 views

CVE-2022-48777

In the Linux kernel, the following vulnerability has been resolved: mtd: parsers: qcom: Fix kernel panic on skipped partition In the event of a skipped partition case when the entry name is empty the kernel panics in the cleanup function as the name entry is NULL. Rework the parser logic by first...

5.5CVSS4.9AI score0.00018EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2024/07/15 6:33 p.m.21 views

Plate media plugins has a XSS in media embed element when using custom URL parsers

Impact Editors that use MediaEmbedElement and pass custom urlParsers to the useMediaState hook may be vulnerable to XSS if a custom parser allows javascript:, data: or vbscript: URLs to be embedded. Editors that do not use urlParsers and instead consume the url property directly may also be...

8.1CVSS6AI score0.00332EPSS
Exploits0References5Affected Software1
OpenVAS
OpenVAS
added 2024/06/07 12:0 a.m.9 views

Fedora: Security Advisory for rust-tree-sitter-cli (FEDORA-2024-40ee18b2e7)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
Fedora
Fedora
added 2024/05/26 1:29 a.m.9 views

[SECURITY] Fedora 40 Update: rust-tree-sitter-cli-0.22.5-2.fc40

CLI tool for developing, testing, and using Tree-sitter parsers...

7.4AI score
Exploits0
Fedora
Fedora
added 2024/03/07 10:33 p.m.16 views

[SECURITY] Fedora 40 Update: univocity-parsers-2.9.1-13.fc40

uniVocity-parsers is a suite of extremely fast and reliable parsers for Java. It provides a consistent interface for handling different file formats, and a solid framework for the development of new parsers...

8.8CVSS6.9AI score0.45835EPSS
Exploits3
Fedora
Fedora
added 2024/03/07 10:33 p.m.18 views

[SECURITY] Fedora 40 Update: sac-1.3-46.fc40

SAC is a standard interface for CSS parsers, intended to work with CSS1, CSS2, CSS3 and other CSS derived languages...

8.8CVSS9.1AI score0.45835EPSS
Exploits3
Fedora
Fedora
added 2024/03/07 10:32 p.m.31 views

[SECURITY] Fedora 40 Update: antlr-2.7.7-77.fc40

ANTLR, ANother Tool for Language Recognition, formerly PCCTS is a language tool that provides a framework for constructing recognizers, compilers, and translators from grammatical descriptions containing C++ or Java actions You can use PCCTS 1.xx to generate C-based parsers...

8.8CVSS6.9AI score0.45835EPSS
Exploits3
UbuntuCve
UbuntuCve
added 2024/03/05 11:15 p.m.20 views

CVE-2024-24784

The ParseAddressList function incorrectly handles comments text within parentheses within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different parsers...

7.5CVSS6.8AI score0.02017EPSS
Exploits0References11
Github Security Blog
Github Security Blog
added 2023/12/15 12:30 p.m.31 views

WSO2 products vulnerable to XML External Entity attack

Multiple WSO2 products have been identified as vulnerable due to an XML External Entity XXE attack abuses a widely available but rarely used feature of XML parsers to access sensitive information...

7.5CVSS6.9AI score0.0017EPSS
Exploits0References9Affected Software6
OSV
OSV
added 2023/04/21 12:15 p.m.3 views

CVE-2023-2226

Due to insufficient validation in the PE and OLE parsers in Rapid7's Velociraptor versions earlier than 0.6.8 allows attacker to crash Velociraptor during parsing of maliciously malformed files. For this attack to succeed, the attacker needs to be able to introduce malicious files to the system a...

5.3CVSS6AI score0.00169EPSS
Exploits0References1
Rows per page
Query Builder