Lucene search
+L

11 matches found

nessus
nessus
added 2026/05/27 12:0 a.m.15 views

Amazon Linux 2023 : cni-plugins (ALAS2023-2026-1723)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1723 advisory. Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value refresh. A new GODEBU...

7.5CVSS7.3AI score0.00813EPSS
Exploits0References14
amazon
amazon
added 2026/05/26 12:0 a.m.24 views

Important: docker

Issue Overview: When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. CVE-2026-33811 When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a...

7.5CVSS7.5AI score0.00813EPSS
Exploits0
amazon
amazon
added 2026/05/26 12:0 a.m.20 views

Important: amazon-ecr-credential-helper

Issue Overview: When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. CVE-2026-33811 When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a...

7.5CVSS7.5AI score0.00813EPSS
Exploits0
amazon
amazon
added 2026/01/05 12:0 a.m.8 views

Important: python3-tornado

Issue Overview: Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, the supplied reason phrase is used unescaped in HTTP headers where it could be used for header injection or in HTML in the default error page where it could be used for XSS and can ...

7.5CVSS6.8AI score0.00403EPSS
Exploits0
euvd
euvd
added 2025/10/07 12:30 a.m.8 views

EUVD-2018-11796

Malware in sbrugna...

6.5CVSS7AI score0.02483EPSS
Exploits1References5
euvd
euvd
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-1927

Malware in sbrugna...

6.5CVSS6.5AI score0.01061EPSS
Exploits0References2
euvd
euvd
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-33094

Malicious code in bioql PyPI...

5.5CVSS5.5AI score0.00199EPSS
Exploits0References3
osv
osv
added 2024/02/09 3:15 p.m.11 views

CVE-2024-25448

An issue in the imlibfreeimageanddecache function of imlib2 v1.9.1 allows attackers to cause a heap buffer overflow via parsing a crafted image...

8.8CVSS7.1AI score
Exploits0References2
osv
osv
added 2023/02/28 8:15 p.m.5 views

CVE-2023-27371

GNU libmicrohttpd before 0.9.76 allows remote DoS Denial of Service due to improper parsing of a multipart/form-data boundary in the postprocessor.c MHDcreatepostprocessor method. This allows an attacker to remotely send a malicious HTTP POST packet that includes one or more '\0' bytes in a...

5.9CVSS5.5AI score
Exploits0References4
cnvd
cnvd
added 2021/04/25 12:0 a.m.5 views

ezXML Heap Buffer Overflow Vulnerability

ezXML is a C library for parsing XML documents . A heap buffer overflow vulnerability exists in libezxml.a in ezXML version 0.8.6. The vulnerability stems from a memory handling error performed by the ezxmldecode function when parsing a specially crafted XML file. An attacker could exploit this...

7.5CVSS6.9AI score0.01347EPSS
Exploits0References1
threatpost
threatpost
added 2013/01/29 5:47 p.m.51 views

Some Versions of Ruby on Rails Vulnerable to New Parsing Attack

A vulnerability exists in Ruby on Rails’ JavaScript Object Notation JSON code that could open the Web framework up to a slew of security problems. Patches were published yesterday, but if left unpatched, the vulnerability could let attackers bypass authentication systems, inject arbitrary SQL cod...

7.5CVSS8AI score0.99449EPSS
Exploits22References9
Rows per page
Query Builder