Lucene search
K

17 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux - Vulnerability in Golang-1.23

The net/url package does not limit the number of query parameters in a query. Although the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing man...

7.5CVSS6.8AI score0.01945EPSS
Exploits0References2
SUSE Linux
SUSE Linux
added 2026/05/06 12:10 p.m.10 views

Security update for python3

This update for python3 fixes the following issues: CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined can lead to misinterpretation of tar archives bsc1259611. CVE-2026-1502: HTTP client proxy tunnel headers not validated for CR/LF bsc1261969...

9.1CVSS6.7AI score0.00621EPSS
Exploits1References40
Snyk
Snyk
added 2026/05/04 8:56 p.m.11 views

XML External Entity (XXE) Injection

Overview changedetection.io is a Website change detection and monitoring service Affected versions of this package are vulnerable to XML External Entity XXE Injection via the xpathfilter process. An attacker can access sensitive local files by supplying crafted XML or RSS content containing...

8.2CVSS5.9AI score0.00266EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/01 12:0 a.m.8 views

TencentOS Server 3: osbuild-composer (TSSA-2026:0204)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0204 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

10CVSS6.9AI score0.01945EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.5 views

MiracleLinux 8 : thunderbird-128.10.0-1.el8_10.ML.1 (AXSA:2025-9937:11)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2025-9937:11 advisory. firefox: thunderbird: Privilege escalation in Firefox Updater CVE-2025-2817 firefox: thunderbird: Unsafe attribute access during XPath parsing...

9.1CVSS7.2AI score0.00534EPSS
Exploits0References6
Veracode
Veracode
added 2025/11/24 4:31 a.m.7 views

XML External Entity (XXE)

langchaintextsplitters is vulnerable to XML External Entity XXE injection. The vulnerability is due to unsafe parsing of arbitrary XSLT stylesheets using lxml without access controls, which allows an attacker to read local files or fetch external resources accessible to the LangChain process...

7.5CVSS7AI score0.00604EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-28205

Malware in sbrugna...

5.3CVSS6.9AI score0.02983EPSS
Exploits1References15
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-33194

Malicious code in bioql PyPI...

9.6CVSS6.3AI score0.00727EPSS
Exploits0References1
OSV
OSV
added 2025/10/03 7:56 p.m.8 views

RLSA-2025:10073 Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: Content-Disposition header ignored when a file is included in an embed or object tag CVE-2025-6430 firefox: Use-after-free in FontFaceSet CVE-2025-6424 firefox:...

7.5CVSS6.1AI score0.03057EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/23 4:30 a.m.9 views

CVE-2023-50766

A cross-site request forgery CSRF vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML...

8.8CVSS6.7AI score0.00447EPSS
Exploits0
OSV
OSV
added 2025/03/30 6:15 a.m.8 views

AZL-59300 CVE-2025-1219 affecting package php for versions less than 8.1.32-1

In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used to determine the charset when the requested resource performs a redirect. This may...

5.3CVSS6.7AI score0.00718EPSS
Exploits1References1
Amazon
Amazon
added 2025/02/05 12:0 a.m.6 views

Medium: python3.11

Issue Overview: Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in filenames in a TAR archive, a related issue to CVE-2001-1267. CVE-2007-4559...

9.8CVSS8.1AI score0.27095EPSS
Exploits5
OSV
OSV
added 2025/01/27 10:15 p.m.6 views

CVE-2025-24123

The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Parsing a file may lead to an unexpected app termination...

5.5CVSS5.8AI score
Exploits0References14
OSV
OSV
added 2025/01/14 7:23 p.m.17 views

BIT-PHP-MIN-2020-7071 FILTER_VALIDATE_URL accepts URLs with invalid userinfo

In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when validating URL with functions like filtervar$url, FILTERVALIDATEURL, PHP will accept an URL with invalid password as valid URL. This may lead to functions that rely on URL being valid to mis-parse the URL and produce wrong dat...

5.3CVSS6.5AI score0.02983EPSS
Exploits1References8
RedHat Linux
RedHat Linux
added 2023/06/07 9:23 a.m.5 views

json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)

A flaw was found in the json-smart package. This security flaw occurs when reaching a ‘‘ or ‘‘ character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such arrays or objects. Since nested arrays and objects are parsed...

7.5CVSS6.9AI score0.01119EPSS
Exploits1References6
OSV
OSV
added 2020/10/27 8:15 p.m.2 views

CVE-2019-8761

This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15. Parsing a maliciously crafted text file may lead to disclosure of user information...

5.5CVSS6.7AI score0.01343EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2020/03/12 5:2 p.m.4 views

xml-security: Apache Santuario potentially loads XML parsing code from an untrusted source

In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this...

5.5CVSS7.3AI score0.00776EPSS
Exploits0References4
Rows per page
Query Builder