Lucene search
K

790 matches found

Nuclei
Nuclei
added 3 days ago31 views

Jenkins build-metrics 1.3 - Cross-Site Scripting

Jenkins build-metrics 1.3 is vulnerable to a reflected cross-site scripting vulnerability that allows attackers to inject arbitrary HTML and JavaScript into the web pages the plugin provides. id: CVE-2019-10475 info: name: Jenkins build-metrics 1.3 - Cross-Site Scripting author: madrobot severity...

6.1CVSS6.4AI score0.57735EPSS
Exploits5References5
RedhatCVE
RedhatCVE
added last week5 views

CVE-2025-61019

A flaw was found in virtuoso-opensource. An attacker could send specially crafted SQL Structured Query Language statements to the sqlokeypartbest component, leading to a Denial of Service DoS. This vulnerability allows an attacker to disrupt the availability of the service...

7.5CVSS5.9AI score0.0035EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/23 6:31 p.m.5 views

EUVD-2025-210314

An issue in the sqlokeypartbest component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

5.9AI score0.0035EPSS
Exploits0References2
OSV
OSV
added 2026/06/23 5:16 p.m.3 views

UBUNTU-CVE-2025-61019

An issue in the sqlokeypartbest component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

7.5CVSS5.9AI score0.0035EPSS
Exploits0References2
CVE
CVE
added 2026/06/23 12:0 a.m.9 views

CVE-2025-61019

The data shows a vulnerability in virtuoso-opensource (openlink) version 7.2.11 affecting the sqlo_key_part_best component. The issue allows an attacker to trigger a Denial of Service (DoS) via crafted SQL statements, with the root cause located in sqlo_key_part_best. The CVE entry is consistentl...

7.5CVSS5.9AI score0.0035EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/23 12:0 a.m.31 views

CVE-2025-61019

An issue in the sqlokeypartbest component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

0.0035EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/21 7:30 a.m.9 views

EUVD-2026-38151

A vulnerability was found in zhilink 智互联深圳科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0. This affects an unknown part of the component testConnection Endpoint. The manipulation of the argument jdbcUrl results in deserialization. The attack may be performed from remote. The exploit has...

6.5CVSS6AI score0.00242EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.9 views

Astra Linux – Vulnerability in Thunderbird

If a MIME-encoded email contains an OpenPGP inline signed or encrypted message part, but also contains an additional unprotected part, Thunderbird did not indicate that only certain parts of the message are protected. This vulnerability affects Thunderbird versions earlier than 78.10.2...

4.3CVSS5.5AI score0.0094EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in nss

A flaw was discovered in the implementation of CHACHA20-POLY1305 in NSS versions prior to 3.55. When using multi-part Chacha20, it could lead to out-of-bounds reads. This issue was addressed by explicitly disabling multi-part ChaCha20 which was not functioning correctly and enforcing strict tag...

9.1CVSS7.3AI score0.01541EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in Ruby-Rack

Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser could accumulate unbounded data when the header block of a multipart part never ended with the required blank line CRLFCRLF. The parser continuously stored incoming bytes in memory...

7.5CVSS5.7AI score0.00848EPSS
Exploits0References2
OSV
OSV
added 2026/06/18 8:33 a.m.5 views

MINI-Q527-QC6F-6VPF

Bulletin has no description...

9.1CVSS4.9AI score0.00338EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.13 views

PT-2026-50735

Name of the Vulnerable Software and Affected Versions http-proxy-middleware versions 3.0.4 through 3.0.6 http-proxy-middleware versions prior to 4.1.1 Description An issue exists in the fixRequestBody helper function when the outgoing Content-Type is set to multipart/form-data. The function uses...

7.5CVSS5.8AI score0.00243EPSS
Exploits1References5
Chainguard
Chainguard
added 2026/06/16 2:16 p.m.4 views

GHSA-4H4G-832R-8C7F vulnerabilities

Vulnerabilities for packages: chromium...

5.2AI score
Exploits0
Github Security Blog
Github Security Blog
added 2026/06/15 8:39 p.m.9 views

Starlette: request.form() limits silently ignored for application/x-www-form-urlencoded enable DoS

Summary request.form accepts maxfields and maxpartsize to bound resource consumption while parsing form data. These limits are enforced for multipart/form-data, but silently ignored for application/x-www-form-urlencoded. An unauthenticated attacker can therefore send a urlencoded body with an...

7.5CVSS5.5AI score0.00275EPSS
Exploits0References2Affected Software1
Circl
Circl
added 2026/06/12 6:22 p.m.7 views

GHSA-45QJ-4XQ3-3C45

creationtimestamp| type| source ---|---|--- 2026-06-12 18:22:18+00:00| seen| https://gist.github.com/sandh0t/45fdee24a7907e0cd836aed26f2d5a7a...

5AI score
Exploits0References1
OSV
OSV
added 2026/06/10 12:20 p.m.6 views

MINI-PMHW-C6H3-844P

Bulletin has no description...

5.2AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/09 8:59 p.m.9 views

CVE-2026-49756

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in wojtekmach Req allows multipart parameter smuggling via attacker-influenced part metadata. Req.Utils.encodeformpart/2 in lib/req/utils.ex builds the per-part headers by interpolating the caller-supplied name, filename, an...

2.1CVSS5.6AI score0.00178EPSS
Exploits0References1
OSV
OSV
added 2026/06/09 7:26 p.m.6 views

MINI-Q25F-285J-8853

Bulletin has no description...

8.1CVSS5.2AI score0.00552EPSS
Exploits0
OSV
OSV
added 2026/06/09 7:25 p.m.5 views

MINI-8X24-WVCM-PH2W

Bulletin has no description...

8.8CVSS5.2AI score0.00303EPSS
Exploits0
EUVD
EUVD
added 2026/06/09 6:30 p.m.12 views

EUVD-2026-35488

Issue summary: When the X509VERIFYPARAMset1email is called by an application to validate a crafted e-mail address, such as during S/MIME message validation, an out of bounds read can happen. Impact summary: This out of bounds read will not directly exfiltrate the data read to the attacker so the...

6.2CVSS5.5AI score0.0019EPSS
Exploits0References3
Rows per page
Query Builder