Lucene search
K

801 matches found

Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.14 views

PT-2026-43114

A security flaw has been discovered in SourceCodester Student Grades Management System 1.0. This affects an unknown part. The manipulation results in cross-site request forgery. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks...

5.3CVSS5.4AI score0.00187EPSS
Exploits0References5
OSV
OSV
added 2026/05/21 3:42 a.m.4 views

MINI-CJ2C-Q547-3M6V

Bulletin has no description...

7.5CVSS5.7AI score0.00278EPSS
Exploits0
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.10 views

Astra Linux – Vulnerability in Thunderbird

If a MIME-encoded email contains an OpenPGP inline signed or encrypted message part, but also contains an additional unprotected part, Thunderbird did not indicate that only certain parts of the message are protected. This vulnerability affects Thunderbird versions earlier than 78.10.2...

4.3CVSS5.5AI score0.0094EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in nss

A flaw was discovered in the implementation of CHACHA20-POLY1305 in NSS versions prior to 3.55. When using multi-part Chacha20, it could lead to out-of-bounds reads. This issue was addressed by explicitly disabling multi-part ChaCha20 which was not functioning correctly and enforcing strict tag...

9.1CVSS7.1AI score0.01541EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/05/19 4:21 p.m.18 views

crypto/x509: Incorrect enforcement of email constraints in crypto/x509

A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly...

7.5CVSS7.1AI score0.00606EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/05/14 10:29 a.m.10 views

CVE-2026-8468 Unbounded buffer accumulation in multipart header parsing causes denial of service in plug

Allocation of Resources Without Limits or Throttling vulnerability in plugproject plug allows denial of service via unbounded buffer accumulation in multipart header parsing. 'Elixir.Plug.Conn':readpartheaders/2 in lib/plug/conn.ex does not obey its :length parameter. There is no upper bound on t...

8.2CVSS6AI score0.0062EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/05/14 10:29 a.m.7 views

CVE-2026-8468

Allocation of Resources Without Limits or Throttling vulnerability in plugproject plug allows denial of service via unbounded buffer accumulation in multipart header parsing. 'Elixir.Plug.Conn':readpartheaders/2 in lib/plug/conn.ex does not obey its :length parameter. There is no upper bound on t...

8.2CVSS6AI score0.0062EPSS
Exploits0References10Affected Software1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

Siemens Solid Edge 安全漏洞

Siemens Solid Edge is a 3D CAD software developed by the German company Siemens. This software can be used for parts design, assembly design, sheet metal design, welding design, and other industries. Versions of Siemens Solid Edge prior to SE2026 V226.0 Update 5 contained security vulnerabilities...

7.8CVSS7.5AI score0.00106EPSS
Exploits0References1
OSV
OSV
added 2026/05/11 6:46 p.m.6 views

MINI-2M5X-5V24-C96Q

Bulletin has no description...

6.1CVSS5.7AI score0.00371EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.7 views

Unity Linux 20.1060e / 20.1070e Security Update: nss (UTSA-2026-017618)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017618 advisory. A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in versions before 3.55. When using multi-part Chacha20, it could cause out-of-bounds reads. Thi...

9.1CVSS7AI score0.01541EPSS
Exploits0References4
OSV
OSV
added 2026/05/08 9:17 p.m.11 views

MINI-29HM-C26V-3RXP

Bulletin has no description...

7.5CVSS5.7AI score0.00887EPSS
Exploits1
OSV
OSV
added 2026/04/30 12:30 a.m.4 views

MINI-2X4C-P5CR-7823

Bulletin has no description...

6.5CVSS4.8AI score0.00192EPSS
Exploits2
OSV
OSV
added 2026/04/29 1:46 p.m.4 views

MINI-8V5R-F66R-M8GH

Bulletin has no description...

7.1CVSS6.7AI score0.00267EPSS
Exploits0
Snyk
Snyk
added 2026/04/24 7:19 p.m.9 views

CRLF Injection

Overview org.webjars.npm:axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to CRLF Injection through the FormDataPart multipart header construction in the form-data streaming helper. An attacker can inject arbitrary multipart header...

6.9CVSS5.7AI score0.0024EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.6 views

PT-2026-35047

Name of the Vulnerable Software and Affected Versions Axios versions 1.0.0 through 1.15.0 Description The FormDataPart constructor in lib/helpers/formDataToStream.js interpolates the value.type property directly into the Content-Type header of each multipart part without sanitizing CRLF carriage...

5.3CVSS5.9AI score0.0024EPSS
Exploits1References8
NVD
NVD
added 2026/04/22 1:16 a.m.7 views

CVE-2026-41145

MinIO is a high-performance object storage system. Starting in RELEASE.2023-05-18T00-05-36Z and prior to RELEASE.2026-04-11T03-20-12Z, an authentication bypass vulnerability in MinIO's STREAMING-UNSIGNED-PAYLOAD-TRAILER code path allows any user who knows a valid access key to write arbitrary...

8.8CVSS0.00349EPSS
Exploits0References3
OSV
OSV
added 2026/04/16 12:47 a.m.11 views

GHSA-VMJJ-QR7V-PXM6 Froxlor has an Email Sender Alias Domain Ownership Bypass via Wrong Array Index Allows Cross-Customer Email Spoofing

Summary In EmailSender::add, the domain ownership validation for full email sender aliases uses the wrong array index when splitting the email address, passing the local part instead of the domain to validateLocalDomainOwnership. This causes the ownership check to always pass for non-existent...

5CVSS5.9AI score0.00231EPSS
Exploits1References5
OSV
OSV
added 2026/04/15 3:0 p.m.3 views

MINI-56V4-3JV3-GV27

Bulletin has no description...

9.1CVSS5.7AI score0.01127EPSS
Exploits1
Snyk
Snyk
added 2026/04/14 11:40 p.m.8 views

Improper Authentication

Overview github.com/minio/minio/cmd is an open source object storage server compatible with Amazon S3 APIs. Affected versions of this package are vulnerable to Improper Authentication via the PutObjectHandler and PutObjectPartHandler function. An attacker can gain unauthorized write access to...

8.8CVSS5.8AI score0.00349EPSS
Exploits0References2
OSV
OSV
added 2026/04/12 2:18 a.m.4 views

MINI-QRC6-P95F-VCCQ

Bulletin has no description...

5.5CVSS5.7AI score0.0029EPSS
Exploits0
Rows per page
Query Builder