Lucene search
K

75 matches found

Debian CVE
Debian CVE
added 2026/06/18 6:0 p.m.6 views

CVE-2026-55392

NILFS utilities through 2.3.0, fixed in commit 26efb5d, nilfssbisvalid function fails to validate slogblocksize field in NILFS2 superblock before bit-shift operations. Attackers supplying crafted NILFS2 images trigger undefined behavior through oversized shifts or out-of-memory conditions, crashi...

6.7CVSS5.3AI score0.00105EPSS
Exploits0
CVE
CVE
added 2026/06/01 4:37 p.m.28 views

CVE-2026-45154

Nextcloud Collectives vulnerability: from version 2.6.0 through before 4.3.0, if a collective page was deleted and the collective was shared view‑only, guests with access could directly retrieve the deleted pages from the trashbin. Root cause: improper access control. A fix is available in versio...

2.6CVSS5.7AI score0.00189EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-42784

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - rust-sequoia-openpgp - None Ubuntu Linux - openpgp: Don't imply missing key flags from key type CVE-2026-42784 Note that Nessus relies on the...

5.8AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.11 views

PT-2026-39998

Name of the Vulnerable Software and Affected Versions multiparty versions 4.2.3 and earlier Description A denial of service occurs due to an uncaught exception during the parsing of multipart/form-data requests. When a request contains a Content-Disposition header with a filename parameter...

7.5CVSS5.8AI score0.00279EPSS
Exploits0References8
NVD
NVD
added 2026/05/07 12:16 p.m.29 views

CVE-2026-41643

GoBGP is an open source Border Gateway Protocol BGP implementation in the Go Programming Language. Prior to version 4.3.0, a remote Denial of Service DoS vulnerability exists in GoBGP where a malformed BGP UPDATE message can trigger a runtime error: index out of range panic. This occurs during th...

7.5CVSS0.00503EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2026/05/04 5:0 a.m.9 views

CVE-2026-7734

A vulnerability has been found in osrg GoBGP up to 4.3.0. This impacts the function SRv6L3ServiceAttribute.DecodeFromBytes of the file pkg/packet/bgp/prefixsid.go of the component SRv6 L3 Service. Such manipulation of the argument data leads to denial of service. The attack may be performed from...

7.5CVSS5.6AI score0.00464EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/05/04 12:0 a.m.6 views

CVE-2026-37461

An out-of-bounds read in the ParseIP6Extended function /bgp/bgp.go of gobgp v4.3.0 allows attackers to cause a Denial of Service DoS via supplying a crafted BGP UPDATE message...

7.5CVSS5.8AI score0.00335EPSS
Exploits0
Snyk
Snyk
added 2026/04/14 4:4 a.m.7 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the getHostByName function in the v2 template engine. An attacker can cause sensitive data to be disclosed by crafting or updating templated resources that trigger DNS queries containing secret-derived values fr...

7.1CVSS5.7AI score0.00262EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/13 10:39 a.m.1 views

CVE-2026-2728

LibreNMS versions before 26.3.0 are affected by an authenticated Cross-site Scripting vulnerability on the showconfig page. Successful exploitation requires administrative privileges. Exploitation could result in XSS attacks being performed against other users with access to the page...

4.6CVSS5.8AI score0.00225EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.7 views

PT-2026-30816

Name of the Vulnerable Software and Affected Versions Checkmk versions 2.2.0 EOL, 2.3.0 through 2.3.0p45, 2.4.0 through 2.4.0p24, and 2.5.0 beta through 2.5.0b2 Description Insufficient sanitization of dashboard dashlet title links allows an attacker with dashboard creation privileges to perform...

8.5CVSS5.6AI score0.00228EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/03/11 7:15 p.m.2 views

CVE-2026-31900

Black is the uncompromising Python code formatter. Black provides a GitHub action for formatting code. This action supports an option, usepyproject: true, for reading the version of Black to use from the repository pyproject.toml. A malicious pull request could edit pyproject.toml to use a direct...

8.7CVSS6.3AI score0.0046EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.7 views

WordPress plugin Law Office 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

8.1CVSS5.8AI score0.00403EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/02/19 3:17 p.m.13 views

Unauthorized npm publish of [email protected] with modified postinstall script

Description On February 17, 2026 at 3:26 AM PT, an unauthorized party used a compromised npm publish token to publish an update to Cline CLI on the NPM registry: [email protected]. The published package contains a modified package.json with an added postinstall script: "postinstall": "npm install -g...

5.6AI score
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/01/22 2:57 p.m.24 views

CVE-2025-64097 NervesHub has Insufficient Token Entropy that Allows Authentication Bypass via Brute Force

NervesHub is a web service that allows users to manage over-the-air OTA firmware updates of devices in the field. A vulnerability present starting in version 1.0.0 and prior to version 2.3.0 allowed attackers to brute-force user API tokens due to the predictable format of previously issued tokens...

9.5CVSS0.00422EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/01/16 10:45 p.m.5 views

CVE-2026-22816

Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. When resolving dependencies in versions before 9.3.0, some exceptions were not treated as fatal errors and would not cause a repository to be disabled. If a build encountered one of these...

8.6CVSS5.4AI score0.00149EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/09 10:35 a.m.12 views

CVE-2017-18880

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS could occur via the titlelink field of a Slack attachment...

6.1CVSS6AI score0.00685EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/08 12:0 a.m.4 views

WordPress plugin Jobify 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

7.1CVSS6AI score0.0018EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/10 5:17 p.m.4 views

CVE-2023-23729

Missing Authorization vulnerability in Brainstorm Force Spectra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through 2.3.0...

5.4CVSS5.1AI score0.00213EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/11/11 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2025-13013

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mitigation bypass in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Firefox ESR 115.30, Thunderbird 145, and...

6.1CVSS6.4AI score0.00175EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/11/04 12:0 a.m.4 views

Xibo CMS 安全漏洞

Xibo CMS is an open source content management system from Xibo Digital Signage. A security vulnerability exists in Xibo CMS 4.3.0 and prior versions, which stems from a mishandled Twig filter in the Module Templates feature in the CMS Developer menu, which could lead to remote code execution...

7.2CVSS7.8AI score0.00887EPSS
Exploits2References6
Rows per page
Query Builder