Lucene search
K

84 matches found

NVD
NVD
added 2026/06/22 4:16 p.m.9 views

CVE-2026-53655

node-tar is a full-featured Tar for Node.js. Prior to 7.5.16, tar node-tar applies a PAX extended header's size= record and other PAX overrides to the next header entry of any type, including intermediary metadata headers such as a GNU long-name L or long-link K entry. Per POSIX pax, a PAX extend...

6.9CVSS0.00107EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2026/05/08 2:22 a.m.7 views

SUSE CVE-2026-41648

Incus is a system container and virtual machine manager. Prior to version 7.0.0, user provided image and backup tarballs would be unpacked and YAML files parsed without any size restrictions. This was making it easy for an authenticated user to provide a crafted image or backup tarball that when...

5.3CVSS5.7AI score0.00269EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/05/07 1:5 p.m.26 views

CVE-2026-41648 Incus: Unbounded YAML Metadata Decode via Parsing

Incus is a system container and virtual machine manager. Prior to version 7.0.0, user provided image and backup tarballs would be unpacked and YAML files parsed without any size restrictions. This was making it easy for an authenticated user to provide a crafted image or backup tarball that when...

5.3CVSS0.00269EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.10 views

Incus 代码问题漏洞

Incus is a system container and virtual machine manager developed by LXC. Versions of Incus prior to 7.0.0 contained code vulnerabilities. These vulnerabilities stemmed from the backup.GetInfo function’s trust inlining backup configurations, which allowed valid, inline configurations along with...

6.5CVSS5.8AI score0.00408EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.6 views

Zammad 访问控制错误漏洞

Zammad is a ticketing management software developed by the German company Zammad. Versions of Zammad prior to 7.0.1 and 6.5.4 contained an access control vulnerability. This vulnerability stemmed from unverified attackers being able to access the “getting started” endpoint, potentially leading to...

8.7CVSS5.8AI score0.00443EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/07 5:57 p.m.5 views

EUVD-2026-19837

ChurchCRM is an open-source church management system. Prior to 7.1.0, a Blind Reflected Cross-Site Scripting vulnerability exists in the search parameter accepted by the ChurchCRM dashboard. The application fails to sanitize or encode user-supplied input prior to rendering it within the browser's...

8.6CVSS6.3AI score0.00224EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.7 views

ChurchCRM SQL注入漏洞

ChurchCRM is an open-source CRM system developed for churches. Versions of ChurchCRM prior to 7.1.0 had a SQL injection vulnerability. This vulnerability stemmed from insufficient cleaning and escaping of Field parameters in the GroupPropsFormRowOps.php file, which could lead to SQL injection...

8.8CVSS5.9AI score0.0034EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.2 views

PT-2026-30943

ChurchCRM is an open-source church management system. Prior to 7.1.0, a SQL injection vulnerability exists in ChurchCRM's SettingsIndividual.php where user-controlled array keys from the type POST parameter are used directly in SQL queries without sanitization. This allows any authenticated user ...

8.8CVSS6AI score0.0003EPSS
Exploits0References2
CVE
CVE
added 2026/04/02 2:2 p.m.15 views

CVE-2026-31932

CVE-2026-31932 affects Suricata (network IDS/IPS/NSM). The issue is described as inefficiency (quadratic complexity) in KRB5 buffering that can lead to performance degradation. Affected versions are prior to 7.0.15 and 8.0.4, with a patch applying in 7.0.15 and 8.0.4. CVSS:3.1 base score 7.5 (HIG...

7.5CVSS5.7AI score0.00267EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.5 views

Suricata 安全漏洞

Suricata is a network IDS, IPS, and NSM engine developed by the Open Information Security Foundation. Versions of Suricata prior to 7.0.15 contained security vulnerabilities, which were caused by inefficient DCERPC buffering, potentially leading to performance degradation...

7.5CVSS5.8AI score0.00351EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/26 12:16 a.m.28 views

CVE-2026-33526 Squid vulnerable to Denial of Service in ICP Request handling

Squid is a caching proxy for the Web. Prior to version 7.5, due to heap Use-After-Free, Squid is vulnerable to Denial of Service when handling ICP traffic. This problem allows a remote attacker to perform a reliable and repeatable Denial of Service attack against the Squid service using ICP...

9.2CVSS0.08942EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/26 12:11 a.m.29 views

CVE-2026-32748 Squid has Denial of Service in ICP Response handling

Squid is a caching proxy for the Web. Prior to version 7.5, due to premature release of resource during expected lifetime and heap Use-After-Free bugs, Squid is vulnerable to Denial of Service when handling ICP traffic. This problem allows a remote attacker to perform a reliable and repeatable...

8.7CVSS0.08931EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/26 12:11 a.m.3 views

EUVD-2026-16056

Squid is a caching proxy for the Web. Prior to version 7.5, due to premature release of resource during expected lifetime and heap Use-After-Free bugs, Squid is vulnerable to Denial of Service when handling ICP traffic. This problem allows a remote attacker to perform a reliable and repeatable...

8.7CVSS5.8AI score0.08931EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/03/12 10:0 a.m.3 views

SUSE CVE-2023-43637

Due to the implementation of "deriveVaultKey", prior to version 7.10, the generated vault key would always have the last 16 bytes predetermined to be "arfoobarfoobarfo". This issue happens because "deriveVaultKey" calls "retrieveCloudKey" which will always return "foobarfoobarfoobarfoobarfoobarfo...

7.8CVSS5.8AI score0.00134EPSS
Exploits0References3
NVD
NVD
added 2026/03/11 9:16 p.m.4 views

CVE-2026-32111

ha-mcp is a Home Assistant MCP Server. Prior to 7.0.0, the ha-mcp OAuth consent form beta feature accepts a user-supplied haurl and makes a server-side HTTP request to haurl/api/config with no URL validation. An unauthenticated attacker can submit arbitrary URLs to perform internal network...

5.3CVSS0.00278EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/06 12:0 a.m.8 views

AVideo 操作系统命令注入漏洞

AVideo is an open-source broadcast network creation tool developed by the World Wide Broadcast Network. Prior to version 7.0 of AVideo, there was a vulnerability related to operating system command injection. This vulnerability allowed unauthenticated attackers to execute arbitrary operating syst...

9.8CVSS7.7AI score0.02132EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:1 a.m.2 views

CVE-2023-43637

Due to the implementation of "deriveVaultKey", prior to version 7.10, the generated vault key would always have the last 16 bytes predetermined to be "arfoobarfoobarfo". This issue happens because "deriveVaultKey" calls "retrieveCloudKey" which will always return "foobarfoobarfoobarfoobarfoobarfo...

7.8CVSS6.8AI score0.00134EPSS
Exploits0References1
OSV
OSV
added 2025/12/12 12:21 p.m.5 views

OESA-2025-2839 redis6 security update

Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...

9.9CVSS8.1AI score0.86767EPSS
Exploits19References8
CNNVD
CNNVD
added 2025/12/05 12:0 a.m.4 views

Fortra GoAnywhere MFT 安全漏洞

Fortra GoAnywhere MFT is a file transfer software from Fortra, Inc. A security vulnerability exists in Fortra GoAnywhere MFT versions prior to 7.9.0, which stems from improper access control of the SFTP service, and could result in a Web user logging in with an SSH key...

4.2CVSS6.6AI score0.00149EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/12/03 12:0 a.m.4 views

HCLTech DRAGON 安全漏洞

HCLTech DRAGON is a data retention / archiving / mass data storage and retrieval solution from HCL Corporation, USA. A security vulnerability exists in HCLTech DRAGON versions prior to 7.6.0 that stems from the API not enforcing a request number or size limit, which could lead to remote execution...

5.5CVSS7AI score0.00384EPSS
Exploits0References4
Rows per page
Query Builder