Lucene search
K

28 matches found

Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.5 views

Unity Linux 20.1060e / 20.1070e Security Update: ruby (UTSA-2026-017532)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017532 advisory. An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into...

5.8CVSS5.8AI score0.0305EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/05/05 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-6907

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. django.middleware.cache.UpdateCacheMiddleware erroneously caches requests where the Vary head...

5.3CVSS7AI score0.00358EPSS
Exploits0References3
OSV
OSV
added 2026/03/19 9:17 p.m.5 views

CVE-2026-27934 Discourse leaks private topic title and post excerpt via user action API endpoint

Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have a lack of visibility checks with a user action API endpoint that results in disclosure of the title and post excerpt to unauthorized users, leading to information disclosure. Versions...

8.7CVSS5.9AI score0.00254EPSS
Exploits0References3
OSV
OSV
added 2026/03/01 12:0 a.m.17 views

ASB-A-465136263

In dumpBitmapsProto of ActivityManagerService.java, there is a possible way for an app to access private information due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

8.4CVSS6.1AI score0.00138EPSS
Exploits1References1
CVE
CVE
added 2026/02/26 10:7 p.m.12 views

CVE-2026-27839

CVE-2026-27839 affects wger up to version 2.4, where three nutritional_values endpoints fetch objects via Model.objects.get(pk=pk) instead of using a user-scoped queryset. This allows any authenticated user to read another user’s private nutrition data (caloric intake and full macro breakdown) by...

4.3CVSS5.5AI score0.0026EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2026/01/27 12:0 a.m.5 views

Hono code issue vulnerabilities

Hono is a web framework built in TypeScript for the Hono community. Versions of Hono prior to 4.11.7 had code vulnerabilities. These vulnerabilities stemmed from information leaks in the caching middleware, which could potentially cache private or authenticated responses and expose them to...

5.3CVSS5.9AI score0.00457EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/01/09 10:4 a.m.20 views

CVE-2025-3950 Exposure of Private Personal Information to an Unauthorized Actor in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.3 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed a user to leak certain information by referencing specially crafted images that bypass asset proxy protection...

3.5CVSS0.00226EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/11/18 7:2 p.m.7 views

XWiki view file macro: User can view content of office file without view rights on the attachment

Summary A user with no view rights on a page may see the content of an office attachment displayed with the view file macro. Details If on a public page is displayed an office attachment from a restricted page, a user with no view rights on the restricted page can view the attachment content, no...

6.8CVSS6.8AI score0.00252EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-34987

Malicious code in bioql PyPI...

5.3CVSS5.7AI score0.00425EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-58259

Malicious code in bioql PyPI...

5.9CVSS6.3AI score0.01156EPSS
Exploits1References9
RedhatCVE
RedhatCVE
added 2025/04/02 3:39 p.m.11 views

CVE-2025-27149

Zulip server provides an open-source team chat that helps teams stay productive and focused. Prior to 10.0, the data export to organization administrators feature in Zulip leaks private data. The collection of user-agent types identifying specific integrations or HTTP libraries E.g.,...

4.6CVSS7.1AI score0.00263EPSS
Exploits0References1
CVE
CVE
added 2025/03/31 3:33 p.m.70 views

CVE-2025-27149

Zulip server before 10.0 has a data-export vulnerability (CVE-2025-27149) where export types for organization admins incorrectly included metadata such as user-agent identifiers for integrations and HTTP libraries, and in public data/with-consent exports exposed titles of topics in private channe...

4.6CVSS6.5AI score0.00263EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/02/27 12:0 a.m.11 views

Azure Linux 3.0 Security Update: opensc (CVE-2023-5992)

The version of opensc installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-5992 advisory. - A vulnerability was found in OpenSC where PKCS1 encryption padding removal is not implemented as side- channe...

5.9CVSS6.5AI score0.01156EPSS
Exploits1References2
Amazon
Amazon
added 2024/09/18 12:0 a.m.7 views

Medium: openssl-snapsafe

Issue Overview: Issue summary: Calling the OpenSSL API function SSLselectnextproto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected applicati...

9.1CVSS7AI score0.05582EPSS
Exploits1
OSV
OSV
added 2024/08/23 3:44 p.m.4 views

CVE-2024-42364 homepage DNS rebinding vulnerability (GHSL-2024-096)

Homepage is a highly customizable homepage with Docker and service API integrations. The default setup of homepage 0.9.1 is vulnerable to DNS rebinding. Homepage is setup without certificate and authentication by default, leaving it to vulnerable to DNS rebinding. In this attack, an attacker will...

6.5CVSS6.8AI score0.00245EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/03/15 12:0 a.m.31 views

Fedora 38 : opensc (2024-b92d44f141)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-b92d44f141 advisory. New upstream release with security fixes for CVE-2023-5992 and CVE-2024-1454 Tenable has extracted the preceding description block directly from the...

5.9CVSS6AI score0.01156EPSS
Exploits1References3
OSV
OSV
added 2024/01/31 2:15 p.m.9 views

AZL-34088 CVE-2023-5992 affecting package opensc for versions less than 0.23.0-3

A vulnerability was found in OpenSC where PKCS1 encryption padding removal is not implemented as side-channel resistant. This issue may result in the potential leak of private data...

5.9CVSS7.1AI score0.01156EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2023/11/01 12:0 a.m.10 views

The vulnerability of the Bluetooth component of the Android operating system, which allows a intruder to disclose protected information

The vulnerability of the Bluetooth component in the Android operating system is related to deficiencies in access control. Exploiting this vulnerability could allow a perpetrator to disclose protected information...

7.8CVSS5.7AI score0.00086EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/05/23 8:15 p.m.2 views

CVE-2023-2703

Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Finex Media Competition Management System allows Retrieve Embedded Sensitive Data, Collect Data as Provided by Users.This issue affects Competition Management System: before 23.07...

7.5CVSS7.1AI score0.00565EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 4:35 a.m.2 views

SUSE CVE-2017-1000099

When asking to get a file from a file:// URL, libcurl provides a feature that outputs meta-data about the file using HTTP-like headers. The code doing this would send the wrong buffer to the user stdout or the application's provide callback, which could lead to other private data from the heap to...

6.5CVSS7.2AI score0.03075EPSS
Exploits0References4
Rows per page
Query Builder