Lucene search
+L

88 matches found

Snyk
Snyk
added 2026/07/09 8:43 a.m.6 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the path key in blobs.yaml. An attacker can write arbitrary files and exfiltrate sensitive information by supplying crafted input that causes traversal outside the intended directory. Details A Directory Traversa...

9.1CVSS7.3AI score0.00337EPSS
Exploits0References2
OSV
OSV
added 2026/07/02 5:33 p.m.4 views

GHSA-H5GX-45RJ-2H5J Kerberos Hub private key (X-Kerberos-Hub-PrivateKey) leaked to cross-host redirect target due to redirect-following HTTP client without CheckRedirect

Summary The Kerberos Hub upload path sends the agent's Hub credentials in the custom X-Kerberos-Hub-PrivateKey and X-Kerberos-Hub-PublicKey request headers to the operator-configured Hub URL config.HubURI. The HTTP client used &http.Client in UploadKerberosHub is constructed without a CheckRedire...

6.9CVSS5.9AI score
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/05 6:27 p.m.12 views

CVE-2026-46395

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, the hmacBase64 function in the HAXcms Node.js backend contains two critical cryptographic implementation errors that together allow any unauthenticated attacker to extract the system’s private signing ke...

9.3CVSS5.9AI score0.00295EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.13 views

HAXCMS 安全漏洞

HAXCMS is an open-source content management system developed by HAX The Web. Versions of HAX CMS prior to Node.js 26.0.0 contained security vulnerabilities. These vulnerabilities stemmed from two encryption implementation errors in the hmacBase64 function. This could allow unauthenticated attacke...

9.3CVSS5.5AI score0.00295EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.22 views

PT-2026-46045

Name of the Vulnerable Software and Affected Versions OP-TEE versions prior to 4.11.0 Description OP-TEE is a Trusted Execution Environment designed as a companion to a non-secure Linux kernel running on Arm Cortex-A cores using TrustZone technology. In several ECDH shared secret paths, the publi...

4.7CVSS5.8AI score0.00096EPSS
Exploits1References5
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability in mbedtls

The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS from 2.19.1 onwards does not reduce the blinded scalar before computing the inverse. This allows a local attacker to recover the private key through side-channel attacks...

4.7CVSS5.8AI score0.00343EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/06 11:24 a.m.8 views

Directory Traversal

Overview org.apache.wicket:wicket-core is a Java web application framework that takes simplicity, separation of concerns and ease of development to a whole new level. Wicket pages can be mocked up, previewed and later revised using standard WYSIWYG HTML design tools. Dynamic content processing an...

8.7CVSS6.2AI score0.00394EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/05/04 2:31 p.m.10 views

cryptography: cryptography Subgroup Attack Due to Missing Subgroup Validation for SECT Curves

A validation flaw has been discovered in the python cryptography package. This missing validation allows an attacker to provide a public key point P from a small-order subgroup. This can lead to security issues in various situations, such as the most commonly used signature verification ECDSA and...

8.2CVSS6.8AI score0.00341EPSS
Exploits0References6
Snyk
Snyk
added 2026/04/08 12:16 a.m.13 views

Directory Traversal

Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to Directory Traversal via the serveStatic function. An attacker can access sensitive static files intended to be protected by route-based middleware by crafting request paths with repeated...

6.9CVSS6.3AI score0.00459EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/12 6:44 p.m.1 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via a combination with permissive CORS configuration. An attacker can access, write, and delete arbitrary files on a developer's machine by enticing the victim to visit a malicious website while the development serve...

9.6CVSS6.3AI score0.00535EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/12/12 12:0 a.m.12 views

PT-2026-2255

Name of the Vulnerable Software and Affected Versions RustCrypto Signatures versions prior to 0.1.0-rc.2 Description RustCrypto Signatures provides support for digital signatures, which authenticate data using public-key cryptography. A timing side-channel was identified in the Decompose algorith...

6.4CVSS6.5AI score0.00173EPSS
Exploits0References17
Tenable Nessus
Tenable Nessus
added 2025/11/20 12:0 a.m.8 views

TencentOS Server 4: netplan (TSSA-2024:0909)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0909 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

6.5CVSS5.6AI score0.00264EPSS
Exploits1References2
OSV
OSV
added 2025/11/17 2:22 a.m.6 views

HSEC-2025-0006 Private key leak via inherited file descriptor

Private key leak via inherited file descriptor The X.509 key reading function readKeyFile opened a file descriptor to the private key without setting the close-on-exec flag. If a child process is execed at the same time, it would inherit that file descriptor and could read the private key materia...

6.7AI score
Exploits0References1
OSV
OSV
added 2025/10/11 1:20 p.m.9 views

OESA-2025-2385 xml-security security update

The XML Security project is aimed at providing implementation of security standards for XML. Currently the focus is on the W3C standards : - XML-Signature Syntax and Processing; and - XML Encryption Syntax and Processing. Security Fixes: All versions of Apache Santuario - XML Security for Java...

6.5CVSS6.9AI score0.01212EPSS
Exploits0References2
OSV
OSV
added 2025/10/11 1:20 p.m.8 views

OESA-2025-2382 xml-security security update

The XML Security project is aimed at providing implementation of security standards for XML. Currently the focus is on the W3C standards : - XML-Signature Syntax and Processing; and - XML Encryption Syntax and Processing. Security Fixes: All versions of Apache Santuario - XML Security for Java...

6.5CVSS6.9AI score0.01212EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2016-1723

Malware in sbrugna...

7.8CVSS7.6AI score0.02281EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-2946

Malicious code in bioql PyPI...

5.9CVSS5.8AI score0.00605EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-35623

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.00768EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-0057

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00736EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2021-33968

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.0154EPSS
Exploits0References5
Rows per page
Query Builder