Lucene search
K

30 matches found

OSV
OSV
added 2026/06/30 1:19 p.m.3 views

UBUNTU-CVE-2026-58012

A flaw was found in GLib. A buffer over-read can occur in the gregexreplace function when used with the GREGEXRAW compile flag and case-change replacement escapes because the stringappend function processes matched substrings using UTF-8 functions that assume valid UTF-8 input, even when the stri...

8.2CVSS5.9AI score0.00322EPSS
Exploits1References3
CVE
CVE
added 2026/06/30 12:57 p.m.20 views

CVE-2026-58012

CVE-2026-58012 affects GLib. A buffer over-read can occur in g_regex_replace when used with the G_REGEX_RAW flag and case-change replacement escapes because string_append processes matched substrings with UTF-8 functions that expect valid UTF-8 input, even when treated as raw bytes. Impact: minor...

8.2CVSS5.9AI score0.00322EPSS
Exploits1References3Affected Software2
OSV
OSV
added 2026/06/30 12:57 p.m.3 views

CVE-2026-58012 Glib: buffer over-read in g_regex_replace() via glib/gregex.c:string_append() and g_utf8_next_char()

A flaw was found in GLib. A buffer over-read can occur in the gregexreplace function when used with the GREGEXRAW compile flag and case-change replacement escapes because the stringappend function processes matched substrings using UTF-8 functions that assume valid UTF-8 input, even when the stri...

6.5CVSS6AI score0.00322EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2026/06/30 12:57 p.m.8 views

CVE-2026-58012 Glib: buffer over-read in g_regex_replace() via glib/gregex.c:string_append() and g_utf8_next_char()

A flaw was found in GLib. A buffer over-read can occur in the gregexreplace function when used with the GREGEXRAW compile flag and case-change replacement escapes because the stringappend function processes matched substrings using UTF-8 functions that assume valid UTF-8 input, even when the stri...

6.5CVSS5.9AI score0.00322EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/06/23 4:52 p.m.8 views

Gogs Vulnerable to Privilege Escalation via Collaboration Access Mode Validation

Summary A repository admin collaborator can escalate their privileges to owner-level access by exploiting an off-by-one error in the ChangeCollaborationAccessMode function. Vulnerable Code In internal/database/repocollaboration.go, line 129: go func r Repository ChangeCollaborationAccessModeuserI...

7CVSS5.9AI score0.00499EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/06/08 2:12 p.m.13 views

EUVD-2026-35072

Unexpected Status Code or Return Value vulnerability in ninenines gun gunhttp module allows a malicious HTTP server to force the client into raw protocol mode via an unsolicited 101 Switching Protocols response. In gunhttp:handleinform/8, when a 101 Switching Protocols response is received over...

8.7CVSS5.6AI score0.00381EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/08 2:12 p.m.9 views

CVE-2026-43974 gun HTTP/1.1 client accepts unsolicited 101 Switching Protocols response allowing server-driven protocol hijack and OOM

Unexpected Status Code or Return Value vulnerability in ninenines gun gunhttp module allows a malicious HTTP server to force the client into raw protocol mode via an unsolicited 101 Switching Protocols response. In gunhttp:handleinform/8, when a 101 Switching Protocols response is received over...

8.7CVSS5.6AI score0.00381EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.16 views

PT-2026-47300

Name of the Vulnerable Software and Affected Versions gun versions 2.0.0 through 2.3.x Description An issue in the gun http module allows a malicious HTTP server to force a client into raw protocol mode by sending an unsolicited 101 Switching Protocols response. In the handle inform/8 function, t...

8.7CVSS5.6AI score0.00381EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/02/21 7:26 a.m.6 views

CVE-2026-26993

Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Versions 1.7.0 and below allow users to upload files without proper content validation or sanitization. By embedding malicious JavaScript within an SVG or other active content formats such as HTML...

5.4CVSS5.7AI score0.0028EPSS
Exploits1References1
NVD
NVD
added 2026/02/20 3:16 a.m.6 views

CVE-2026-26993

Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Versions 1.7.0 and below allow users to upload files without proper content validation or sanitization. By embedding malicious JavaScript within an SVG or other active content formats such as HTML...

5.4CVSS0.0028EPSS
Exploits1References3
CVE
CVE
added 2026/02/20 2:33 a.m.37 views

CVE-2026-26993

CVE-2026-26993 affects the Flare file sharing platform (Next.js-based) up to version 1.7.0. An attacker can embed malicious JavaScript in an SVG (or HTML/XML) and trigger script execution in the app’s origin when a file is viewed in “raw” mode, enabling stored XSS and potential user data exfiltra...

5.4CVSS5.8AI score0.0028EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/20 12:0 a.m.11 views

PT-2026-20993

Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Versions 1.7.0 and below allow users to upload files without proper content validation or sanitization. By embedding malicious JavaScript within an SVG or other active content formats such as HTML...

4.6CVSS5.8AI score0.0028EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-24038

Malicious code in bioql PyPI...

5.4CVSS5.4AI score0.00753EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2024-4207

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 prior 17.0.6, starting from 17.1 prior to 17.1.4, and starti...

5.4CVSS5AI score0.00294EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2020-25864

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HashiCorp Consul and Consul Enterprise up to version 1.9.4 key-value KV raw mode was vulnerable to cross-site scripting. Fixed in 1.9.5, 1.8.10 and 1.7.14...

6.1CVSS6AI score0.06095EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/10/08 12:0 a.m.7 views

Directus 日志信息泄露漏洞

Directus is a real-time Api and application dashboard open-sourced by Directus. It is used to manage Sql database content. Directus suffers from a log information disclosure vulnerability that stems from access tokens being output unprocessed to logs when LOGSTYLE is set to raw...

4.2CVSS5.9AI score0.00312EPSS
Exploits1References3
OSV
OSV
added 2024/08/08 11:15 a.m.3 views

UBUNTU-CVE-2024-4207

A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 prior 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2. When viewing an XML file in a repository in raw mode, it can be made to render as HTML if viewed under...

5.4CVSS5.6AI score0.00294EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/06/12 11:1 p.m.30 views

CVE-2024-4201 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 before 16.10.7, all versions starting from 16.11 before 16.111.4, all versions starting from 17.0 before 17.0.2. When viewing an XML file in a repository in raw mode, it can be made to render as HT...

4.4CVSS0.00483EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/06/12 12:0 a.m.3 views

PT-2024-29687 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 5.1 through 16.10.7 GitLab versions 16.11 through 16.11.4 GitLab versions 17.0 through 17.0.2 Description: A cross-site scripting issue has been discovered in GitLab. When viewing an XML file in a repository in raw mode, it ca...

4.4CVSS6.2AI score0.00483EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2024/04/25 12:0 a.m.3 views

PT-2024-5591 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 5.1 through 17.0.6 GitLab versions 17.1 through 17.1.4 GitLab versions 17.2 through 17.2.2 Description: A cross-site scripting issue exists due to inadequate protection of the web page structure. This can be exploited by a...

5.4CVSS5.8AI score0.00294EPSS
Exploits0References15
Rows per page
Query Builder