Lucene search
+L

6529 matches found

Mageia
Mageia
added 2026/04/07 9:50 p.m.8 views

Updated roundcubemail packages fix security vulnerability

SVG Animate FUNCIRI Attribute Bypass — Remote Image Loading via fill/filter/stroke And some regressions from the last fix are fixed...

8.2CVSS5.9AI score0.00329EPSS
Exploits0References2
Debian
Debian
added 2026/04/06 9:19 p.m.7 views

[SECURITY] [DSA 6197-2] dovecot regression update

------------------------------------------------------------------------- Debian Security Advisory DSA-6197-2 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 06, 2026 https://www.debian.org/security/faq -...

7.5CVSS5.8AI score0.00703EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/04/05 12:0 a.m.7 views

Fedora 42 : libopenmpt (2026-e2621c29b2)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-e2621c29b2 advisory. Update from 0.8.5 to 0.8.6 to fix regression: https://lib.openmpt.org/libopenmpt/2026/03/24/security-updates-0.8.6-0.7.19-0.6.28-0.5.42-0.4.54/ ---- Potentia...

6AI score
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/04/04 12:0 a.m.5 views

Improving ML Attacks on LWE with Data Repetition and Stepwise Regression

The Learning with Errors LWE problem is a hard math problem in lattice-based cryptography. In the simplest case of binary secrets, it is the subset sum problem, with error. Effective ML attacks on LWE were demonstrated in the case of binary, ternary, and small secrets, succeeding on fairly sparse...

5.8AI score
Exploits0
EUVD
EUVD
added 2026/04/01 9:31 a.m.8 views

EUVD-2026-17818

A regression in the way hashes were calculated caused rules containing the address range syntax x.x.x.x - y.y.y.y that only differ in the address ranges involved to be silently dropped as duplicates. Only the first of such rules is actually loaded into pf. Ranges expressed using the...

7.5CVSS5.9AI score0.0025EPSS
Exploits0References2
Hacker One
Hacker One
added 2026/04/01 8:24 a.m.38 views

curl: Cookie attribute TAB injection regression in Set-Cookie parsing

Overview | | | |---|---| | Component | lib/cookie.c — parsecookieheader | | Type | Security regression incomplete input validation | | CWE | CWE-20 Improper Input Validation | | Severity | LOW CVSS 3.1 estimated 3.7, comparable to CVE-2022-35252 | | Affected | curl 8.18.0 through current HEAD | |...

3.7CVSS6AI score0.01839EPSS
Exploits1
NVD
NVD
added 2026/04/01 7:16 a.m.9 views

CVE-2026-4748

A regression in the way hashes were calculated caused rules containing the address range syntax x.x.x.x - y.y.y.y that only differ in the address ranges involved to be silently dropped as duplicates. Only the first of such rules is actually loaded into pf. Ranges expressed using the...

7.5CVSS0.0025EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/01 6:18 a.m.4 views

CVE-2026-4748

A regression in the way hashes were calculated caused rules containing the address range syntax x.x.x.x - y.y.y.y that only differ in the address ranges involved to be silently dropped as duplicates. Only the first of such rules is actually loaded into pf. Ranges expressed using the...

5.9AI score0.0025EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/01 6:18 a.m.7 views

CVE-2026-4748 pf silently ignores certain rules

A regression in the way hashes were calculated caused rules containing the address range syntax x.x.x.x - y.y.y.y that only differ in the address ranges involved to be silently dropped as duplicates. Only the first of such rules is actually loaded into pf. Ranges expressed using the...

5.9AI score0.0025EPSS
Exploits0References1
OSV
OSV
added 2026/03/30 6:41 p.m.7 views

GHSA-68F8-9MHJ-H2MP OpenClaw has a Gateway HTTP /v1/models Route Bypasses Operator Read Scope

Fixed in OpenClaw 2026.3.24, the current shipping release. Summary The OpenAI-compatible HTTP endpoint /v1/models accepts bearer auth but does not enforce operator method scopes. In contrast, the WebSocket RPC path enforces operator.read for models.list. A caller connected with operator.approvals...

5.3CVSS5.9AI score0.00272EPSS
Exploits0References5
CVE
CVE
added 2026/03/30 7:44 a.m.20 views

CVE-2026-25704

The CVE-2026-25704 entry concerns cosmic-greeter and describes a TOCTOU race condition that can allow a local attacker to regain privileges that should have been dropped due to incomplete privilege dropping in the GetUserData flow. Multiple connected feeds corroborate that the issue affects cosmi...

5.8CVSS5.9AI score0.00088EPSS
Exploits0References2
Hacker One
Hacker One
added 2026/03/29 4:37 p.m.18 views

curl: HTTP/2 PUSH_PROMISE header loss on OOM bypasses scheme validation (regression of 2e8c922a89)

Summary: In lib/http2.c:1490, when curlmaprintf fails due to memory pressure, the push promise header is silently dropped but the callback returns success. If the lost header is the :scheme pseudo-header, the security check at line 733 that blocks HTTPS pushes over insecure connections is skipped...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/03/28 12:0 a.m.17 views

Context-Aware Phishing Email Detection Using Machine Learning and NLP

Phishing attacks remain among the most prevalent cybersecurity threats, causing significant financial losses for individuals and organizations worldwide. This paper presents a machine learning-based phishing email detection system that analyzes email body content using natural language processing...

5.9AI score
Exploits0
Debian CVE
Debian CVE
added 2026/03/27 8:10 a.m.3 views

CVE-2026-27859

A mail message containing excessive amount of RFC 2231 MIME parameters causes LMTP to use too much CPU. A suitably formatted mail message causes mail delivery process to consume large amounts of CPU time. Use MTA capabilities to limit RFC 2231 MIME parameters in mail messages, or upgrade to fixed...

5.3CVSS5.2AI score0.00374EPSS
Exploits1
Debian CVE
Debian CVE
added 2026/03/27 8:10 a.m.5 views

CVE-2026-24031

Dovecot SQL based authentication can be bypassed when authusernamechars is cleared by admin. This vulnerability allows bypassing authentication for any user and user enumeration. Do not clear authusernamechars. If this is not possible, install latest fixed version. No publicly available exploits...

8.2CVSS5.6AI score0.00395EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/03/27 8:10 a.m.3 views

CVE-2025-59032

ManageSieve AUTHENTICATE command crashes when using literal as SASL initial response. This can be used to crash ManageSieve service repeatedly, making it unavailable for other users. Control access to ManageSieve port, or disable the service if it's not needed. Alternatively upgrade to a fixed...

7.5CVSS5.2AI score0.00703EPSS
Exploits1
UbuntuCve
UbuntuCve
added 2026/03/27 12:0 a.m.4 views

CVE-2026-24031

Dovecot SQL based authentication can be bypassed when authusernamechars is cleared by admin. This vulnerability allows bypassing authentication for any user and user enumeration. Do not clear authusernamechars. If this is not possible, install latest fixed version. No publicly available exploits...

8.2CVSS5.9AI score0.00395EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2026/03/27 12:0 a.m.5 views

Fedora: Security Advisory (FEDORA-2026-f9d2152328)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.9AI score
Exploits0References3
OSV
OSV
added 2026/03/26 9:30 p.m.10 views

GHSA-PW7H-9G6P-C378 OpenClaw: Tlon settings empty-allowlist reconciliation bypassed intended revocation

Summary Tlon settings reconciliation treated explicit empty allowlists as unset, which could silently undo an intended deny-all revocation. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked: v2026.3.23-2...

2.3CVSS5.8AI score0.00278EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/03/26 9:30 p.m.9 views

OpenClaw: Tlon settings empty-allowlist reconciliation bypassed intended revocation

Summary Tlon settings reconciliation treated explicit empty allowlists as unset, which could silently undo an intended deny-all revocation. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked: v2026.3.23-2...

6.5CVSS5.8AI score0.00278EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder