Lucene search
K

21 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:43 p.m.8 views

CVE-2026-8560

Heap buffer overflow in SwiftShader in Google Chrome on Mac and iOS prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: Medium...

4.3CVSS5.8AI score0.00251EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.6 views

PT-2026-35077

Name of the Vulnerable Software and Affected Versions BACnet Stack versions prior to 1.4.3 Description An off-by-one out-of-bounds read exists in the ReadPropertyMultiple service decoder. Unauthenticated remote attackers can read one byte past an allocated buffer boundary by sending a crafted RPM...

8.7CVSS5.5AI score0.00401EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.60 views

BACnet Stack 缓冲区错误漏洞

BACnet Stack is an open-source protocol stack for BACnet, designed to work on embedded systems, Linux, MacOS, BSD, and Windows. Versions prior to BACnet Stack 1.4.3 contained a buffer error vulnerability. This vulnerability stems from a out-of-bounds read vulnerability in the ReadPropertyMultiple...

8.7CVSS6AI score0.00415EPSS
Exploits1References2
OSV
OSV
added 2026/03/20 2:16 a.m.3 views

DEBIAN-CVE-2026-4440

Out of bounds read and write in WebGL in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS5.9AI score0.00324EPSS
Exploits0References1
OSV
OSV
added 2026/02/19 3:49 p.m.5 views

CVE-2026-25766 Echo has a Windows path traversal via backslash in middleware.Static default filesystem

Echo is a Go web framework. In versions 5.0.0 through 5.0.2 on Windows, Echo’s middleware.Static using the default filesystem allows path traversal via backslashes, enabling unauthenticated remote file read outside the static root. In middleware/static.go, the requested path is unescaped and...

5.3CVSS5.7AI score0.00329EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/02/17 6:53 p.m.10 views

Echo has a Windows path traversal via backslash in middleware.Static default filesystem

Summary On Windows, Echo’s middleware.Static using the default filesystem allows path traversal via backslashes, enabling unauthenticated remote file read outside the static root. Details In middleware/static.go, the requested path is unescaped and normalized with path.Clean URL semantics...

5.3CVSS6AI score0.00329EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2025/03/19 12:15 p.m.4 views

USN-7358-1 postgresql-9.5 vulnerabilities

Wolfgang Walther discovered that PostgreSQL incorrectly tracked tables with row security. A remote attacker could possibly use this issue to perform forbidden reads and modifications. CVE-2024-10976 Jacob Champion discovered that PostgreSQL clients used untrusted server error messages. An attacke...

8.8CVSS6.9AI score0.04422EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2023/12/20 9:45 a.m.6 views

postgresql: Memory disclosure in aggregate function calls

A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes,...

4.3CVSS7.4AI score0.02775EPSS
Exploits0References6
CNNVD
CNNVD
added 2023/08/25 12:0 a.m.5 views

Google Chrome 后置链接漏洞

Google Chrome is a web browser from Google, Inc. in the United States. A security vulnerability exists in versions prior to Google Chrome 75.0.3770.80, which stems from an improper implementation in the operating system and allows remote attackers to perform arbitrary reads or writes via a...

7.8CVSS7.7AI score0.00288EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/06/28 12:0 a.m.4 views

Google Pixel 缓冲区错误漏洞

Google Pixel is a smartphone from the American company Google Google. Google Pixel suffers from a security vulnerability that stems from incorrect boundary checking, which may result in out-of-bounds reads, which could lead to remote information leaks...

7.5CVSS7.3AI score0.00441EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 6:8 a.m.4 views

SUSE CVE-2008-1834

swfdecloadobject.c in Swfdec before 0.6.4 does not properly restrict local file access from untrusted sandboxes, which allows remote attackers to read arbitrary files via a crafted Flash file...

4.3CVSS6.6AI score0.01129EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2020/10/22 4:13 p.m.6 views

OpenJDK: Race condition in NIO Buffer boundary checks (Libraries, 8244136)

Vulnerability in the Java SE product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 11.0.8 and 15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of th...

5.3CVSS7.3AI score0.03122EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/06/04 1:11 p.m.7 views

undertow: AJP File Read/Inclusion Vulnerability

A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances...

9.8CVSS7.2AI score0.04837EPSS
Exploits0References7
CNVD
CNVD
added 2020/04/29 12:0 a.m.5 views

ONKYO Onkyo TX-NR585 Information Disclosure Vulnerability

The ONKYO Onkyo TX-NR585 is a home audio/video receiver from ONKYO Japan. A security vulnerability exists in the ONKYO Onkyo TX-NR585 using firmware version 1000-0000-000-0008-0000. The vulnerability can be exploited by a remote attacker to read sensitive files with the help of the...

7.5CVSS9.1AI score0.11822EPSS
Exploits1
OSV
OSV
added 2018/06/07 9:29 p.m.3 views

CVE-2018-0329

A vulnerability in the default configuration of the Simple Network Management Protocol SNMP feature of Cisco Wide Area Application Services WAAS Software could allow an unauthenticated, remote attacker to read data from an affected device via SNMP. The vulnerability is due to a hard-coded,...

5.3CVSS5.9AI score0.02396EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2017/01/20 11:4 a.m.5 views

OpenJDK: integer overflow in SocketOutputStream boundary check (Networking, 8164147)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Networking. Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...

4.3CVSS7.4AI score0.02499EPSS
Exploits0References4
CNVD
CNVD
added 2016/02/02 12:0 a.m.4 views

NEC EXPRESSCLUSTER X-1 on Linux Solaris Directory Traversal Vulnerability

NEC EXPRESSCLUSTER X on Windows, Linux, and Solaris is a suite of clustering software dual hot standby software from Nippon Electric Company NEC for Windows, Linux, and Solaris platforms. The software provides features such as shared disk arrays, automatic error detection and notification, and...

7.8CVSS6.9AI score0.03821EPSS
Exploits0References1
CNVD
CNVD
added 2015/10/08 12:0 a.m.5 views

Multiple IBM Products Information Disclosure Vulnerabilities (CNVD-2015-06512)

IBM Maximo Asset Management is a suite of IT asset management solutions from IBM USA. An information disclosure vulnerability exists in multiple IBM products, allowing an authenticated remote user to obtain sensitive information by reading backed up or debugged application files...

4CVSS6.1AI score0.00966EPSS
Exploits0References1
CNVD
CNVD
added 2015/01/08 12:0 a.m.3 views

SysAid On-Premise Absolute Path Traversal Vulnerability

SysAid On-Premise is a data delivery software that supports on-premise storage of enterprise data in a suite of Web-based IT service management solutions from the U.S. company SysAid. An absolute path traversal vulnerability exists in SysAid On-Premise versions prior to 14.4.2 that allows remote...

5CVSS6.8AI score0.069EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2009/06/22 2:30 p.m.2 views

CVE-2009-2151

Directory traversal vulnerability in index.php in AdaptWeb 0.9.2 allows remote attackers to read arbitrary files via a .. dot dot in the newlang parameter...

5CVSS5.8AI score0.02712EPSS
Exploits0References2
Rows per page
Query Builder