Lucene search
+L

3104 matches found

NVD
NVD
added 7 hours ago6 views

CVE-2025-71395

SurrealDB versions before 2.2.2 contain a memory exhaustion vulnerability in the string::replace function that fails to restrict resulting string length when using regex patterns. An authenticated attacker can craft a malicious query to exhaust server memory through unbounded string allocations,...

7.1CVSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 8 hours ago4 views

CVE-2025-71395

SurrealDB versions before 2.2.2 contain a memory exhaustion vulnerability in the string::replace function that fails to restrict resulting string length when using regex patterns. An authenticated attacker can craft a malicious query to exhaust server memory through unbounded string allocations,...

7.1CVSS5.3AI score
Exploits0References3
Nuclei
Nuclei
added 13 hours ago18 views

Liferay Portal - Open Redirect

HtmlUtil.escapeRedirect in Liferay Portal 7.2.0 through 7.4.3.18, and older unsupported versions, and Liferay DXP 7.4 before update 19, 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions can be circumvented by using the 'REPLACEMENT CHARACTER' U+FFFD, which allows remote...

6.1CVSS6.4AI score0.0096EPSS
Exploits0References4
EUVD
EUVD
added yesterday7 views

EUVD-2025-210480

The HCL DFMPro, DFXAnalytics and DFXServer installers are affected by ‘Insecure file permissions Leading to Privilege Escalation’ vulnerability, which enables any logged-in non-administrative user to overwrite or replace the executable file with a malicious binary...

3.3CVSS5.4AI score
Exploits0References1
Oracle linux
Oracle linux
added 2 days ago6 views

httpd security, bug fix, and enhancement update

2.4.63-13.0.1.el102.4 - Replace index.html with Oracle's index page oracleindex.html. 2.4.63-13.4 - Resolves: RHEL-186221 - httpd: Apache HTTP Server: Heap-based Buffer Overflow via malicious backend servers CVE-2026-34356 - Resolves: RHEL-186195 - httpd: Apache HTTP Server: Heap-based Buffer...

9.8CVSS6.3AI score0.00937EPSS
Exploits0
NVD
NVD
added 3 days ago6 views

CVE-2026-50148

Metabase is an open-source business intelligence and embedded analytics tool. From 1.54.0 until 1.54.24, 1.55.24, 1.56.25, 1.57.19, 1.58.14, 1.59.10, and 1.60.4, a Metabase user with permission to add or edit a database connection can achieve remote code execution on the Metabase server by...

10CVSS0.00442EPSS
Exploits0References1
NVD
NVD
added 4 days ago10 views

CVE-2026-50130

Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. From 6.0 to 6.4.2, a user with code execution as the unprivileged pihole user can escalate to root by replacing /etc/pihole/logrotate. The replacement is laundered to root:root...

8.8CVSS0.00225EPSS
Exploits0References3
CVE
CVE
added 4 days ago14 views

CVE-2026-50130

CVE-2026-50130 : Pi-hole on versions 6.0–6.4.2 is vulnerable to local privilege escalation from the unprivileged pihole user to root via replacement of /etc/pihole/logrotate. The attack works because the replacement is laundered to root:root by pihole-FTL-prestart.sh and then parsed as root by th...

8.8CVSS6.4AI score0.00225EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 5 days ago6 views

kernel: ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr

In the Linux kernel, the following vulnerability has been resolved: ima: don't clear IMADIGSIG flag when setting or removing non-IMA xattr Currently when both IMA and EVM are in fix mode, the IMA signature will be reset to IMA hash if a program first stores IMA signature in security.ima and then...

6AI score0.00174EPSS
Exploits0References5
EUVD
EUVD
added 5 days ago5 views

EUVD-2026-43283

The Breeze Cache WordPress plugin before 2.5.6 is vulnerable to unauthenticated Stored Cross-Site Scripting XSS due to a predictable replacement hash used during the HTML minification process and abusing a regular expression. This allows an attacker to inject arbitrary HTML attributes in the fina...

6.1CVSS6.2AI score0.00149EPSS
Exploits0References2
NVD
NVD
added 5 days ago5 views

CVE-2026-10551

The Breeze Cache WordPress plugin before 2.5.6 is vulnerable to unauthenticated Stored Cross-Site Scripting XSS due to a predictable replacement hash used during the HTML minification process and abusing a regular expression. This allows an attacker to inject arbitrary HTML attributes in the fina...

6.1CVSS0.00149EPSS
Exploits0References1
CVE
CVE
added 5 days ago9 views

CVE-2026-10551

The Breeze Cache WordPress plugin (before version 2.5.6) is vulnerable to unauthenticated Stored XSS due to a predictable replacement hash in the HTML minification process and a related regex misusage. An attacker can inject arbitrary HTML attributes into the final HTML by predicting the placehol...

6.1CVSS6.2AI score0.00149EPSS
Exploits0References1
Fedora
Fedora
added 6 days ago7 views

[SECURITY] Fedora 44 Update: python-idna-3.18-1.fc44

A library to support the Internationalised Domain Names in Applications IDNA protocol as specified in RFC 5891 . This version of the protocol is often referred to as "IDNA2008" and can produce different results from the earlier standard from 2003. The library is also intended to act as a suitable...

6.9CVSS6.5AI score0.00408EPSS
Exploits0
Fedora
Fedora
added 6 days ago9 views

[SECURITY] Fedora 44 Update: perl-Crypt-DSA-1.22-1.fc44

Crypt::DSA is an implementation of the DSA Digital Signature Algorithm signature verification system. This package provides DSA signing, signature verification, and key generation. DSA Digital Signature Algorithm signatures are no longer considered to be adequate for security. This module should...

7.5CVSS6.1AI score0.00508EPSS
Exploits0
Fedora
Fedora
added 2026/07/10 1:6 a.m.10 views

[SECURITY] Fedora 43 Update: python-pendulum-3.2.0-1.fc43

Unlike other datetime libraries for Python, Pendulum is a drop-in replacement for the standard datetime class it inherits from it, so, basically, you can replace all your datetime instances by DateTime instances in you code. It also removes the notion of naive datetimes: each Pendulum instance is...

5.9AI score
Exploits0
Fedora
Fedora
added 2026/07/09 12:57 a.m.18 views

[SECURITY] Fedora 44 Update: python-pendulum-3.2.0-1.fc44

Unlike other datetime libraries for Python, Pendulum is a drop-in replacement for the standard datetime class it inherits from it, so, basically, you can replace all your datetime instances by DateTime instances in you code. It also removes the notion of naive datetimes: each Pendulum instance is...

5.9AI score
Exploits0
OSV
OSV
added 2026/07/08 1:23 p.m.5 views

CVE-2026-54061 Dgraph Alpha group stores can be replaced via unauthenticated external snapshot import

Dgraph is an open source distributed GraphQL database. Prior to version 25.3.5, Dgraph Alpha exposes the RPCs used for external snapshot import on the public gRPC port :9080 without authentication or authorization. As a result, an unauthenticated network client can open StreamExtSnapshot and send...

9.1CVSS6.1AI score0.00388EPSS
Exploits0References4
OSV
OSV
added 2026/07/05 2:17 a.m.6 views

DEBIAN-CVE-2026-14570

Crypt::DSA versions before 1.22 for Perl draw the DSA signing nonce and private key from a biased random generator, leading to private-key recovery. "Crypt::DSA::Util::makerandom forces the high bit of every value it returns to obtain an exactly N-bit integer for prime search. The signing nonce a...

7.5CVSS5.9AI score0.00508EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/07/05 1:30 a.m.8 views

CVE-2026-14570

Crypt::DSA versions before 1.22 for Perl draw the DSA signing nonce and private key from a biased random generator, leading to private-key recovery. "Crypt::DSA::Util::makerandom forces the high bit of every value it returns to obtain an exactly N-bit integer for prime search. The signing nonce a...

7.5CVSS5.9AI score0.00508EPSS
Exploits0
EUVD
EUVD
added 2026/07/05 1:30 a.m.13 views

EUVD-2026-41713

Crypt::DSA versions before 1.22 for Perl draw the DSA signing nonce and private key from a biased random generator, leading to private-key recovery. "Crypt::DSA::Util::makerandom forces the high bit of every value it returns to obtain an exactly N-bit integer for prime search. The signing nonce a...

5.9AI score0.00508EPSS
Exploits0References3
Rows per page
Query Builder