Lucene search
K

175 matches found

Tenable Nessus
Tenable Nessus
added 2026/07/03 12:0 a.m.11 views

RARLAB WinRAR < 7.23 Heap-Based Buffer Overflow (CVE-2026-14191)

The version of RARLAB WinRAR installed on the remote Windows host is prior to 7.23. It is, therefore, affected by a heap-based buffer overflow vulnerability: - An out-of-bounds heap write exists in the RAR5 recovery-volume .rev parser. The RecItems vector is sized only when the first .rev file in...

7.8CVSS7.5AI score0.00306EPSS
Exploits1References2
OSV
OSV
added 2026/07/01 4:16 p.m.5 views

UBUNTU-CVE-2026-58033

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Actions/InfoAction.Php. This issue affects MediaWiki: from before 1.46.0, 1.45.4, 1.44.6, 1.43.9...

6.5CVSS6.1AI score0.00413EPSS
Exploits0References5
NVD
NVD
added 2026/07/01 4:16 a.m.10 views

CVE-2026-14191

An out-of-bounds heap write exists in the RAR5 recovery-volume .rev parser in WinRAR and UnRAR RecVolumes5::ReadHeader in recvol5.cpp. The RecItems vector is sized only when the first .rev file in a set is processed; subsequent .rev files supply an independent RecNum value that is validated again...

7.8CVSS0.00306EPSS
Exploits1References3
OSV
OSV
added 2026/07/01 4:16 a.m.3 views

UBUNTU-CVE-2026-14191

An out-of-bounds heap write exists in the RAR5 recovery-volume .rev parser in WinRAR and UnRAR RecVolumes5::ReadHeader in recvol5.cpp. The RecItems vector is sized only when the first .rev file in a set is processed; subsequent .rev files supply an independent RecNum value that is validated again...

7.8CVSS7.4AI score0.1308EPSS
Exploits2References4
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.16 views

PT-2026-54451

Name of the Vulnerable Software and Affected Versions WinRAR versions prior to 7.23 UnRAR versions prior to 7.23 Description An out-of-bounds heap write exists in the RAR5 recovery-volume .rev parser within the RecVolumes5::ReadHeader function in recvol5.cpp. The issue occurs because the RecItems...

7.8CVSS7AI score0.00306EPSS
Exploits1References13
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 8:21 p.m.16 views

Malicious code in ipy-rev-proxy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 591a0d253aee02115544f9bcac7609e62d8c18a9ac60cc4967d7d6e8c7f7d555 On npm install, index.js runs as a preinstall hook and POSTs hostname, username, platform, architecture, cwd, CI flags, and npm user-agent to...

5.6AI score
Exploits0References1
OSV
OSV
added 2026/06/09 8:21 p.m.10 views

MAL-2026-5475 Malicious code in ipy-rev-proxy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 591a0d253aee02115544f9bcac7609e62d8c18a9ac60cc4967d7d6e8c7f7d555 On npm install, index.js runs as a preinstall hook and POSTs hostname, username, platform, architecture, cwd, CI flags, and npm user-agent to...

5.6AI score
Exploits0References1
CNNVD
CNNVD
added 2026/06/06 12:0 a.m.10 views

Clash Verge Rev 安全漏洞

Clash Verge Rev is an open-source proxy tool developed by Clash Verge Rev. Versions prior to Clash Verge Rev 2.3.0 contained security vulnerabilities; these vulnerabilities stemmed from the existence of globally accessible IPC endpoints, which could lead to local privilege escalation...

8.4CVSS5.3AI score0.00164EPSS
Exploits0References4
CloudLinux
CloudLinux
added 2026/05/16 3:42 p.m.15 views

subversion: Fix of CVE-2018-11782

CVE-2018-11782: fix svnserve DoS via well-formed read-only get-deleted-rev request...

6.5CVSS6.7AI score0.02422EPSS
Exploits0
EUVD
EUVD
added 2026/03/13 9:31 p.m.7 views

EUVD-2025-208635

Missing authentication for critical function vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1...

8.3CVSS5.8AI score0.00285EPSS
Exploits0References2
NVD
NVD
added 2026/03/13 7:53 p.m.7 views

CVE-2025-13779

Missing authentication for critical function vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1...

8.3CVSS0.00285EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/13 1:11 p.m.4 views

CVE-2025-13779 Configuration Data Spill

Missing authentication for critical function vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1...

8.3CVSS5.8AI score0.00285EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/13 12:0 a.m.7 views

PT-2026-25311

🟠 CVE-2025-13777 - High Authentication bypass by capture-replay vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1. https://t.co/k9L0CuzZX4 https://t.co/FbKYQV3svl...

8.3CVSS5.8AI score0.00228EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/02/08 1:21 a.m.6 views

CVE-2026-25763

OpenProject is an open-source, web-based project management software. Prior to versions 16.6.7 and 17.0.3, an arbitrary file write vulnerability exists in OpenProject’s repository changes endpoint /projects/:projectid/repository/changes when rendering the “latest changes” view via git log. By...

9.9CVSS5.6AI score0.00461EPSS
Exploits0References1
NVD
NVD
added 2026/02/06 10:16 p.m.8 views

CVE-2026-25763

OpenProject is an open-source, web-based project management software. Prior to versions 16.6.7 and 17.0.3, an arbitrary file write vulnerability exists in OpenProject’s repository changes endpoint /projects/:projectid/repository/changes when rendering the “latest changes” view via git log. By...

9.9CVSS0.00461EPSS
Exploits0References3
EUVD
EUVD
added 2026/02/06 10:10 p.m.5 views

EUVD-2026-5556

OpenProject is an open-source, web-based project management software. Prior to versions 16.6.7 and 17.0.3, an arbitrary file write vulnerability exists in OpenProject’s repository changes endpoint /projects/:projectid/repository/changes when rendering the “latest changes” view via git log. By...

9.4CVSS5.6AI score0.00461EPSS
Exploits0References3
CVE
CVE
added 2026/02/06 10:10 p.m.27 views

CVE-2026-25763

OpenProject suffers a command-injection like arbitrary file write in the repository changes endpoint (/projects/:project_id/repository/changes) when rendering the latest changes via git log. A crafted rev parameter (for example rev=--output=/tmp/poc.txt) is interpreted by Git as an option, causin...

9.9CVSS5.6AI score0.00461EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.7 views

PT-2026-6805

Name of the Vulnerable Software and Affected Versions OpenProject versions prior to 16.6.7 OpenProject versions prior to 17.0.3 Description OpenProject is a web-based project management software. A flaw exists in the repository changes endpoint '/projects/:project id/repository/changes' when...

9.9CVSS6.6AI score0.00461EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2026/01/29 9:20 p.m.6 views

CVE-2026-24685

OpenProject is an open-source, web-based project management software. Versions prior to 16.6.6 and 17.0.2 have an arbitrary file write vulnerability in OpenProject’s repository diff download endpoint /projects/:projectid/repository/diff.diff when rendering a single revision via git show. By...

9.4CVSS5.8AI score0.00318EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/28 4:47 p.m.27 views

CVE-2026-24685 OpenProject has Argument Injection on Repository module that allows Arbitrary File Write

OpenProject is an open-source, web-based project management software. Versions prior to 16.6.6 and 17.0.2 have an arbitrary file write vulnerability in OpenProject’s repository diff download endpoint /projects/:projectid/repository/diff.diff when rendering a single revision via git show. By...

9.4CVSS0.00318EPSS
Exploits0References1
Rows per page
Query Builder