Lucene search
K

2076 matches found

OSV
OSV
added 2026/04/14 11:38 p.m.5 views

GHSA-66HX-CHF7-3332 pyLoad has Stale Session Privilege After Role/Permission Change (Privilege Revocation Bypass)

Summary pyLoad caches role and permission in the session at login and continues to authorize requests using these cached values, even after an admin changes the user's role/permissions in the database. As a result, an already logged-in user can keep old revoked privileges until logout/session...

8.8CVSS5.8AI score0.00325EPSS
Exploits1References4
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/14 3:22 p.m.8 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to Improper Input Validation in Apache Tomcat [CVE-2026-24734]

Summary IBM Watson Speech Services Cartridge is vulnerable to Improper Input Validation in Apache Tomcat, due to a failure to complete verification or freshness checks on the OCSP response which could allow certificate revocation to be bypassed CVE-2026-24734. Apache Tomcat is used in our speech...

7.5CVSS5.7AI score0.00498EPSS
Exploits0Affected Software1
HackRead
HackRead
added 2026/04/13 8:11 p.m.3 views

OpenAI Rotates macOS Certificates Following Axios Supply Chain Breach

OpenAI rotates macOS certificates after downloading a compromised Axios version, urging users to update apps before revoked certificates are blocked in May 2026...

5.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/04/11 12:0 a.m.7 views

SUSE SLES12: libopenssl-1_1-devel / libopenssl-1_1-devel-32bit / libopenssl1_1 / etc (SUSE-SU-2026:1255-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1255-1 advisory. - CVE-2026-28387: Potential use-after-free in DANE client code bsc1260441. - CVE-2026-28388: NULL Pointer Dereference When Processing a Delta C...

9.8CVSS7.5AI score0.00885EPSS
Exploits0References13
OSV
OSV
added 2026/04/10 5:11 p.m.4 views

MGASA-2026-0091 Updated openssl packages fix security vulnerabilities

Incorrect Failure Handling in RSA KEM RSASVE Encapsulation. CVE-2026-31790 Potential Use-after-free in DANE Client Code. CVE-2026-28387 NULL Pointer Dereference When Processing a Delta CRL. CVE-2026-28388 Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfo. CVE-2026-28389 Possible...

9.8CVSS5.8AI score0.00981EPSS
Exploits0References3
OSV
OSV
added 2026/04/10 3:31 p.m.3 views

GHSA-96Q5-XM3P-7M84 Vikunja: Link Share JWT tokens remain valid for 72 hours after share deletion or permission downgrade

Title Link Share JWT tokens remain valid for 72 hours after share deletion or permission downgrade Description Vikunja's link share authentication constructs authorization objects entirely from JWT claims without any server-side database validation. When a project owner deletes a link share or...

6.5CVSS5.8AI score0.00268EPSS
Exploits1References6
OSV
OSV
added 2026/04/10 2:57 p.m.4 views

SUSE-SU-2026:1256-1 Security update for openssl-1_0_0

This update for openssl-100 fixes the following issues: - CVE-2026-28387: Potential use-after-free in DANE client code bsc1260441. - CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL bsc1260442. - CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientIn...

9.8CVSS6.1AI score0.00981EPSS
Exploits0References11
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.7 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.22 contained security vulnerabilities. These vulnerabilities stemmed from defects in the setting coordination process, which treated explicitly empty permission lists as not set...

6.5CVSS5.8AI score0.00278EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.5 views

PT-2026-31945

Name of the Vulnerable Software and Affected Versions Vikunja versions prior to 2.3.0 Description Vikunja's link share authentication constructs authorization objects entirely from JWT claims without server-side database validation. When a project owner deletes a link share or downgrades its...

6.5CVSS5.7AI score0.00268EPSS
Exploits1References10
Ubuntu
Ubuntu
added 2026/04/09 5:35 p.m.13 views

USN-8155-2: OpenSSL vulnerabilities

USN-8155-1 fixed vulnerabilities in OpenSSL. This update provides the corresponding updates for CVE-2026-28387 for openssl in Ubuntu 20.04 LTS. CVE-2026-28388 for openssl and openssl1.0 in Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS, and CVE-2026-28389 and...

8.1CVSS6AI score0.00981EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/04/09 8:2 a.m.5 views

NULL Pointer Dereference When Processing a Delta CRL

...

7.5CVSS5.8AI score0.00885EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/04/08 11:25 p.m.8 views

SUSE CVE-2026-32144

Improper Certificate Validation vulnerability in Erlang OTP publickey pubkeyocsp module allows OCSP designated-responder authorization bypass via missing signature verification. The OCSP response validation in publickey:pkixocspvalidate/5 does not verify that a CA-designated responder certificate...

8.1CVSS5.8AI score0.002EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/08 12:30 a.m.5 views

EUVD-2026-19962

Issue summary: When a delta CRL that contains a Delta CRL Indicator extension is processed a NULL pointer dereference might happen if the required CRL Number extension is missing. Impact summary: A NULL pointer dereference can trigger a crash which leads to a Denial of Service for an application...

6.3AI score0.00885EPSS
Exploits0References7
EUVD
EUVD
added 2026/04/08 12:4 a.m.3 views

EUVD-2026-19776

File Browser share links remain accessible after Share/Download permissions are revoked...

8.2CVSS5.9AI score0.00332EPSS
Exploits1References3
Snyk
Snyk
added 2026/04/08 12:4 a.m.7 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to the withHashFile handler not re-checking the share owner's current permissions. An attacker can access previously created share links and download files without authentication by using a valid but outdated...

8.2CVSS5.8AI score0.00332EPSS
Exploits1References2
OSV
OSV
added 2026/04/07 10:16 p.m.3 views

ALPINE-CVE-2026-28388

Issue summary: When a delta CRL that contains a Delta CRL Indicator extension is processed a NULL pointer dereference might happen if the required CRL Number extension is missing. Impact summary: A NULL pointer dereference can trigger a crash which leads to a Denial of Service for an application...

7.5CVSS6.2AI score0.00885EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/07 10:0 p.m.30 views

CVE-2026-28388 NULL Pointer Dereference When Processing a Delta CRL

Issue summary: When a delta CRL that contains a Delta CRL Indicator extension is processed a NULL pointer dereference might happen if the required CRL Number extension is missing. Impact summary: A NULL pointer dereference can trigger a crash which leads to a Denial of Service for an application...

0.00885EPSS
Exploits0References6
CVE
CVE
added 2026/04/07 10:0 p.m.37 views

CVE-2026-28388

CVE-2026-28388 describes a NULL pointer dereference in OpenSSL delta-CRL processing when the CRL Number extension is missing. Exploitation requires enabling X509_V_FLAG_USE_DELTAS and the presence of a freshestCRL or EXFLAG_FRESHEST; processing a malformed delta CRL can crash an application, caus...

7.5CVSS6.3AI score0.00885EPSS
Exploits0References8Affected Software1
AlpineLinux
AlpineLinux
added 2026/04/07 10:0 p.m.8 views

CVE-2026-28388

Issue summary: When a delta CRL that contains a Delta CRL Indicator extension is processed a NULL pointer dereference might happen if the required CRL Number extension is missing. Impact summary: A NULL pointer dereference can trigger a crash which leads to a Denial of Service for an application...

7.5CVSS6.3AI score0.00885EPSS
Exploits0
NVD
NVD
added 2026/04/07 5:16 p.m.2 views

CVE-2026-35604

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.1, when an admin revokes a user's Share and Download permissions, existing share links created by that user remain fully accessible to...

8.2CVSS0.00332EPSS
Exploits1References2
Rows per page
Query Builder